Re: integrating T5 a login form with Spring Security?
Then I would guess that the programmatic authentication is your best option. It isn't really that hard and you can build as many safeguards as you want. But yes, it is annoying, that it isn't already built into spring security as a possibility. It is really more than a bit geared towards servlets and spring mvc. 2009/3/28 Borut Bolčina > Hi, > > the problem with this code is that you are using > response.sendRedirect. This is not acceptable as this causes the > username and password to be in plain text in the log files of the > Tomcat (and Apache). And of course it must be on the HTTPS. > > The server-side redirect is the only way, as response.sendRedirect can > not be done with POST, only GET. > > I am beginning to regret my decision to use spring security...but it > is too late in the project. > > Any other ideas? Anyone? > > -Borut > > > > 2009/3/28 Otho : > > My old solution which worked fine with the little glitch I described in > my > > last post. The problem might be in the session.invalidate(); > > > >@Inject > >private Request request; > > > >@Inject > >private Response response; > > > >@Property > >private String username; > > > >@Property > >private String password; > > > >@Component(id = "loginForm") > >private Form loginForm; > > > > Object onValidate. > > > > void onSuccessFromLoginForm() throws IOException > >{ > >request.getSession(false).invalidate(); > > > >StringBuffer path = new StringBuffer(request.getContextPath()) > >.append(Constants.J_SPRING_SECURITY_CHECK) > >.append("?") > >.append(Constants.J_USERNAME).append("=").append(username) > >.append("&") > > > .append(Constants.J_PASSWORD).append("=").append(password); > >response.sendRedirect(path.toString()); > >} > > > > public class Constants > > { > >public static final String J_USERNAME = "j_username"; > > > >public static final String J_PASSWORD = "j_password"; > > > >public static final String J_SPRING_SECURITY_CHECK = > > "/j_spring_security_check"; > > > >public static final String J_SPRING_SECURITY_LOGOUT = > > "/j_spring_security_logout"; > > } > > > > 2009/3/27 Borut Bolčina > > > >> I am using tapestry-spring-security. It works ok, but I am trying to > >> spice up the login form with captcha if user has failed to login 5 > >> times (like google account). > >> > >> The form uses action="${loginCheckUrl}" method="POST" and is a regular > >> html form (not t:form). But I need it to be t:form to put some > >> validation logic into onValidate method and later on in onSuccess > >> method a forward to /j_spring_security_check. > >> > >> But forwarding with > >> requestDispatcher.forward(requestGlobals.getHTTPServletRequest(), > >> requestGlobals.getHTTPServletResponse()); > >> > >> causes an exception. > >> > >> There must be a solution?! > >> > >> -Borut > >> > >> > >> 2009/3/27 Peter Lundberg : > >> > Jean Luc... > >> > > >> > Did you have a look at tapestry-spring-security? The repositry is at > >> > > >> > http://www.localhost.nu/java/mvn/nu/localhost/tapestry/tapestry-spring-secur > >> > ity/ but the project site seams to be down. It is rough on the edges, > but > >> > works well and is not to hard to understand the code. > >> > > >> > It would be great if this got into more mainstream somewhere so it is > >> easy > >> > to add robust authorization to the applications we build almost all > >> have > >> > it and will sooner or later need the things that spring-security > provide. > >> > > >> > Appfuse also has an integration you could look at if you have not done > so > >> > already. http://code.google.com/p/tapestry5-appfuse/ > >> > > >> > Excuse me if this was covered already in the thread. > >> > > >> > Br > >> > Peter > >> > > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > >> For additional commands, e-mail: users-h...@tapestry.apache.org > >> > >> > > > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >
Re: integrating T5 a login form with Spring Security?
