You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Jean Luc <je...@gmail.com> on 2008/12/15 01:30:41 UTC
integrating T5 a login form with Spring Security?
Hello,
I've been trying to integrate T5 and Spring Security (2.0.4, not the older
Acegi) but haven't succeeded in making the two work together.
The standard way to specify a form login with Spring 2.5 is like below. See
the <form-login> element which specified the login page (Login) and what URL
Spring will intercept (the standard j_security_check).
<b:beans xmlns="http://www.springframework.org/schema/security"
<http>
<form-login login-page="/Login"
default-target-url="/Start"
authentication-failure-url="/Login?login_error=1"
login-processing-url="j_security_check" />
</http>
I have a typical Login.tml (labels and cosmetic stuff removed for brevity)
<t:form t:id="loginForm">
<table><tr><td><input type="text" t:id="j_username" t:type="TextField"
t:value="j_username"/></td></tr>
<tr><td><input type="text" t:id="j_password" t:type="PasswordField"
t:value="j_password"/></td></tr>
<tr><input type="submit" value="Log In"/></td> </tr>
</table>
</t:form>
What happens is that the POST that occurs when submitting the form goes to
the Login.onSubmit() instead of j_security_check. While it is possible to
add code there to call Spring's AuthenticationManager, I would end up
duplicating what Spring Security does (the logic to redirect to different
pages if the login succeeded or not and so on). I'd like to use Spring since
it already implements this.
Is it possible to submit the login info to j_security_check instead? Or to
forward the request from within Login.onSubmit() to /j_security_check?
I went through the "Tapestry 5" book by Alexander Kolesnikov, but didn't
find this info. Also, I am aware of the tapestry5-acegi extension (
http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under
development and for such a simple thing I didn't want to add a dependency on
another jar.
As you can tell, I'm new to T5. I've had some exposure to T4 and an older
version of Spring (2.0) but there things were quite different, both in
Tapestry itself and in how Acegi is configured in Spring.
Advice is appreciated,
JL
Re: integrating T5 a login form with Spring Security?
Posted by Borut Bolčina <bo...@gmail.com>.
Hi Jean Luc,
there is a working example at
http://www.localhost.nu/svn/public/tapestry-spring-security-sample/ if you
want to use http://www.localhost.nu/java/tapestry-spring-security/.
Cheers,
Borut
2008/12/15 Jean Luc <je...@gmail.com>
> Hello,
>
> I've been trying to integrate T5 and Spring Security (2.0.4, not the older
> Acegi) but haven't succeeded in making the two work together.
>
> The standard way to specify a form login with Spring 2.5 is like below. See
> the <form-login> element which specified the login page (Login) and what
> URL
> Spring will intercept (the standard j_security_check).
>
> <b:beans xmlns="http://www.springframework.org/schema/security"
> <http>
> <form-login login-page="/Login"
> default-target-url="/Start"
> authentication-failure-url="/Login?login_error=1"
> login-processing-url="j_security_check" />
> </http>
>
> I have a typical Login.tml (labels and cosmetic stuff removed for brevity)
>
> <t:form t:id="loginForm">
> <table><tr><td><input type="text" t:id="j_username" t:type="TextField"
> t:value="j_username"/></td></tr>
> <tr><td><input type="text" t:id="j_password" t:type="PasswordField"
> t:value="j_password"/></td></tr>
> <tr><input type="submit" value="Log In"/></td> </tr>
> </table>
> </t:form>
>
> What happens is that the POST that occurs when submitting the form goes to
> the Login.onSubmit() instead of j_security_check. While it is possible to
> add code there to call Spring's AuthenticationManager, I would end up
> duplicating what Spring Security does (the logic to redirect to different
> pages if the login succeeded or not and so on). I'd like to use Spring
> since
> it already implements this.
>
> Is it possible to submit the login info to j_security_check instead? Or to
> forward the request from within Login.onSubmit() to /j_security_check?
