I am using your excellent tynamo-security module but I'm kinda sort-of stuck. I have followed the tapestry-security guide and I think that I got it to work half-way; I'm able to redirect unauthenticated users, secure pages and methods via annotations. I just can't seem to "authenticate" users. I'm working with a very legacy database(circa 2000) with clear text passwords. It's an intranet web application with about 10 users.
Here's an excerpt of my SecurityRealm: public class SecurityRealm extends AuthorizingRealm { @Inject private UserDAO userDAO; public SecurityRealm() { super(new MemoryConstrainedCacheManager()); setName("SecurityRealm"); setAuthenticationTokenClass(UsernamePasswordToken.class); setCredentialsMatcher(new SimpleCredentialsMatcher()); } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pc) { ... // stuff to retrieve roles from the database User u= userDAO.findByUsername(username); Set<String> roles = new HashSet<String>(u.getRoleList().size()); for(UserRole role : u.getRoleList()){ roles.add(role.getRole()); } return new SimpleAuthorizationInfo(roles); } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken at) throws AuthenticationException { UsernamePasswordToken token = (UsernamePasswordToken) at; token.setRememberMe(false); String username = token.getUsername(); if(username == null){ throw new AccountException("Null usernames are not allowed."); } User u= userDAO.findByUsername(username); if(u.getIslocked()){ throw new LockedAccountException("Account is disabled/locked."); } return new SimpleAuthenticationInfo(username,u.getPassword().toCharArray(),getName()); } And I added this "Realm" using the contributeWebSecurityManager method in the AppModule of Tapestry. I also have checked out code in the SVN. I'm still at a lost why my project won't authenticate users. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org