Hi, the problem with this code is that you are using response.sendRedirect. This is not acceptable as this causes the username and password to be in plain text in the log files of the Tomcat (and Apache). And of course it must be on the HTTPS. The server-side redirect is the only way, as response.sendRedirect can not be done with POST, only GET. I am beginning to regret my decision to use spring security...but it is too late in the project. Any other ideas? Anyone? -Borut 2009/3/28 Otho : > My old solution which worked fine with the little glitch I described in my > last post. The problem might be in the session.invalidate(); > > �...@inject > private Request request; > > �...@inject > private Response response; > > �...@property > private String username; > > �...@property > private String password; > > �...@component(id = "loginForm") > private Form loginForm; > > Object onValidate. > > void onSuccessFromLoginForm() throws IOException > { > request.getSession(false).invalidate(); > > StringBuffer path = new StringBuffer(request.getContextPath()) > .append(Constants.J_SPRING_SECURITY_CHECK) > .append("?") > .append(Constants.J_USERNAME).append("=").append(username) > .append("&") > .append(Constants.J_PASSWORD).append("=").append(password); > response.sendRedirect(path.toString()); > } > > public class Constants > { > public static final String J_USERNAME = "j_username"; > > public static final String J_PASSWORD = "j_password"; > > public static final String J_SPRING_SECURITY_CHECK = > "/j_spring_security_check"; > > public static final String J_SPRING_SECURITY_LOGOUT = > "/j_spring_security_logout"; > } > > 2009/3/27 Borut Bolčina > >> I am using tapestry-spring-security. It works ok, but I am trying to >> spice up the login form with captcha if user has failed to login 5 >> times (like google account). >> >> The form uses action="${loginCheckUrl}" method="POST" and is a regular >> html form (not t:form). But I need it to be t:form to put some >> validation logic into onValidate method and later on in onSuccess >> method a forward to /j_spring_security_check. >> >> But forwarding with >> requestDispatcher.forward(requestGlobals.getHTTPServletRequest(), >> requestGlobals.getHTTPServletResponse()); >> >> causes an exception. >> >> There must be a solution?! >> >> -Borut >> >> >> 2009/3/27 Peter Lundberg : >> > Jean Luc... >> > >> > Did you have a look at tapestry-spring-security? The repositry is at >> > >> http://www.localhost.nu/java/mvn/nu/localhost/tapestry/tapestry-spring-secur >> > ity/ but the project site seams to be down. It is rough on the edges, but >> > works well and is not to hard to understand the code. >> > >> > It would be great if this got into more mainstream somewhere so it is >> easy >> > to add robust authorization to the applications we build almost all >> have >> > it and will sooner or later need the things that spring-security provide. >> > >> > Appfuse also has an integration you could look at if you have not done so >> > already. http://code.google.com/p/tapestry5-appfuse/ >> > >> > Excuse me if this was covered already in the thread. >> > >> > Br >> > Peter >> > >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: integrating T5 a login form with Spring Security?
My old solution which worked fine with the little glitch I described in my last post. The problem might be in the session.invalidate(); @Inject private Request request; @Inject private Response response; @Property private String username; @Property private String password; @Component(id = "loginForm") private Form loginForm; Object onValidate. void onSuccessFromLoginForm() throws IOException { request.getSession(false).invalidate(); StringBuffer path = new StringBuffer(request.getContextPath()) .append(Constants.J_SPRING_SECURITY_CHECK) .append("?") .append(Constants.J_USERNAME).append("=").append(username) .append("&") .append(Constants.J_PASSWORD).append("=").append(password); response.sendRedirect(path.toString()); } public class Constants { public static final String J_USERNAME = "j_username"; public static final String J_PASSWORD = "j_password"; public static final String J_SPRING_SECURITY_CHECK = "/j_spring_security_check"; public static final String J_SPRING_SECURITY_LOGOUT = "/j_spring_security_logout"; } 2009/3/27 Borut Bolčina > I am using tapestry-spring-security. It works ok, but I am trying to > spice up the login form with captcha if user has failed to login 5 > times (like google account). > > The form uses action="${loginCheckUrl}" method="POST" and is a regular > html form (not t:form). But I need it to be t:form to put some > validation logic into onValidate method and later on in onSuccess > method a forward to /j_spring_security_check. > > But forwarding with > requestDispatcher.forward(requestGlobals.getHTTPServletRequest(), > requestGlobals.getHTTPServletResponse()); > > causes an exception. > > There must be a solution?! > > -Borut > > > 2009/3/27 Peter Lundberg : > > Jean Luc... > > > > Did you have a look at tapestry-spring-security? The repositry is at > > > http://www.localhost.nu/java/mvn/nu/localhost/tapestry/tapestry-spring-secur > > ity/ but the project site seams to be down. It is rough on the edges, but > > works well and is not to hard to understand the code. > > > > It would be great if this got into more mainstream somewhere so it is > easy > > to add robust authorization to the applications we build almost all > have > > it and will sooner or later need the things that spring-security provide. > > > > Appfuse also has an integration you could look at if you have not done so > > already. http://code.google.com/p/tapestry5-appfuse/ > > > > Excuse me if this was covered already in the thread. > > > > Br > > Peter > > > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >
Re: integrating T5 a login form with Spring Security?