>
> I went through the "Tapestry 5" book by Alexander Kolesnikov, but didn't
> find this info. Also, I am aware of the tapestry5-acegi extension (
> http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under
> development and for such a simple thing I didn't want to add a dependency
> on
> another jar.
>
> As you can tell, I'm new to T5. I've had some exposure to T4 and an older
> version of Spring (2.0) but there things were quite different, both in
> Tapestry itself and in how Acegi is configured in Spring.
>
> Advice is appreciated,
> JL
>
Re: integrating T5 a login form with Spring Security?
Posted by Michael Gerzabek <mi...@gmx.net>.
You have to provide the login-processing-url to your template file. Look
into nu.localhost.tapestry5.springsecuritytest.pages.LoginPage and the
respective LoginPage.tml in the webapp of the sample. It's artefact is
<dependency>
<groupId>nu.localhost.tapestry5.springsecurity</groupId>
<artifactId>tapestry-spring-security-sample</artifactId>
<version>1.0.0-SNAPSHOT</version>
</dependency>
There will be a final 1.0.0 later this day since Howard announced the
final 5.0 for T5.
Further you could also use Tapestry Spring Security and exclude the
dependency for Spring 2.0 in your pom and include your 2.5 Spring
dependencies instead. Visit [1] for an idea about it or read the
excellent free book "Better builds with Maven" [2].
Michael
[1] http://maven.apache.org/pom.html#Exclusions
[2] http://www.exist.com/better-build-maven
Jean Luc schrieb:
> Hello,
>
> I've been trying to integrate T5 and Spring Security (2.0.4, not the older
> Acegi) but haven't succeeded in making the two work together.
>
> The standard way to specify a form login with Spring 2.5 is like below. See
> the <form-login> element which specified the login page (Login) and what URL
> Spring will intercept (the standard j_security_check).
>
> <b:beans xmlns="http://www.springframework.org/schema/security"
> <http>
> <form-login login-page="/Login"
> default-target-url="/Start"
> authentication-failure-url="/Login?login_error=1"
> login-processing-url="j_security_check" />
> </http>
>
> I have a typical Login.tml (labels and cosmetic stuff removed for brevity)
>
> <t:form t:id="loginForm">
> <table><tr><td><input type="text" t:id="j_username" t:type="TextField"
> t:value="j_username"/></td></tr>
> <tr><td><input type="text" t:id="j_password" t:type="PasswordField"
> t:value="j_password"/></td></tr>
> <tr><input type="submit" value="Log In"/></td> </tr>
> </table>
> </t:form>
>
> What happens is that the POST that occurs when submitting the form goes to
> the Login.onSubmit() instead of j_security_check. While it is possible to
> add code there to call Spring's AuthenticationManager, I would end up
> duplicating what Spring Security does (the logic to redirect to different
> pages if the login succeeded or not and so on). I'd like to use Spring since
> it already implements this.
>
> Is it possible to submit the login info to j_security_check instead? Or to
> forward the request from within Login.onSubmit() to /j_security_check?
>
> I went through the "Tapestry 5" book by Alexander Kolesnikov, but didn't
> find this info. Also, I am aware of the tapestry5-acegi extension (
> http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under
> development and for such a simple thing I didn't want to add a dependency on
> another jar.
>
> As you can tell, I'm new to T5. I've had some exposure to T4 and an older
> version of Spring (2.0) but there things were quite different, both in
> Tapestry itself and in how Acegi is configured in Spring.
>
> Advice is appreciated,
> JL
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: integrating T5 a login form with Spring Security?
Posted by Martijn Brinkers <ma...@gmail.com>.
I'm using the action attribute
<form id="login" method="post" action="${loginCheckUrl}">
Martijn
On Sun, 2008-12-14 at 19:30 -0500, Jean Luc wrote:
> Hello,
>
> I've been trying to integrate T5 and Spring Security (2.0.4, not the older
> Acegi) but haven't succeeded in making the two work together.
