Looks fine at a quick glance. As I recall, an AuthenticatingRealm uses SimpleCredentialsMatcher by so it should match plain text passwords. Are you sure it's not authenticating, or is doGetAuthenticationInfo invoked at all? Do you have any other realms configured? Get the simple, single realm use case working first and work from there.
Kalle On Tue, Nov 8, 2016 at 10:16 AM, Adam X <vbgnm3c...@gmail.com> wrote: > Howdy ! > > I followed tynamo setup guide > (http://www.tynamo.org/tapestry-security+guide/) combined with > federated accounts example > (https://github.com/tynamo/tynamo-federatedaccounts). I believe I have > the setup hooked up correctly as my annotated page with > @RequiresRoles("administrator") is not intercepted by tynamo and a > login page appears. The problem I'm having is that when I enter valid > credentials tynamo is not authenticating. Below is my custom realm. > UserManagementDao is just an interface, but the implementation I'm > injecting is a simple in-memory hash map impl with a unit test > verifyinig it's correctness (in reality we're authenticating against > AWS IAM but I'm usinig mock to get things working initially). However, > I'm not sure if I'm constructing SimpleAuthenticationInfo correctly. > Another thing is that my passwords (for now) are clear text and I'm > not sure if by default Tynamo uses clear text comparison of if it > hashes the passwords. > > Any help would be highly appreciated! > > public class MyCustomRealm extends AuthorizingRealm { > > private UserManagementDao dao; > > > public XappmCoreRealm(UserManagementDao dao) { > > super(new MemoryConstrainedCacheManager()); > setName("awsiamaccounts"); > setAuthenticationTokenClass(UsernamePasswordToken.class); > //setCredentialsMatcher(new > HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME)); > > this.dao = dao; > } > > @Override > protected AuthorizationInfo > doGetAuthorizationInfo(PrincipalCollection principals) { > > if(principals == null) throw new > AuthorizationException(String.format("null %s! (should not happen)", > PrincipalCollection.class.getSimpleName())); > if(principals.isEmpty()) return null; > if(principals.fromRealm(getName()).size() <= 0) return null; > > String username = (String) > principals.fromRealm(getName()).iterator().next(); > if(username == null) return null; > > List<XapGroup> groups = dao.getUserGroups(username); > Set<String> roles = new HashSet<>(); > > for(XapGroup group : groups) { > roles.add(group.getId()); > } > > return new SimpleAuthorizationInfo(roles); > } > > @Override > protected AuthenticationInfo > doGetAuthenticationInfo(AuthenticationToken token) throws > AuthenticationException { > > UsernamePasswordToken upToken = (UsernamePasswordToken) token; > String userName = upToken.getUsername(); > > if(userName == null) throw new AccountException("Null > usernames are not allowed by this realm."); > > XapUser user = dao.getUser(userName); > if(user == null) return null; > > // if (user.isAccountLocked()) { throw new > LockedAccountException("Account [" + username + "] is locked."); } > // if (user.isCredentialsExpired()) { > // String msg = "The credentials for account [" + username > + "] are expired"; > // throw new ExpiredCredentialsException(msg); > // } > > String password = dao.getUserPassword(userName); > > return new SimpleAuthenticationInfo(userName, password, > getName()); > } > } > > Adam > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >
