Ok. Got ya. Thankx
-----Original Message-----
From: Jonathan Barker [mailto:[EMAIL PROTECTED]
Sent: 01 April 2008 16:04
To: 'Tapestry users'
Subject: RE: T5: Problem with login form with Acegi
It won't matter. That's why you use the @Secured("ROLE_ADMIN")
annotation.
At best, an unauthenticated user will have ROLE_ANONYMOUS if the
AnonymousAuthenticationProvider is used. They will get an AccessDenied
exception.
I'm playing with a little older code that coughs up a hairball when it
hits
one of those exceptions, but I think the newer tapestry5-acegi does the
appropriate redirection to whatever access-denied page you want. That
could
be the login page.
Jonathan
> -----Original Message-----
> From: Mahen Perera [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, April 01, 2008 10:11 AM
> To: Tapestry users
> Subject: RE: T5: Problem with login form with Acegi
>
> Quick Question:
> How can we avoid the situation where a user tries to directly access
the
> URL corresponding to the page named "Secure" in this case. I mean
> without going thru the login form.
>
> Thanks
>
>
>
> -----Original Message-----
> From: Jacob Bergoo [mailto:[EMAIL PROTECTED]
> Sent: 28 March 2008 23:28
> To: users@tapestry.apache.org
> Subject: T5: Problem with login form with Acegi
>
>
> Hi All,
> In my project I use the Tapestry5-Acegi project and made that work
> following
> the example and with some help from the forum, thanks...
> Now I'm trying to make a more realistic version of a login where I can
> control the validation on the login form and also based on user roles
> redirect the user to the right page.
> I have created a page like this:
> public class LoginPage {
>
> /* PRIVATE MEMBERS */
> @Persist
> private String userName;
> private String password;
> @Component
> private Form form;
>
> /* INJECTED COMPONENTS, SERVICES ETC. */
> @Component(id = "password")
> private PasswordField passwordField;
>
> @Inject
> private AuthenticationManager authenticationManager;
>
> /* GETTERS AND SETTERS */
> public String getPassword() {
> return password;
> }
>
> public void setPassword(String password) {
> this.password = password;
> }
>
> public String getUserName() {
> return userName;
> }
>
> public void setUserName(String userName) {
> this.userName = userName;
> }
>
> /* ACTION METHODS */
> protected String onSuccess() {
> UsernamePasswordAuthenticationToken authRequest = new
> UsernamePasswordAuthenticationToken(userName, password);
> Authentication authResult;
>
> try {
> authResult =
> authenticationManager.authenticate(authRequest);
> if (!authResult.isAuthenticated()) {
> form.recordError(passwordField,
> "Invalid user name or
> password.");
> return null;
> }
> GrantedAuthority[] gratedAuthorityArray =
> authResult.getAuthorities();
> Set<GrantedAuthority> grantedAuthoritySet = new
> HashSet<GrantedAuthority>();
> for (int i = 0; i < gratedAuthorityArray.length;
> i++) {
>
> grantedAuthoritySet.add(gratedAuthorityArray[i]);
> System.out.println("Adding " +
> gratedAuthorityArray[i] + " to set");
> }
>
> // DEBUGGING....
> System.out.println("successful login for: " +
> userName);
> System.out.println("authResult.getCredentials()
> = " +
> authResult.getCredentials());
> System.out.println("authResult.getPrincipal() =
> " +
> authResult.getPrincipal());
> System.out.println("authResult.getAuthorities():
> ");
> for (int i = 0; i < gratedAuthorityArray.length;
> i++) {
> System.out.println("Auth no " + (i + 1)
> + " = '" +
> gratedAuthorityArray[i] + "'");
> }
> // END DEBUGGING...