>
> The standard way to specify a form login with Spring 2.5 is like below. See
> the <form-login> element which specified the login page (Login) and what URL
> Spring will intercept (the standard j_security_check).
>
> <b:beans xmlns="http://www.springframework.org/schema/security"
> <http>
> <form-login login-page="/Login"
> default-target-url="/Start"
> authentication-failure-url="/Login?login_error=1"
> login-processing-url="j_security_check" />
> </http>
>
> I have a typical Login.tml (labels and cosmetic stuff removed for brevity)
>
> <t:form t:id="loginForm">
> <table><tr><td><input type="text" t:id="j_username" t:type="TextField"
> t:value="j_username"/></td></tr>
> <tr><td><input type="text" t:id="j_password" t:type="PasswordField"
> t:value="j_password"/></td></tr>
> <tr><input type="submit" value="Log In"/></td> </tr>
> </table>
> </t:form>
>
> What happens is that the POST that occurs when submitting the form goes to
> the Login.onSubmit() instead of j_security_check. While it is possible to
> add code there to call Spring's AuthenticationManager, I would end up
> duplicating what Spring Security does (the logic to redirect to different
> pages if the login succeeded or not and so on). I'd like to use Spring since
> it already implements this.
>
> Is it possible to submit the login info to j_security_check instead? Or to
> forward the request from within Login.onSubmit() to /j_security_check?
>
> I went through the "Tapestry 5" book by Alexander Kolesnikov, but didn't
> find this info. Also, I am aware of the tapestry5-acegi extension (
> http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under
> development and for such a simple thing I didn't want to add a dependency on
> another jar.
>
> As you can tell, I'm new to T5. I've had some exposure to T4 and an older
> version of Spring (2.0) but there things were quite different, both in
> Tapestry itself and in how Acegi is configured in Spring.
>
> Advice is appreciated,
> JL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: integrating T5 a login form with Spring Security?
Posted by Otho <ta...@googlemail.com>.
I used the form login but had tha problem that the redirect done by spring
security didn't make all components on the page refresh, so that a logged in
user still had the login link in the page header instead of the logout link
until he refreshed the page or chose another link.
I found it easier in the end to copy parts of the
BasicAuthenticationProcessingFilter and login programmatically. The only
gotcha is that you need to copy the SecureContext
(SecurityContextHolder.getContext()) to the http session after successful
authentication, so the HttpSessionContextIntegrationFilter takes it up on
the next request, too.
2009/3/27 Borut Bolčina <bo...@gmail.com>
> Hi,
>
> how did you do it? I am getting ComponentEventException when using
>
> void onSuccess() {
> Request request = requestGlobals.getRequest();
> String url = request.getContextPath() + checkUrl +
> "?j_username=" + username + "&j_password=" + password;
> logger.info("onSuccess() url="+url);
> RequestDispatcher requestDispatcher =
> requestGlobals.getHTTPServletRequest().getRequestDispatcher(url);
>
> try {
> logger.info("onSuccess() : before forward");
>
> requestDispatcher.forward(requestGlobals.getHTTPServletRequest(),
> requestGlobals.getHTTPServletResponse());
> logger.info("onSuccess() : after forward");
> } catch (ServletException e) {
> logger.error("ServletException : " + e.getMessage());
> } catch (IOException e) {
> logger.error("IOException : " + e.getMessage());
> }
>
> }
>
> What is the T5 way of forwarding to, in this case:
> INFO [27 mar 2009 09:36:48.549] [Login] onSuccess()
> url=/j_spring_security_check?j_username=sdfa&j_password=sdfasd
>
> Thanks, Borut
>
>
> The stack trace:
>
> INFO [27 mar 2009 09:36:49.049] [Login] onSuccess() : after forward
> ERROR [27 mar 2009 09:36:49.064] [DefaultRequestExceptionHandler]
> Processing of request failed with uncaught exception:
> org.apache.tapestry5.runtime.ComponentEventException
> org.apache.tapestry5.runtime.ComponentEventException [at
> classpath:si/najdi/identity/server/pages/Login.tml, line 11, column
> 45]
> at
> org.apache.tapestry5.internal.structure.ComponentPageElementImpl.triggerContextEvent(ComponentPageElementImpl.java:1076)
> at
> org.apache.tapestry5.internal.services.ComponentEventRequestHandlerImpl.handle(ComponentEventRequestHandlerImpl.java:68)
> at
> org.apache.tapestry5.internal.services.ImmediateActionRenderResponseFilter.handle(ImmediateActionRenderResponseFilter.java:42)
> at