I am using tapestry-spring-security. It works ok, but I am trying to spice up the login form with captcha if user has failed to login 5 times (like google account). The form uses action="${loginCheckUrl}" method="POST" and is a regular html form (not t:form). But I need it to be t:form to put some validation logic into onValidate method and later on in onSuccess method a forward to /j_spring_security_check. But forwarding with requestDispatcher.forward(requestGlobals.getHTTPServletRequest(), requestGlobals.getHTTPServletResponse()); causes an exception. There must be a solution?! -Borut 2009/3/27 Peter Lundberg : > Jean Luc... > > Did you have a look at tapestry-spring-security? The repositry is at > http://www.localhost.nu/java/mvn/nu/localhost/tapestry/tapestry-spring-secur > ity/ but the project site seams to be down. It is rough on the edges, but > works well and is not to hard to understand the code. > > It would be great if this got into more mainstream somewhere so it is easy > to add robust authorization to the applications we build almost all have > it and will sooner or later need the things that spring-security provide. > > Appfuse also has an integration you could look at if you have not done so > already. http://code.google.com/p/tapestry5-appfuse/ > > Excuse me if this was covered already in the thread. > > Br > Peter > - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: integrating T5 a login form with Spring Security?
Jean Luc... Did you have a look at tapestry-spring-security? The repositry is at http://www.localhost.nu/java/mvn/nu/localhost/tapestry/tapestry-spring-secur ity/ but the project site seams to be down. It is rough on the edges, but works well and is not to hard to understand the code. It would be great if this got into more mainstream somewhere so it is easy to add robust authorization to the applications we build almost all have it and will sooner or later need the things that spring-security provide. Appfuse also has an integration you could look at if you have not done so already. http://code.google.com/p/tapestry5-appfuse/ Excuse me if this was covered already in the thread. Br Peter
Re: integrating T5 a login form with Spring Security?
I used the form login but had tha problem that the redirect done by spring security didn't make all components on the page refresh, so that a logged in user still had the login link in the page header instead of the logout link until he refreshed the page or chose another link. I found it easier in the end to copy parts of the BasicAuthenticationProcessingFilter and login programmatically. The only gotcha is that you need to copy the SecureContext (SecurityContextHolder.getContext()) to the http session after successful authentication, so the HttpSessionContextIntegrationFilter takes it up on the next request, too. 2009/3/27 Borut Bolčina > Hi, > > how did you do it? I am getting ComponentEventException when using > >void onSuccess() { >Request request = requestGlobals.getRequest(); >String url = request.getContextPath() + checkUrl + > "?j_username=" + username + "&j_password=" + password; >logger.info("onSuccess() url="+url); >RequestDispatcher requestDispatcher = > requestGlobals.getHTTPServletRequest().getRequestDispatcher(url); > >try { >logger.info("onSuccess() : before forward"); > > requestDispatcher.forward(requestGlobals.getHTTPServletRequest(), > requestGlobals.getHTTPServletResponse()); >logger.info("onSuccess() : after forward"); >} catch (ServletException e) { >logger.error("ServletException : " + e.getMessage()); >} catch (IOException e) { >logger.error("IOException : " + e.getMessage()); >} > >} > > What is the T5 way of forwarding to, in this case: > INFO [27 mar 2009 09:36:48.549] [Login] onSuccess() > url=/j_spring_security_check?j_username=sdfa&j_password=sdfasd > > Thanks, Borut > > > The stack trace: > > INFO [27 mar 2009 09:36:49.049] [Login] onSuccess() : after forward > ERROR [27 mar 2009 09:36:49.064] [DefaultRequestExceptionHandler] > Processing of request failed with uncaught exception: > org.apache.tapestry5.runtime.ComponentEventException > org.apache.tapestry5.runtime.ComponentEventException [at > classpath:si/najdi/identity/server/pages/Login.tml, line 11, column > 45] >at > org.apache.tapestry5.internal.structure.ComponentPageElementImpl.triggerContextEvent(ComponentPageElementImpl.java:1076) >at > org.apache.tapestry5.internal.services.ComponentEventRequestHandlerImpl.handle(ComponentEventRequestHandlerImpl.java:68) >at > org.apache.tapestry5.internal.services.ImmediateActionRenderResponseFilter.handle(ImmediateActionRenderResponseFilter.java:42) >at > $ComponentEventRequestHandler_1204712d04c.handle($ComponentEventRequestHandler_1204712d04c.java) >at > org.apache.tapestry5.internal.services.AjaxFilter.handle(AjaxFilter.java:42) >at > $ComponentEventRequestHandler_1204712d04c.handle($ComponentEventRequestHandler_1204712d04c.java) >at > org.apache.tapestry5.services.TapestryModule$44.handle(TapestryModule.java:2105) >at > $ComponentEventRequestHandler_1204712d04c.handle($ComponentEventRequestHandler_1204712d04c.java) >at > $ComponentEventRequestHandler_1204712cf9f.handle($ComponentEventRequestHandler_1204712cf9f.java) >at > org.apache.tapestry5.internal.services.ComponentEventDispatcher.dispatch(ComponentEventDispatcher.java:127) >at $Dispatcher_1204712cfa2.dispatch($Dispatcher_1204712cfa2.java) >at $Dispatcher_1204712cf94.dispatch($Dispatcher_1204712cf94.java) >at > org.apache.tapestry5.services.TapestryModule$17.service(TapestryModule.java:1029) >at > org.apache.tapestry5.internal.services.LocalizationFilter.service(LocalizationFilter.java:42) >at > $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java) >at > nu.localhost.tapestry5.springsecurity.services.internal.RequestFilterWrapper$1.doFilter(RequestFilterWrapper.java:60) >at > nu.localhost.tapestry5.springsecurity.services.internal.SpringSecurityExceptionTranslationFilter.doFilterHttp(SpringSecurityExceptionTranslationFilter.java:100) >at > org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) >at > nu.localhost.tapestry5.springsecurity.services.internal.RequestFilterWrapper.service(RequestFilterWrapper.java:55) >at > $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java) >at > org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:26) >at > $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java) >at > org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:621) >at > $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java) >at > org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:611) >at > $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java) >at > org.apache.tapestry5.internal.services.StaticFil
Re: integrating T5 a login form with Spring Security?
