kinda sort-of stuck

Wed, 15 Aug 2012 19:12:25 -0700 

I am using your excellent tynamo-security module but I'm kinda sort-of
stuck. I have followed the tapestry-security guide and I think that I
got it to work half-way; I'm able to redirect unauthenticated users,
secure pages and methods via annotations. I just can't seem to
"authenticate" users. I'm working with a very legacy database(circa
2000) with clear text passwords. It's an intranet web application with
about 10 users.

Here's an excerpt of my SecurityRealm:

public class SecurityRealm extends AuthorizingRealm {

      @Inject
      private UserDAO userDAO;

      public SecurityRealm() {
          super(new MemoryConstrainedCacheManager());
          setName("SecurityRealm");
          setAuthenticationTokenClass(UsernamePasswordToken.class);
          setCredentialsMatcher(new SimpleCredentialsMatcher());
      }

      @Override
      protected AuthorizationInfo
doGetAuthorizationInfo(PrincipalCollection pc) {
          ...
          // stuff to retrieve roles from the database

          User u= userDAO.findByUsername(username);
          Set<String> roles = new HashSet<String>(u.getRoleList().size());
          for(UserRole role : u.getRoleList()){
              roles.add(role.getRole());
          }
          return new SimpleAuthorizationInfo(roles);
      }

      @Override
      protected AuthenticationInfo
doGetAuthenticationInfo(AuthenticationToken at) throws
AuthenticationException {

          UsernamePasswordToken token = (UsernamePasswordToken) at;
          token.setRememberMe(false);
          String username = token.getUsername();

          if(username == null){
              throw new AccountException("Null usernames are not allowed.");
          }

          User u= userDAO.findByUsername(username);

          if(u.getIslocked()){
              throw new LockedAccountException("Account is
disabled/locked.");
          }

          return new
SimpleAuthenticationInfo(username,u.getPassword().toCharArray(),getName());
      }

And I added this "Realm" using the contributeWebSecurityManager method
in the AppModule of Tapestry. I also have checked out code in the SVN.

I'm still at a lost why my project won't authenticate users.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Reply via email to