> $ComponentEventRequestHandler_1204712d04c.handle($ComponentEventRequestHandler_1204712d04c.java)
> at
> org.apache.tapestry5.internal.services.AjaxFilter.handle(AjaxFilter.java:42)
> at
> $ComponentEventRequestHandler_1204712d04c.handle($ComponentEventRequestHandler_1204712d04c.java)
> at
> org.apache.tapestry5.services.TapestryModule$44.handle(TapestryModule.java:2105)
> at
> $ComponentEventRequestHandler_1204712d04c.handle($ComponentEventRequestHandler_1204712d04c.java)
> at
> $ComponentEventRequestHandler_1204712cf9f.handle($ComponentEventRequestHandler_1204712cf9f.java)
> at
> org.apache.tapestry5.internal.services.ComponentEventDispatcher.dispatch(ComponentEventDispatcher.java:127)
> at $Dispatcher_1204712cfa2.dispatch($Dispatcher_1204712cfa2.java)
> at $Dispatcher_1204712cf94.dispatch($Dispatcher_1204712cf94.java)
> at
> org.apache.tapestry5.services.TapestryModule$17.service(TapestryModule.java:1029)
> at
> org.apache.tapestry5.internal.services.LocalizationFilter.service(LocalizationFilter.java:42)
> at
> $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.RequestFilterWrapper$1.doFilter(RequestFilterWrapper.java:60)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.SpringSecurityExceptionTranslationFilter.doFilterHttp(SpringSecurityExceptionTranslationFilter.java:100)
> at
> org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.RequestFilterWrapper.service(RequestFilterWrapper.java:55)
> at
> $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
> at
> org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:26)
> at
> $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
> at
> org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:621)
> at
> $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
> at
> org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:611)
> at
> $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
> at
> org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:85)
> at
> $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
> at
> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:93)
> at
> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:84)
> at
> org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:83)
> at
> org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:106)
> at
> $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
> at
> $RequestHandler_1204712cf8b.service($RequestHandler_1204712cf8b.java)
> at
> org.apache.tapestry5.services.TapestryModule$16.service(TapestryModule.java:1007)
> at
> org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
> at
> $HttpServletRequestFilter_1204712cf8a.service($HttpServletRequestFilter_1204712cf8a.java)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
> at
> org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
> at
> org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_1204712cf88.service($HttpServletRequestFilter_1204712cf88.java)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.SpringSecurityExceptionTranslationFilter.doFilterHttp(SpringSecurityExceptionTranslationFilter.java:100)
> at
> org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
> at
> org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
> at
> org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_1204712cf87.service($HttpServletRequestFilter_1204712cf87.java)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
> at
> org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
> at
> org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_1204712cf86.service($HttpServletRequestFilter_1204712cf86.java)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
> at
> org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:109)
> at
> org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_1204712cf85.service($HttpServletRequestFilter_1204712cf85.java)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
> at
> org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:277)
> at
> org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_1204712cf84.service($HttpServletRequestFilter_1204712cf84.java)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
> at
> org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
> at
> org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
> at
> nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_1204712cf83.service($HttpServletRequestFilter_1204712cf83.java)
> at
> $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
> at
> $HttpServletRequestHandler_1204712cf82.service($HttpServletRequestHandler_1204712cf82.java)
> at
> org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:179)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115)
