On Thu, Apr 19, 2012 at 9:10 AM, George Christman
<gchrist...@cardaddy.com> wrote:
> Hi Kalle, I know it's been some time since we last spoke about this project.
> I'm getting started with it again and had a question for you. When you said
> I could call Subject.login in my isAuthorized method, were you referring to
> something like this?
> @Override
> protected boolean isAuthorized(HRIPrinciple hrip, String urlPath) {
> Subject currentUser = SecurityUtils.getSubject();
> HRIAuthenticationToken token = new
> HRIAuthenticationToken(hrip.getUid());
> currentUser.login(token);
> return currentUser.isAuthenticated();
> }
Yes, perhaps.
> I'm not entirely sure why I would need to access Tapestry's machinery. "I
> don't know anything about Tapestry IOC". Would you further explain that
> please and possibly point me to the tapestry security source location?
Mastering Tapestry IoC is a key to understanding and being productive
with Tapestry. If you just wanted to use Shiro alone, you could
perhaps get the above working by configuring your custom filter and
Shiro outside of Tapestry using the standard servlet configuration
(i.e. web.xml) mechanism. Tapestry security initializes and invokes
Shiro within Tapestry's servlet request pipeline, and replaces Shiro's
standard filters with its own. There are multiple benefits with these
approach, one of the keys ones is that you can use any other services
in your security filters, realms, etc. I would assume that
initializing your custom filter within tapestry-security context would
be the path of least (less?) resistance to get this working for you.
The tapestry-security source code is essential reading for you. You
could start with
http://svn.codehaus.org/tynamo/trunk/tapestry-security/src/main/java/org/tynamo/security/services/impl/SecurityFilterChainFactoryImpl.java.
Map the chain concept to "Contributing security configuration" section
on http://tynamo.org/tapestry-security+guide and it should be fairly
straight-forwarded to add your filter to the chain (you can just
construct the object manually for your chains, no factory required).
Kalle
> View this message in context:
> http://tapestry.1045711.n5.nabble.com/tapestry-security-w-Remote-Login-tp5505792p5652188.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