>
> if (grantedAuthoritySet.contains("ROLE_ADMIN"))
> {
> System.out.println("Redirecting to
> Secure page...");
> return "Secure";
> } else if
> (grantedAuthoritySet.contains("ROLE_SOME_OTHER_ROLE")) {
> System.out.println("redirecting to some
> other page");
> return "SOME_OTHER_PAGE";
> }
>
> } catch (AuthenticationException
> authenticationException) {
> System.out.println("user with username = " +
> userName
> + "couldn't be authenticated
> with Acegi");
> }
>
> return null;
> }
>
> }
>
> In my Jetty Console I can see that I get the Authetication:
>
> Adding ROLE_ADMIN to set
> Adding ROLE_MANAGER to set
> Adding ROLE_USER to set
> successful login for: jacob
> authResult.getCredentials() = jacob
> authResult.getPrincipal() = UserDetailsBean {
> username = jacob
> password = jacob
> accountNonExpired = true
> passwordaccountNonLocked = true
> credentialsNonExpired = true
> enabled = true
> grantedAuthorities {
> 'ROLE_ADMIN'
> 'ROLE_MANAGER'
> 'ROLE_USER'
> }
> }
>
> authResult.getAuthorities():
> Auth no 1 = 'ROLE_ADMIN'
> Auth no 2 = 'ROLE_MANAGER'
> Auth no 3 = 'ROLE_USER'
> [INFO] TimingFilter Request time: 26 ms
> [INFO] TimingFilter Request time: 18 ms
> [INFO] TimingFilter Request time: 2 ms
>
> but the redirection to the pages doesn't work... and if I change the
> last
> return null; to return "Secure"; then I get this exception instead:
>
> [ERROR] Secure Render queue error in BeginRender[Secure]: Access is
> denied
> org.apache.tapestry.ioc.internal.util.TapestryException: Access is
> denied
> at
>
org.apache.tapestry.internal.structure.ComponentPageElementImpl.invoke(C
> omponentPageElementImpl.java:884)
> at
>
org.apache.tapestry.internal.structure.ComponentPageElementImpl.access$1
> 00(ComponentPageElementImpl.java:54)
> at
>
org.apache.tapestry.internal.structure.ComponentPageElementImpl$11.rende
> r(ComponentPageElementImpl.java:342)
> at
>
org.apache.tapestry.internal.services.RenderQueueImpl.run(RenderQueueImp
> l.java:63)
> at
>
org.apache.tapestry.internal.services.PageRenderQueueImpl.render(PageRen
> derQueueImpl.java:84)
> at
> $PageRenderQueue_118f7af20ee.render($PageRenderQueue_118f7af20ee.java)
> at
> $PageRenderQueue_118f7af20e7.render($PageRenderQueue_118f7af20e7.java)
> at
>
org.apache.tapestry.services.TapestryModule$19.renderMarkup(TapestryModu
> le.java:1293)
> at
>
org.apache.tapestry.services.TapestryModule$23.renderMarkup(TapestryModu
> le.java:1402)
> at
>
$MarkupRenderer_118f7af20f2.renderMarkup($MarkupRenderer_118f7af20f2.jav
> a)
> at
>
org.apache.tapestry.services.TapestryModule$22.renderMarkup(TapestryModu
> le.java:1383)
> at
>
$MarkupRenderer_118f7af20f2.renderMarkup($MarkupRenderer_118f7af20f2.jav
> a)
> at
>
org.apache.tapestry.services.TapestryModule$21.renderMarkup(TapestryModu
> le.java:1365)
> at
>
$MarkupRenderer_118f7af20f2.renderMarkup($MarkupRenderer_118f7af20f2.jav
> a)
> at
>
org.apache.tapestry.services.TapestryModule$20.renderMarkup(TapestryModu
> le.java:1347)
> at
>
$MarkupRenderer_118f7af20f2.renderMarkup($MarkupRenderer_118f7af20f2.jav
> a)
> at
>
$MarkupRenderer_118f7af20ec.renderMarkup($MarkupRenderer_118f7af20ec.jav
> a)
> at
>
org.apache.tapestry.internal.services.PageMarkupRendererImpl.renderPageM
> arkup(PageMarkupRendererImpl.java:55)
> at
>
$PageMarkupRenderer_118f7af20ea.renderPageMarkup($PageMarkupRenderer_118
> f7af20ea.java)
> at
>
org.apache.tapestry.internal.services.PageResponseRendererImpl.renderPag
> eResponse(PageResponseRendererImpl.java:57)
> at
>
$PageResponseRenderer_118f7af20bb.renderPageResponse($PageResponseRender
> er_118f7af20bb.java)
> at
>
org.apache.tapestry.internal.services.PageRenderRequestHandlerImpl.handl
> e(PageRenderRequestHandlerImpl.java:59)
> at
>
org.apache.tapestry.services.TapestryModule$29.handle(TapestryModule.jav
> a:1607)
> at
>
$PageRenderRequestHandler_118f7af20bc.handle($PageRenderRequestHandler_1
> 18f7af20bc.java)
> at
>
$PageRenderRequestHandler_118f7af20b1.handle($PageRenderRequestHandler_1
> 18f7af20b1.java)
> at
>
org.apache.tapestry.internal.services.PageRenderDispatcher.process(PageR
> enderDispatcher.java:97)
> at
>
org.apache.tapestry.internal.services.PageRenderDispatcher.dispatch(Page
> RenderDispatcher.java:73)
> at
> $Dispatcher_118f7af20b8.dispatch($Dispatcher_118f7af20b8.java)
> at
> $Dispatcher_118f7af20a9.dispatch($Dispatcher_118f7af20a9.java)
> at
>
org.apache.tapestry.services.TapestryModule$13.service(TapestryModule.ja
> va:944)
> at
> com.bergoo.webshop.services.AppModule$1.service(AppModule.java:94)
> at
> $RequestFilter_118f7af20a8.service($RequestFilter_118f7af20a8.java)
> at
> $RequestHandler_118f7af20aa.service($RequestHandler_118f7af20aa.java)