> at
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:361)
> at
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> at
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
> at
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
> at
> org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:417)
> at
> org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
> at
> org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
> at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> at org.mortbay.jetty.Server.handle(Server.java:324)
> at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:534)
> at
> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:879)
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:741)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:213)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:403)
> at
> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
> at
> org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:522)
> Caused by: java.util.NoSuchElementException
> at java.util.LinkedList.remove(LinkedList.java:788)
> at java.util.LinkedList.removeFirst(LinkedList.java:134)
> at
> org.apache.tapestry5.internal.services.EnvironmentImpl.pop(EnvironmentImpl.java:83)
> at $Environment_1204712cfe3.pop($Environment_1204712cfe3.java)
> at $Environment_1204712cf6c.pop($Environment_1204712cf6c.java)
> at
> org.apache.tapestry5.corelib.components.Form._$advised$onAction(Form.java:421)
> at
> org.apache.tapestry5.corelib.components.Form$onAction$invocation_1204712de20.invokeAdvisedMethod(Form$onAction$invocation_1204712de20.java)
> at
> org.apache.tapestry5.internal.services.AbstractComponentMethodInvocation.proceed(AbstractComponentMethodInvocation.java:71)
> at
> org.apache.tapestry5.ioc.internal.services.LoggingAdvice.advise(LoggingAdvice.java:37)
> at
> org.apache.tapestry5.internal.transform.LogWorker$1.advise(LogWorker.java:54)
> at
> org.apache.tapestry5.internal.services.AbstractComponentMethodInvocation.proceed(AbstractComponentMethodInvocation.java:80)
> at org.apache.tapestry5.corelib.components.Form.onAction(Form.java)
> at
> org.apache.tapestry5.corelib.components.Form.dispatchComponentEvent(Form.java)
> at
> org.apache.tapestry5.internal.structure.ComponentPageElementImpl.dispatchEvent(ComponentPageElementImpl.java:894)
> at
> org.apache.tapestry5.internal.structure.ComponentPageElementImpl.triggerContextEvent(ComponentPageElementImpl.java:1059)
> ... 97 more
>
>
> 2008/12/15 Jean Luc <je...@gmail.com>:
> > Update: I can get the response with:
> >
> > @Inject
> > private RequestGlobals requestGlobals;
> >
> > and using requestGlobals.getHTTPServletResponse();
> >
> > I'll need to change the redirect into a forward (to save a trip and to
> > prevent the username/pwd appear in the URL) but that's standard
> > servlet stuff.
> >
> > Thanks.
> >
> > On Sun, Dec 14, 2008 at 8:05 PM, Jean Luc <je...@gmail.com> wrote:
> >> Thanks Hugo,
> >>
> >> I've [tried to] inject the request and the response as mentioned (for
> >> the request) at:
> >> http://wiki.apache.org/tapestry/Tapestry5ObtainingHttpServletRequest
> >>
> >> @Inject
> >> private HttpServletRequest request;
> >>
> >> @Inject
> >> private HttpServletResponse response;
> >>
> >> It works for the request, but not for the response (exception below).
> >> I've googled for ways to inject the response (I thought it would be
> >> similar) but no luck.
> >>
> >> exception
> >> org.apache.tapestry5.internal.services.TransformationException:
> >> Error obtaining injected value for field
> >> com.foo.tapestry.pages.Login.response: No service implements the
> >> interface javax.servlet.http.HttpServletResponse.
> >>
> >> # org.apache.tapestry5.internal.services.TransformationException
> >> Error obtaining injected value for field
> >> com.foo.tapestry.pages.Login.response: No service implements the
> >> interface javax.servlet.http.HttpServletResponse.
> >>
> >>
> >> In case it matters, I'm using T 5.0.18 and JBoss 4.2.2GA
> >> Thanks in advance,
> >> JL
> >>
> >> On Sun, Dec 14, 2008 at 7:44 PM, Hugo Palma <hu...@gmail.com>
> wrote:
> >>> In your page class inject the check url like this:
> >>>
> >>> @Inject
> >>> @Value("${spring-security.check.url}")
> >>> private String checkUrl;
> >>>
> >>> then on your onSuccessMethod:
> >>>
> >>> response.sendRedirect(request.getContextPath() + checkUrl +
> "?j_username=" +
> >>> username + "&j_password=" + password);
> >>>
> >>> where username and password are the bound variables for your username
> and
> >>> password text fields on the form.