Hi, how did you do it? I am getting ComponentEventException when using void onSuccess() { Request request = requestGlobals.getRequest(); String url = request.getContextPath() + checkUrl + "?j_username=" + username + "&j_password=" + password; logger.info("onSuccess() url="+url); RequestDispatcher requestDispatcher = requestGlobals.getHTTPServletRequest().getRequestDispatcher(url); try { logger.info("onSuccess() : before forward"); requestDispatcher.forward(requestGlobals.getHTTPServletRequest(), requestGlobals.getHTTPServletResponse()); logger.info("onSuccess() : after forward"); } catch (ServletException e) { logger.error("ServletException : " + e.getMessage()); } catch (IOException e) { logger.error("IOException : " + e.getMessage()); } } What is the T5 way of forwarding to, in this case: INFO [27 mar 2009 09:36:48.549] [Login] onSuccess() url=/j_spring_security_check?j_username=sdfa&j_password=sdfasd Thanks, Borut The stack trace: INFO [27 mar 2009 09:36:49.049] [Login] onSuccess() : after forward ERROR [27 mar 2009 09:36:49.064] [DefaultRequestExceptionHandler] Processing of request failed with uncaught exception: org.apache.tapestry5.runtime.ComponentEventException org.apache.tapestry5.runtime.ComponentEventException [at classpath:si/najdi/identity/server/pages/Login.tml, line 11, column 45] at org.apache.tapestry5.internal.structure.ComponentPageElementImpl.triggerContextEvent(ComponentPageElementImpl.java:1076) at org.apache.tapestry5.internal.services.ComponentEventRequestHandlerImpl.handle(ComponentEventRequestHandlerImpl.java:68) at org.apache.tapestry5.internal.services.ImmediateActionRenderResponseFilter.handle(ImmediateActionRenderResponseFilter.java:42) at $ComponentEventRequestHandler_1204712d04c.handle($ComponentEventRequestHandler_1204712d04c.java) at org.apache.tapestry5.internal.services.AjaxFilter.handle(AjaxFilter.java:42) at $ComponentEventRequestHandler_1204712d04c.handle($ComponentEventRequestHandler_1204712d04c.java) at org.apache.tapestry5.services.TapestryModule$44.handle(TapestryModule.java:2105) at $ComponentEventRequestHandler_1204712d04c.handle($ComponentEventRequestHandler_1204712d04c.java) at $ComponentEventRequestHandler_1204712cf9f.handle($ComponentEventRequestHandler_1204712cf9f.java) at org.apache.tapestry5.internal.services.ComponentEventDispatcher.dispatch(ComponentEventDispatcher.java:127) at $Dispatcher_1204712cfa2.dispatch($Dispatcher_1204712cfa2.java) at $Dispatcher_1204712cf94.dispatch($Dispatcher_1204712cf94.java) at org.apache.tapestry5.services.TapestryModule$17.service(TapestryModule.java:1029) at org.apache.tapestry5.internal.services.LocalizationFilter.service(LocalizationFilter.java:42) at $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java) at nu.localhost.tapestry5.springsecurity.services.internal.RequestFilterWrapper$1.doFilter(RequestFilterWrapper.java:60) at nu.localhost.tapestry5.springsecurity.services.internal.SpringSecurityExceptionTranslationFilter.doFilterHttp(SpringSecurityExceptionTranslationFilter.java:100) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at nu.localhost.tapestry5.springsecurity.services.internal.RequestFilterWrapper.service(RequestFilterWrapper.java:55) at $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java) at org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:26) at $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java) at org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:621) at $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java) at org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:611) at $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java) at org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:85) at $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java) at org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:93) at org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:84) at org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:83) at org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:106) at $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java) at $RequestHandler_1204712cf8b.service($RequestHandler_1204712cf8b.java) at org.apache.tape
Re: integrating T5 a login form with Spring Security?