> at
>
org.apache.tapestry.internal.services.LocalizationFilter.service(Localiz
> ationFilter.java:42)
> at
> $RequestHandler_118f7af20aa.service($RequestHandler_118f7af20aa.java)
> at
>
org.apache.tapestry.services.TapestryModule$3.service(TapestryModule.jav
> a:553)
> at
> $RequestHandler_118f7af20aa.service($RequestHandler_118f7af20aa.java)
> at
>
org.apache.tapestry.internal.services.StaticFilesFilter.service(StaticFi
> lesFilter.java:79)
> at
> $RequestHandler_118f7af20aa.service($RequestHandler_118f7af20aa.java)
> at
>
nu.localhost.tapestry.acegi.services.internal.RequestFilterWrapper$1.doF
> ilter(RequestFilterWrapper.java:60)
> at
>
nu.localhost.tapestry.acegi.services.internal.AcegiExceptionTranslationF
> ilter.doFilter(AcegiExceptionTranslationFilter.java:67)
> at
>
nu.localhost.tapestry.acegi.services.internal.RequestFilterWrapper.servi
> ce(RequestFilterWrapper.java:54)
> at
> $RequestFilter_118f7af20a4.service($RequestFilter_118f7af20a4.java)
> at
> $RequestHandler_118f7af20aa.service($RequestHandler_118f7af20aa.java)
> at
>
org.apache.tapestry.services.TapestryModule$2.service(TapestryModule.jav
> a:520)
> at
> $RequestHandler_118f7af20aa.service($RequestHandler_118f7af20aa.java)
> at
>
org.apache.tapestry.internal.services.CheckForUpdatesFilter$2.invoke(Che
> ckForUpdatesFilter.java:93)
> at
>
org.apache.tapestry.internal.services.CheckForUpdatesFilter$2.invoke(Che
> ckForUpdatesFilter.java:84)
> at
>
org.apache.tapestry.ioc.internal.util.ConcurrentBarrier.withRead(Concurr
> entBarrier.java:77)
> at
>
org.apache.tapestry.internal.services.CheckForUpdatesFilter.service(Chec
> kForUpdatesFilter.java:106)
> at
> $RequestHandler_118f7af20aa.service($RequestHandler_118f7af20aa.java)
> at
> $RequestHandler_118f7af209e.service($RequestHandler_118f7af209e.java)
> at
>
org.apache.tapestry.services.TapestryModule$12.service(TapestryModule.ja
> va:924)
> at
>
org.apache.tapestry.internal.services.IgnoredPathsFilter.service(Ignored
> PathsFilter.java:62)
> at
>
$HttpServletRequestFilter_118f7af209d.service($HttpServletRequestFilter_
> 118f7af209d.java)
> at
>
$HttpServletRequestHandler_118f7af209f.service($HttpServletRequestHandle
> r_118f7af209f.java)
> at
>
nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper$1.doFilter(HttpServletRequestFilterWrapper.java:57)
> at
>
org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter
> (AnonymousProcessingFilter.java:125)
> at
>
nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper.service(HttpServletRequestFilterWrapper.java:52)
> at
>
$HttpServletRequestFilter_118f7af209c.service($HttpServletRequestFilter_
> 118f7af209c.java)
> at
>
$HttpServletRequestHandler_118f7af209f.service($HttpServletRequestHandle
> r_118f7af209f.java)
> at
>
nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper$1.doFilter(HttpServletRequestFilterWrapper.java:57)
> at
>
org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilt
> er(SecurityContextHolderAwareRequestFilter.java:81)
> at
>
nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper.service(HttpServletRequestFilterWrapper.java:52)
> at
>
$HttpServletRequestFilter_118f7af209b.service($HttpServletRequestFilter_
> 118f7af209b.java)
> at
>
$HttpServletRequestHandler_118f7af209f.service($HttpServletRequestHandle
> r_118f7af209f.java)
> at
>
nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper$1.doFilter(HttpServletRequestFilterWrapper.java:57)
> at
>
org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(Reme
> mberMeProcessingFilter.java:135)
> at
>
nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper.service(HttpServletRequestFilterWrapper.java:52)
> at
>
$HttpServletRequestFilter_118f7af209a.service($HttpServletRequestFilter_
> 118f7af209a.java)
> at
>
$HttpServletRequestHandler_118f7af209f.service($HttpServletRequestHandle
> r_118f7af209f.java)
> at
>
nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper$1.doFilter(HttpServletRequestFilterWrapper.java:57)
> at
>
org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessin
> gFilter.java:271)
> at
>
nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper.service(HttpServletRequestFilterWrapper.java:52)
> at
>
$HttpServletRequestFilter_118f7af2099.service($HttpServletRequestFilter_
> 118f7af2099.java)
> at
>
$HttpServletRequestHandler_118f7af209f.service($HttpServletRequestHandle
> r_118f7af209f.java)
> at
>
nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper$1.doFilter(HttpServletRequestFilterWrapper.java:57)
> at
>
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(H
> ttpSessionContextIntegrationFilter.java:249)
> at
>
nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper.service(HttpServletRequestFilterWrapper.java:52)