> >>>
> >>> Jean Luc wrote:
> >>>>
> >>>> Hello,
> >>>>
> >>>> I've been trying to integrate T5 and Spring Security (2.0.4, not the
> older
> >>>> Acegi) but haven't succeeded in making the two work together.
> >>>>
> >>>> The standard way to specify a form login with Spring 2.5 is like
> below.
> >>>> See
> >>>> the <form-login> element which specified the login page (Login) and
> what
> >>>> URL
> >>>> Spring will intercept (the standard j_security_check).
> >>>>
> >>>> <b:beans xmlns="http://www.springframework.org/schema/security"
> >>>> <http>
> >>>> <form-login login-page="/Login"
> >>>> default-target-url="/Start"
> >>>> authentication-failure-url="/Login?login_error=1"
> >>>> login-processing-url="j_security_check" />
> >>>> </http>
> >>>>
> >>>> I have a typical Login.tml (labels and cosmetic stuff removed for
> brevity)
> >>>>
> >>>> <t:form t:id="loginForm">
> >>>> <table><tr><td><input type="text" t:id="j_username"
> t:type="TextField"
> >>>> t:value="j_username"/></td></tr>
> >>>> <tr><td><input type="text" t:id="j_password"
> t:type="PasswordField"
> >>>> t:value="j_password"/></td></tr>
> >>>> <tr><input type="submit" value="Log In"/></td> </tr>
> >>>> </table>
> >>>> </t:form>
> >>>>
> >>>> What happens is that the POST that occurs when submitting the form
> goes to
> >>>> the Login.onSubmit() instead of j_security_check. While it is possible
> to
> >>>> add code there to call Spring's AuthenticationManager, I would end up
> >>>> duplicating what Spring Security does (the logic to redirect to
> different
> >>>> pages if the login succeeded or not and so on). I'd like to use Spring
> >>>> since
> >>>> it already implements this.
> >>>>
> >>>> Is it possible to submit the login info to j_security_check instead?
> Or to
> >>>> forward the request from within Login.onSubmit() to /j_security_check?
> >>>>
> >>>> I went through the "Tapestry 5" book by Alexander Kolesnikov, but
> didn't
> >>>> find this info. Also, I am aware of the tapestry5-acegi extension (
> >>>> http://www.localhost.nu/java/tapestry5-acegi/) but this one seems
> under
> >>>> development and for such a simple thing I didn't want to add a
> dependency
> >>>> on
> >>>> another jar.
> >>>>
> >>>> As you can tell, I'm new to T5. I've had some exposure to T4 and an
> older
> >>>> version of Spring (2.0) but there things were quite different, both in
> >>>> Tapestry itself and in how Acegi is configured in Spring.
> >>>>
> >>>> Advice is appreciated,
> >>>> JL
> >>>>
> >>>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> >>> For additional commands, e-mail: users-help@tapestry.apache.org
> >>>
> >>>
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > For additional commands, e-mail: users-help@tapestry.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
Re: integrating T5 a login form with Spring Security?
Posted by Borut Bolčina <bo...@gmail.com>.