Hi, Take a look at the Login page in tapestry5-appfuse project here: http://code.google.com/p/tapestry5-appfuse There is an example of direct integration between T5 and Spring Security 2. /Serge Jean Luc wrote: > > Update: I can get the response with: > >@Inject > private RequestGlobals requestGlobals; > > and using requestGlobals.getHTTPServletResponse(); > > I'll need to change the redirect into a forward (to save a trip and to > prevent the username/pwd appear in the URL) but that's standard > servlet stuff. > > Thanks. > > On Sun, Dec 14, 2008 at 8:05 PM, Jean Luc wrote: >> Thanks Hugo, >> >> I've [tried to] inject the request and the response as mentioned (for >> the request) at: >> http://wiki.apache.org/tapestry/Tapestry5ObtainingHttpServletRequest >> >>@Inject >>private HttpServletRequest request; >> >>@Inject >>private HttpServletResponse response; >> >> It works for the request, but not for the response (exception below). >> I've googled for ways to inject the response (I thought it would be >> similar) but no luck. >> >> exception >>org.apache.tapestry5.internal.services.TransformationException: >> Error obtaining injected value for field >> com.foo.tapestry.pages.Login.response: No service implements the >> interface javax.servlet.http.HttpServletResponse. >> >> # org.apache.tapestry5.internal.services.TransformationException >> Error obtaining injected value for field >> com.foo.tapestry.pages.Login.response: No service implements the >> interface javax.servlet.http.HttpServletResponse. >> >> >> In case it matters, I'm using T 5.0.18 and JBoss 4.2.2GA >> Thanks in advance, >> JL >> >> On Sun, Dec 14, 2008 at 7:44 PM, Hugo Palma >> wrote: >>> In your page class inject the check url like this: >>> >>> @Inject >>> @Value("${spring-security.check.url}") >>> private String checkUrl; >>> >>> then on your onSuccessMethod: >>> >>> response.sendRedirect(request.getContextPath() + checkUrl + >>> "?j_username=" + >>> username + "&j_password=" + password); >>> >>> where username and password are the bound variables for your username >>> and >>> password text fields on the form. >>> >>> Jean Luc wrote: >>>> >>>> Hello, >>>> >>>> I've been trying to integrate T5 and Spring Security (2.0.4, not the >>>> older >>>> Acegi) but haven't succeeded in making the two work together. >>>> >>>> The standard way to specify a form login with Spring 2.5 is like below. >>>> See >>>> the element which specified the login page (Login) and >>>> what >>>> URL >>>> Spring will intercept (the standard j_security_check). >>>> >>>> http://www.springframework.org/schema/security"; >>>> >>>>>>>default-target-url="/Start" >>>>authentication-failure-url="/Login?login_error=1" >>>>login-processing-url="j_security_check" /> >>>> >>>> >>>> I have a typical Login.tml (labels and cosmetic stuff removed for >>>> brevity) >>>> >>>> >>>>>>> t:type="TextField" >>>> t:value="j_username"/> >>>>>>> t:type="PasswordField" >>>> t:value="j_password"/> >>>> >>>> >>>> >>>> >>>> What happens is that the POST that occurs when submitting the form goes >>>> to >>>> the Login.onSubmit() instead of j_security_check. While it is possible >>>> to >>>> add code there to call Spring's AuthenticationManager, I would end up >>>> duplicating what Spring Security does (the logic to redirect to >>>> different >>>> pages if the login succeeded or not and so on). I'd like to use Spring >>>> since >>>> it already implements this. >>>> >>>> Is it possible to submit the login info to j_security_check instead? Or >>>> to >>>> forward the request from within Login.onSubmit() to /j_security_check? >>>> >>>> I went through the "Tapestry 5" book by Alexander K
Re: integrating T5 a login form with Spring Security?
