>So it sounds like you'll need to contribute a ComponentRequestFilter. Make >sure you order it "before:" the tynamo filter.
Yes, this is the right place, but I don't have HttpServletRequest and HttpServletResponse and I can't initialize security subject like here: https://github.com/tynamo/tapestry-security/blob/master/src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java#L51 I've tried to make something like this: ThreadContext.bind(securityManager); Subject subject = SecurityUtils.getSubject(); subject.login(new UsernamePasswordToken("default", "default", true)); //this user exists handler.handleComponentEvent(parameters); But it causes another exception: java.util.concurrent.ExecutionException: org.apache.shiro.authz.UnauthenticatedException: This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against. A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager. This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again. Because an identity is currently not known due to any of these conditions, authorization is denied. at java.util.concurrent.FutureTask.report(FutureTask.java:122) at java.util.concurrent.FutureTask.get(FutureTask.java:188) at org.lazan.t5.offline.services.internal.OfflineComponentRendererImpl$1.get(OfflineComponentRendererImpl.java:84) at org.lazan.t5.offline.services.internal.OfflineComponentRendererImpl$1.get(OfflineComponentRendererImpl.java:79) at org.lazan.t5.atmosphere.services.internal.PerRequestBroadcastFilterImpl.filter(PerRequestBroadcastFilterImpl.java:59) at org.atmosphere.cpr.BroadcasterConfig.filter(BroadcasterConfig.java:483) at org.atmosphere.cpr.DefaultBroadcaster.perRequestFilter(DefaultBroadcaster.java:850) at org.atmosphere.cpr.DefaultBroadcaster.deliverPush(DefaultBroadcaster.java:740) at org.atmosphere.cpr.DefaultBroadcaster.push(DefaultBroadcaster.java:646) at org.atmosphere.cpr.DefaultBroadcaster$2.run(DefaultBroadcaster.java:504) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) Caused by: org.apache.shiro.authz.UnauthenticatedException: This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against. A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager. This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again. Because an identity is currently not known due to any of these conditions, authorization is denied. at org.apache.shiro.subject.support.DelegatingSubject.assertAuthzCheckPossible(DelegatingSubject.java:200) at org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) at org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) at org.tynamo.shiro.extension.authz.aop.DefaultSecurityInterceptor.intercept(DefaultSecurityInterceptor.java:81) at org.tynamo.security.SecurityComponentRequestFilter.checkInternal(SecurityComponentRequestFilter.java:67) at org.tynamo.security.SecurityComponentRequestFilter.handleComponentEvent(SecurityComponentRequestFilter.java:40) at $ComponentRequestHandler_13b5b7fdc25.handleComponentEvent(Unknown Source) at org.apache.tapestry5.services.InitializeActivePageName.handleComponentEvent(InitializeActivePageName.java:39) at $ComponentRequestHandler_13b5b7fdc25.handleComponentEvent(Unknown Source) at org.lazan.t5.atmosphere.services.internal.PageGlobalsComponentRequestFilter.handleComponentEvent(PageGlobalsComponentRequestFilter.java:22) at $ComponentRequestHandler_13b5b7fdc25.handleComponentEvent(Unknown Source) at de.betterbits.comp.services.OfflineRendererRequestFilter.handleComponentEvent(OfflineRendererRequestFilter.java:45) at $ComponentRequestFilter_13b5b7fdc20.handleComponentEvent(Unknown Source) at $ComponentRequestHandler_13b5b7fdc25.handleComponentEvent(Unknown Source) at $ComponentRequestHandler_13b5b7fdc29.advised$handleComponentEvent_13b5b7fdc2b(Unknown Source) at $ComponentRequestHandler_13b5b7fdc29$Invocation_handleComponentEvent_13b5b7fdc2a.proceedToAdvisedMethod(Unknown Source) at org.apache.tapestry5.internal.plastic.AbstractMethodInvocation.proceed(AbstractMethodInvocation.java:84) at org.apache.tapestry5.ioc.internal.util.InternalUtils$21$1.proceed(InternalUtils.java:1386) at org.tynamo.conversations.services.RequestHandlerDecoratorImpl$1.advise(RequestHandlerDecoratorImpl.java:26) at org.apache.tapestry5.ioc.internal.util.InternalUtils$21.advise(InternalUtils.java:1455) at org.apache.tapestry5.internal.plastic.AbstractMethodInvocation.proceed(AbstractMethodInvocation.java:86) at $ComponentRequestHandler_13b5b7fdc29.handleComponentEvent(Unknown Source) at $ComponentRequestHandler_13b5b7fdbed.handleComponentEvent(Unknown Source) at org.lazan.t5.offline.services.internal.OfflineComponentRendererImpl$2.invoke(OfflineComponentRendererImpl.java:126) at org.apache.tapestry5.ioc.internal.services.ParallelExecutorImpl$1.call(ParallelExecutorImpl.java:58) ... 4 more --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org