Hi,
how did you do it? I am getting ComponentEventException when using
void onSuccess() {
Request request = requestGlobals.getRequest();
String url = request.getContextPath() + checkUrl +
"?j_username=" + username + "&j_password=" + password;
logger.info("onSuccess() url="+url);
RequestDispatcher requestDispatcher =
requestGlobals.getHTTPServletRequest().getRequestDispatcher(url);
try {
logger.info("onSuccess() : before forward");
requestDispatcher.forward(requestGlobals.getHTTPServletRequest(),
requestGlobals.getHTTPServletResponse());
logger.info("onSuccess() : after forward");
} catch (ServletException e) {
logger.error("ServletException : " + e.getMessage());
} catch (IOException e) {
logger.error("IOException : " + e.getMessage());
}
}
What is the T5 way of forwarding to, in this case:
INFO [27 mar 2009 09:36:48.549] [Login] onSuccess()
url=/j_spring_security_check?j_username=sdfa&j_password=sdfasd
Thanks, Borut
The stack trace:
INFO [27 mar 2009 09:36:49.049] [Login] onSuccess() : after forward
ERROR [27 mar 2009 09:36:49.064] [DefaultRequestExceptionHandler]
Processing of request failed with uncaught exception:
org.apache.tapestry5.runtime.ComponentEventException
org.apache.tapestry5.runtime.ComponentEventException [at
classpath:si/najdi/identity/server/pages/Login.tml, line 11, column
45]
at org.apache.tapestry5.internal.structure.ComponentPageElementImpl.triggerContextEvent(ComponentPageElementImpl.java:1076)
at org.apache.tapestry5.internal.services.ComponentEventRequestHandlerImpl.handle(ComponentEventRequestHandlerImpl.java:68)
at org.apache.tapestry5.internal.services.ImmediateActionRenderResponseFilter.handle(ImmediateActionRenderResponseFilter.java:42)
at $ComponentEventRequestHandler_1204712d04c.handle($ComponentEventRequestHandler_1204712d04c.java)
at org.apache.tapestry5.internal.services.AjaxFilter.handle(AjaxFilter.java:42)
at $ComponentEventRequestHandler_1204712d04c.handle($ComponentEventRequestHandler_1204712d04c.java)
at org.apache.tapestry5.services.TapestryModule$44.handle(TapestryModule.java:2105)
at $ComponentEventRequestHandler_1204712d04c.handle($ComponentEventRequestHandler_1204712d04c.java)
at $ComponentEventRequestHandler_1204712cf9f.handle($ComponentEventRequestHandler_1204712cf9f.java)
at org.apache.tapestry5.internal.services.ComponentEventDispatcher.dispatch(ComponentEventDispatcher.java:127)
at $Dispatcher_1204712cfa2.dispatch($Dispatcher_1204712cfa2.java)
at $Dispatcher_1204712cf94.dispatch($Dispatcher_1204712cf94.java)
at org.apache.tapestry5.services.TapestryModule$17.service(TapestryModule.java:1029)
at org.apache.tapestry5.internal.services.LocalizationFilter.service(LocalizationFilter.java:42)
at $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
at nu.localhost.tapestry5.springsecurity.services.internal.RequestFilterWrapper$1.doFilter(RequestFilterWrapper.java:60)
at nu.localhost.tapestry5.springsecurity.services.internal.SpringSecurityExceptionTranslationFilter.doFilterHttp(SpringSecurityExceptionTranslationFilter.java:100)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at nu.localhost.tapestry5.springsecurity.services.internal.RequestFilterWrapper.service(RequestFilterWrapper.java:55)
at $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
at org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:26)
at $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
at org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:621)
at $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
at org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:611)
at $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
at org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:85)
at $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
at org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:93)
at org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:84)
at org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:83)
at org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:106)
at $RequestHandler_1204712cf95.service($RequestHandler_1204712cf95.java)
at $RequestHandler_1204712cf8b.service($RequestHandler_1204712cf8b.java)
at org.apache.tapestry5.services.TapestryModule$16.service(TapestryModule.java:1007)
at org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
at $HttpServletRequestFilter_1204712cf8a.service($HttpServletRequestFilter_1204712cf8a.java)
at $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
at $HttpServletRequestFilter_1204712cf88.service($HttpServletRequestFilter_1204712cf88.java)
at $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
at nu.localhost.tapestry5.springsecurity.services.internal.SpringSecurityExceptionTranslationFilter.doFilterHttp(SpringSecurityExceptionTranslationFilter.java:100)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