I'm using the action attribute Martijn On Sun, 2008-12-14 at 19:30 -0500, Jean Luc wrote: > Hello, > > I've been trying to integrate T5 and Spring Security (2.0.4, not the older > Acegi) but haven't succeeded in making the two work together. > > The standard way to specify a form login with Spring 2.5 is like below. See > the element which specified the login page (Login) and what URL > Spring will intercept (the standard j_security_check). > > http://www.springframework.org/schema/security"; > > default-target-url="/Start" > authentication-failure-url="/Login?login_error=1" > login-processing-url="j_security_check" /> > > > I have a typical Login.tml (labels and cosmetic stuff removed for brevity) > > > t:value="j_username"/> > t:value="j_password"/> > > > > > What happens is that the POST that occurs when submitting the form goes to > the Login.onSubmit() instead of j_security_check. While it is possible to > add code there to call Spring's AuthenticationManager, I would end up > duplicating what Spring Security does (the logic to redirect to different > pages if the login succeeded or not and so on). I'd like to use Spring since > it already implements this. > > Is it possible to submit the login info to j_security_check instead? Or to > forward the request from within Login.onSubmit() to /j_security_check? > > I went through the "Tapestry 5" book by Alexander Kolesnikov, but didn't > find this info. Also, I am aware of the tapestry5-acegi extension ( > http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under > development and for such a simple thing I didn't want to add a dependency on > another jar. > > As you can tell, I'm new to T5. I've had some exposure to T4 and an older > version of Spring (2.0) but there things were quite different, both in > Tapestry itself and in how Acegi is configured in Spring. > > Advice is appreciated, > JL - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: integrating T5 a login form with Spring Security?
You have to provide the login-processing-url to your template file. Look into nu.localhost.tapestry5.springsecuritytest.pages.LoginPage and the respective LoginPage.tml in the webapp of the sample. It's artefact is nu.localhost.tapestry5.springsecurity tapestry-spring-security-sample 1.0.0-SNAPSHOT There will be a final 1.0.0 later this day since Howard announced the final 5.0 for T5. Further you could also use Tapestry Spring Security and exclude the dependency for Spring 2.0 in your pom and include your 2.5 Spring dependencies instead. Visit [1] for an idea about it or read the excellent free book "Better builds with Maven" [2]. Michael [1] http://maven.apache.org/pom.html#Exclusions [2] http://www.exist.com/better-build-maven Jean Luc schrieb: Hello, I've been trying to integrate T5 and Spring Security (2.0.4, not the older Acegi) but haven't succeeded in making the two work together. The standard way to specify a form login with Spring 2.5 is like below. See the element which specified the login page (Login) and what URL Spring will intercept (the standard j_security_check). http://www.springframework.org/schema/security"; I have a typical Login.tml (labels and cosmetic stuff removed for brevity) What happens is that the POST that occurs when submitting the form goes to the Login.onSubmit() instead of j_security_check. While it is possible to add code there to call Spring's AuthenticationManager, I would end up duplicating what Spring Security does (the logic to redirect to different pages if the login succeeded or not and so on). I'd like to use Spring since it already implements this. Is it possible to submit the login info to j_security_check instead? Or to forward the request from within Login.onSubmit() to /j_security_check? I went through the "Tapestry 5" book by Alexander Kolesnikov, but didn't find this info. Also, I am aware of the tapestry5-acegi extension ( http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under development and for such a simple thing I didn't want to add a dependency on another jar. As you can tell, I'm new to T5. I've had some exposure to T4 and an older version of Spring (2.0) but there things were quite different, both in Tapestry itself and in how Acegi is configured in Spring. Advice is appreciated, JL - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: integrating T5 a login form with Spring Security?
Hi Jean Luc, there is a working example at http://www.localhost.nu/svn/public/tapestry-spring-security-sample/ if you want to use http://www.localhost.nu/java/tapestry-spring-security/. Cheers, Borut 2008/12/15 Jean Luc > Hello, > > I've been trying to integrate T5 and Spring Security (2.0.4, not the older > Acegi) but haven't succeeded in making the two work together. > > The standard way to specify a form login with Spring 2.5 is like below. See > the element which specified the login page (Login) and what > URL > Spring will intercept (the standard j_security_check). > > http://www.springframework.org/schema/security"; > >default-target-url="/Start" >authentication-failure-url="/Login?login_error=1" >login-processing-url="j_security_check" /> > > > I have a typical Login.tml (labels and cosmetic stuff removed for brevity) > > > t:value="j_username"/> > t:value="j_password"/> > > > > > What happens is that the POST that occurs when submitting the form goes to > the Login.onSubmit() instead of j_security_check. While it is possible to > add code there to call Spring's AuthenticationManager, I would end up > duplicating what Spring Security does (the logic to redirect to different > pages if the login succeeded or not and so on). I'd like to use Spring > since > it already implements this. > > Is it possible to submit the login info to j_security_check instead? Or to > forward the request from within Login.onSubmit() to /j_security_check? > > I went through the "Tapestry 5" book by Alexander Kolesnikov, but didn't > find this info. Also, I am aware of the tapestry5-acegi extension ( > http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under > development and for such a simple thing I didn't want to add a dependency > on > another jar. > > As you can tell, I'm new to T5. I've had some exposure to T4 and an older > version of Spring (2.0) but there things were quite different, both in > Tapestry itself and in how Acegi is configured in Spring. > > Advice is appreciated, > JL >
Re: integrating T5 a login form with Spring Security?
