On Thu, Apr 19, 2012 at 9:10 AM, George Christman <gchrist...@cardaddy.com> wrote: > Hi Kalle, I know it's been some time since we last spoke about this project. > I'm getting started with it again and had a question for you. When you said > I could call Subject.login in my isAuthorized method, were you referring to > something like this? > @Override > protected boolean isAuthorized(HRIPrinciple hrip, String urlPath) { > Subject currentUser = SecurityUtils.getSubject(); > HRIAuthenticationToken token = new > HRIAuthenticationToken(hrip.getUid()); > currentUser.login(token); > return currentUser.isAuthenticated(); > }
Yes, perhaps. > I'm not entirely sure why I would need to access Tapestry's machinery. "I > don't know anything about Tapestry IOC". Would you further explain that > please and possibly point me to the tapestry security source location? Mastering Tapestry IoC is a key to understanding and being productive with Tapestry. If you just wanted to use Shiro alone, you could perhaps get the above working by configuring your custom filter and Shiro outside of Tapestry using the standard servlet configuration (i.e. web.xml) mechanism. Tapestry security initializes and invokes Shiro within Tapestry's servlet request pipeline, and replaces Shiro's standard filters with its own. There are multiple benefits with these approach, one of the keys ones is that you can use any other services in your security filters, realms, etc. I would assume that initializing your custom filter within tapestry-security context would be the path of least (less?) resistance to get this working for you. The tapestry-security source code is essential reading for you. You could start with http://svn.codehaus.org/tynamo/trunk/tapestry-security/src/main/java/org/tynamo/security/services/impl/SecurityFilterChainFactoryImpl.java. Map the chain concept to "Contributing security configuration" section on http://tynamo.org/tapestry-security+guide and it should be fairly straight-forwarded to add your filter to the chain (you can just construct the object manually for your chains, no factory required). Kalle > View this message in context: > http://tapestry.1045711.n5.nabble.com/tapestry-security-w-Remote-Login-tp5505792p5652188.html > Sent from the Tapestry - User mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org