> at
>
$HttpServletRequestFilter_118f7af2098.service($HttpServletRequestFilter_
> 118f7af2098.java)
> at
>
$HttpServletRequestHandler_118f7af209f.service($HttpServletRequestHandle
> r_118f7af209f.java)
> at
>
$HttpServletRequestHandler_118f7af2097.service($HttpServletRequestHandle
> r_118f7af2097.java)
> at
> org.apache.tapestry.TapestryFilter.doFilter(TapestryFilter.java:168)
> at
>
org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(Web
> ApplicationHandler.java:821)
> at
>
org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFil
> terInternal(OpenSessionInViewFilter.java:198)
> at
>
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequ
> estFilter.java:75)
> at
>
org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(Web
> ApplicationHandler.java:821)
> at
>
org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationH
> andler.java:471)
> at
>
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:568)
> at org.mortbay.http.HttpContext.handle(HttpContext.java:1530)
> at
>
org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationCon
> text.java:633)
> at org.mortbay.http.HttpContext.handle(HttpContext.java:1482)
> at org.mortbay.http.HttpServer.service(HttpServer.java:909)
> at
> org.mortbay.http.HttpConnection.service(HttpConnection.java:820)
> at
> org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:986)
> at
> org.mortbay.http.HttpConnection.handle(HttpConnection.java:837)
> at
>
org.mortbay.http.SocketListener.handleConnection(SocketListener.java:245
> )
> at
> org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)
> at
> org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)
> Caused by: org.acegisecurity.AccessDeniedException: Access is denied
> at
>
org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
> at
>
$AccessDecisionManager_118f7af2115.decide($AccessDecisionManager_118f7af
> 2115.java)
> at
>
org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation
> (AbstractSecurityInterceptor.java:323)
> at
>
nu.localhost.tapestry.acegi.services.internal.StaticSecurityChecker.chec
> kBefore(StaticSecurityChecker.java:43)
> at
>
$SecurityChecker_118f7af20ce.checkBefore($SecurityChecker_118f7af20ce.ja
> va)
> at com.bergoo.webshop.pages.Secure.beginRender(Secure.java)
> at
>
org.apache.tapestry.internal.structure.ComponentPageElementImpl$11$1.run
> (ComponentPageElementImpl.java:338)
> at
>
org.apache.tapestry.internal.structure.ComponentPageElementImpl.invoke(C
> omponentPageElementImpl.java:874)
> ... 98 more
>
> The Secure.java has a @Secured("ROLE_ADMIN") annotation and therefor I
> should be granted access to this page.
>
> Anyone have any Idears?
>
> Thanks in advance,
> Jacob
> --
> View this message in context:
>
http://www.nabble.com/T5%3A-Problem-with-login-form-with-Acegi-tp1636429
> 5p16364295.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
> The information contained in this email is strictly confidential and
for
> the use of the addressee only, unless otherwise indicated. If you are
not
> the intended recipient, please do not read, copy, use or disclose to
> others this message or any attachment. Please also notify the sender
by
> replying to this email or by telephone (+44 (0)20 7896 0011) and then
> delete the email and any copies of it. Opinions, conclusions (etc.)
that
> do not relate to the official business of this company shall be
understood
> as neither given nor endorsed by it. IG Index plc is a company
registered
> in England and Wales under number 01190902. VAT registration number
761
> 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road,
London
> SE1 8EZ. Authorised and regulated by the Financial Services Authority.
FSA
> Register number 114059.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
The information contained in this email is strictly confidential and for the
use of the addressee only, unless otherwise indicated. If you are not the
intended recipient, please do not read, copy, use or disclose to others this
message or any attachment. Please also notify the sender by replying to this
email or by telephone (+44 (0)20 7896 0011) and then delete the email and any
copies of it. Opinions, conclusions (etc.) that do not relate to the official
business of this company shall be understood as neither given nor endorsed by
it. IG Index plc is a company registered in England and Wales under number
01190902. VAT registration number 761 2978 07. Registered Office: Friars House,
157-168 Blackfriars Road, London SE1 8EZ. Authorised and regulated by the
Financial Services Authority. FSA Register number 114059.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