Update: I can get the response with: @Inject private RequestGlobals requestGlobals; and using requestGlobals.getHTTPServletResponse(); I'll need to change the redirect into a forward (to save a trip and to prevent the username/pwd appear in the URL) but that's standard servlet stuff. Thanks. On Sun, Dec 14, 2008 at 8:05 PM, Jean Luc wrote: > Thanks Hugo, > > I've [tried to] inject the request and the response as mentioned (for > the request) at: > http://wiki.apache.org/tapestry/Tapestry5ObtainingHttpServletRequest > >@Inject >private HttpServletRequest request; > >@Inject >private HttpServletResponse response; > > It works for the request, but not for the response (exception below). > I've googled for ways to inject the response (I thought it would be > similar) but no luck. > > exception >org.apache.tapestry5.internal.services.TransformationException: > Error obtaining injected value for field > com.foo.tapestry.pages.Login.response: No service implements the > interface javax.servlet.http.HttpServletResponse. > > # org.apache.tapestry5.internal.services.TransformationException > Error obtaining injected value for field > com.foo.tapestry.pages.Login.response: No service implements the > interface javax.servlet.http.HttpServletResponse. > > > In case it matters, I'm using T 5.0.18 and JBoss 4.2.2GA > Thanks in advance, > JL > > On Sun, Dec 14, 2008 at 7:44 PM, Hugo Palma wrote: >> In your page class inject the check url like this: >> >> @Inject >> @Value("${spring-security.check.url}") >> private String checkUrl; >> >> then on your onSuccessMethod: >> >> response.sendRedirect(request.getContextPath() + checkUrl + "?j_username=" + >> username + "&j_password=" + password); >> >> where username and password are the bound variables for your username and >> password text fields on the form. >> >> Jean Luc wrote: >>> >>> Hello, >>> >>> I've been trying to integrate T5 and Spring Security (2.0.4, not the older >>> Acegi) but haven't succeeded in making the two work together. >>> >>> The standard way to specify a form login with Spring 2.5 is like below. >>> See >>> the element which specified the login page (Login) and what >>> URL >>> Spring will intercept (the standard j_security_check). >>> >>> http://www.springframework.org/schema/security"; >>> >>>>>default-target-url="/Start" >>>authentication-failure-url="/Login?login_error=1" >>>login-processing-url="j_security_check" /> >>> >>> >>> I have a typical Login.tml (labels and cosmetic stuff removed for brevity) >>> >>> >>>>> t:value="j_username"/> >>>>> t:value="j_password"/> >>> >>> >>> >>> >>> What happens is that the POST that occurs when submitting the form goes to >>> the Login.onSubmit() instead of j_security_check. While it is possible to >>> add code there to call Spring's AuthenticationManager, I would end up >>> duplicating what Spring Security does (the logic to redirect to different >>> pages if the login succeeded or not and so on). I'd like to use Spring >>> since >>> it already implements this. >>> >>> Is it possible to submit the login info to j_security_check instead? Or to >>> forward the request from within Login.onSubmit() to /j_security_check? >>> >>> I went through the "Tapestry 5" book by Alexander Kolesnikov, but didn't >>> find this info. Also, I am aware of the tapestry5-acegi extension ( >>> http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under >>> development and for such a simple thing I didn't want to add a dependency >>> on >>> another jar. >>> >>> As you can tell, I'm new to T5. I've had some exposure to T4 and an older >>> version of Spring (2.0) but there things were quite different, both in >>> Tapestry itself and in how Acegi is configured in Spring. >>> >>> Advice is appreciated, >>> JL >>> >>> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: integrating T5 a login form with Spring Security?
Thanks Hugo, I've [tried to] inject the request and the response as mentioned (for the request) at: http://wiki.apache.org/tapestry/Tapestry5ObtainingHttpServletRequest @Inject private HttpServletRequest request; @Inject private HttpServletResponse response; It works for the request, but not for the response (exception below). I've googled for ways to inject the response (I thought it would be similar) but no luck. exception org.apache.tapestry5.internal.services.TransformationException: Error obtaining injected value for field com.foo.tapestry.pages.Login.response: No service implements the interface javax.servlet.http.HttpServletResponse. # org.apache.tapestry5.internal.services.TransformationException Error obtaining injected value for field com.foo.tapestry.pages.Login.response: No service implements the interface javax.servlet.http.HttpServletResponse. In case it matters, I'm using T 5.0.18 and JBoss 4.2.2GA Thanks in advance, JL On Sun, Dec 14, 2008 at 7:44 PM, Hugo Palma wrote: > In your page class inject the check url like this: > > @Inject > @Value("${spring-security.check.url}") > private String checkUrl; > > then on your onSuccessMethod: > > response.sendRedirect(request.getContextPath() + checkUrl + "?j_username=" + > username + "&j_password=" + password); > > where username and password are the bound variables for your username and > password text fields on the form. > > Jean Luc wrote: >> >> Hello, >> >> I've been trying to integrate T5 and Spring Security (2.0.4, not the older >> Acegi) but haven't succeeded in making the two work together. >> >> The standard way to specify a form login with Spring 2.5 is like below. >> See >> the element which specified the login page (Login) and what >> URL >> Spring will intercept (the standard j_security_check). >> >> http://www.springframework.org/schema/security"; >> >>>default-target-url="/Start" >>authentication-failure-url="/Login?login_error=1" >>login-processing-url="j_security_check" /> >> >> >> I have a typical Login.tml (labels and cosmetic stuff removed for brevity) >> >> >>> t:value="j_username"/> >>> t:value="j_password"/> >> >> >> >> >> What happens is that the POST that occurs when submitting the form goes to >> the Login.onSubmit() instead of j_security_check. While it is possible to >> add code there to call Spring's AuthenticationManager, I would end up >> duplicating what Spring Security does (the logic to redirect to different >> pages if the login succeeded or not and so on). I'd like to use Spring >> since >> it already implements this. >> >> Is it possible to submit the login info to j_security_check instead? Or to >> forward the request from within Login.onSubmit() to /j_security_check? >> >> I went through the "Tapestry 5" book by Alexander Kolesnikov, but didn't >> find this info. Also, I am aware of the tapestry5-acegi extension ( >> http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under >> development and for such a simple thing I didn't want to add a dependency >> on >> another jar. >> >> As you can tell, I'm new to T5. I've had some exposure to T4 and an older >> version of Spring (2.0) but there things were quite different, both in >> Tapestry itself and in how Acegi is configured in Spring. >> >> Advice is appreciated, >> JL >> >> > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: integrating T5 a login form with Spring Security?
In your page class inject the check url like this: @Inject @Value("${spring-security.check.url}") private String checkUrl; then on your onSuccessMethod: response.sendRedirect(request.getContextPath() + checkUrl + "?j_username=" + username + "&j_password=" + password); where username and password are the bound variables for your username and password text fields on the form. Jean Luc wrote: Hello, I've been trying to integrate T5 and Spring Security (2.0.4, not the older Acegi) but haven't succeeded in making the two work together. The standard way to specify a form login with Spring 2.5 is like below. See the element which specified the login page (Login) and what URL Spring will intercept (the standard j_security_check). http://www.springframework.org/schema/security"; I have a typical Login.tml (labels and cosmetic stuff removed for brevity) What happens is that the POST that occurs when submitting the form goes to the Login.onSubmit() instead of j_security_check. While it is possible to add code there to call Spring's AuthenticationManager, I would end up duplicating what Spring Security does (the logic to redirect to different pages if the login succeeded or not and so on). I'd like to use Spring since it already implements this. Is it possible to submit the login info to j_security_check instead? Or to forward the request from within Login.onSubmit() to /j_security_check? I went through the "Tapestry 5" book by Alexander Kolesnikov, but didn't find this info. Also, I am aware of the tapestry5-acegi extension ( http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under development and for such a simple thing I didn't want to add a dependency on another jar. As you can tell, I'm new to T5. I've had some exposure to T4 and an older version of Spring (2.0) but there things were quite different, both in Tapestry itself and in how Acegi is configured in Spring. Advice is appreciated, JL - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
integrating T5 a login form with Spring Security?
Hello, I've been trying to integrate T5 and Spring Security (2.0.4, not the older Acegi) but haven't succeeded in making the two work together. The standard way to specify a form login with Spring 2.5 is like below. See the element which specified the login page (Login) and what URL Spring will intercept (the standard j_security_check). http://www.springframework.org/schema/security"; I have a typical Login.tml (labels and cosmetic stuff removed for brevity) What happens is that the POST that occurs when submitting the form goes to the Login.onSubmit() instead of j_security_check. While it is possible to add code there to call Spring's AuthenticationManager, I would end up duplicating what Spring Security does (the logic to redirect to different pages if the login succeeded or not and so on). I'd like to use Spring since it already implements this. Is it possible to submit the login info to j_security_check instead? Or to forward the request from within Login.onSubmit() to /j_security_check? I went through the "Tapestry 5" book by Alexander Kolesnikov, but didn't find this info. Also, I am aware of the tapestry5-acegi extension ( http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under development and for such a simple thing I didn't want to add a dependency on another jar. As you can tell, I'm new to T5. I've had some exposure to T4 and an older version of Spring (2.0) but there things were quite different, both in Tapestry itself and in how Acegi is configured in Spring. Advice is appreciated, JL