at $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
at org.springframework.security.providers.anonymous.AnonymousProcessingFilter.doFilterHttp(AnonymousProcessingFilter.java:105)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
at $HttpServletRequestFilter_1204712cf87.service($HttpServletRequestFilter_1204712cf87.java)
at $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
at org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter.doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
at $HttpServletRequestFilter_1204712cf86.service($HttpServletRequestFilter_1204712cf86.java)
at $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
at org.springframework.security.ui.rememberme.RememberMeProcessingFilter.doFilterHttp(RememberMeProcessingFilter.java:109)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
at $HttpServletRequestFilter_1204712cf85.service($HttpServletRequestFilter_1204712cf85.java)
at $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
at org.springframework.security.ui.AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java:277)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
at $HttpServletRequestFilter_1204712cf84.service($HttpServletRequestFilter_1204712cf84.java)
at $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper$1.doFilter(HttpServletRequestFilterWrapper.java:56)
at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
at nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
at $HttpServletRequestFilter_1204712cf83.service($HttpServletRequestFilter_1204712cf83.java)
at $HttpServletRequestHandler_1204712cf8c.service($HttpServletRequestHandler_1204712cf8c.java)
at $HttpServletRequestHandler_1204712cf82.service($HttpServletRequestHandler_1204712cf82.java)
at org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:179)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1115)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:361)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:417)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:324)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:534)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:879)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:741)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:213)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:403)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:522)
Caused by: java.util.NoSuchElementException
at java.util.LinkedList.remove(LinkedList.java:788)
at java.util.LinkedList.removeFirst(LinkedList.java:134)
at org.apache.tapestry5.internal.services.EnvironmentImpl.pop(EnvironmentImpl.java:83)
at $Environment_1204712cfe3.pop($Environment_1204712cfe3.java)
at $Environment_1204712cf6c.pop($Environment_1204712cf6c.java)
at org.apache.tapestry5.corelib.components.Form._$advised$onAction(Form.java:421)
at org.apache.tapestry5.corelib.components.Form$onAction$invocation_1204712de20.invokeAdvisedMethod(Form$onAction$invocation_1204712de20.java)
at org.apache.tapestry5.internal.services.AbstractComponentMethodInvocation.proceed(AbstractComponentMethodInvocation.java:71)
at org.apache.tapestry5.ioc.internal.services.LoggingAdvice.advise(LoggingAdvice.java:37)
at org.apache.tapestry5.internal.transform.LogWorker$1.advise(LogWorker.java:54)
at org.apache.tapestry5.internal.services.AbstractComponentMethodInvocation.proceed(AbstractComponentMethodInvocation.java:80)
at org.apache.tapestry5.corelib.components.Form.onAction(Form.java)
at org.apache.tapestry5.corelib.components.Form.dispatchComponentEvent(Form.java)
at org.apache.tapestry5.internal.structure.ComponentPageElementImpl.dispatchEvent(ComponentPageElementImpl.java:894)
at org.apache.tapestry5.internal.structure.ComponentPageElementImpl.triggerContextEvent(ComponentPageElementImpl.java:1059)
... 97 more
2008/12/15 Jean Luc <je...@gmail.com>:
> Update: I can get the response with:
>
> @Inject
> private RequestGlobals requestGlobals;
>
> and using requestGlobals.getHTTPServletResponse();
>
> I'll need to change the redirect into a forward (to save a trip and to
> prevent the username/pwd appear in the URL) but that's standard
> servlet stuff.
>
> Thanks.
>
> On Sun, Dec 14, 2008 at 8:05 PM, Jean Luc <je...@gmail.com> wrote:
>> Thanks Hugo,
>>
>> I've [tried to] inject the request and the response as mentioned (for
>> the request) at:
>> http://wiki.apache.org/tapestry/Tapestry5ObtainingHttpServletRequest
>>
>> @Inject
>> private HttpServletRequest request;
>>
>> @Inject
>> private HttpServletResponse response;
>>
>> It works for the request, but not for the response (exception below).
>> I've googled for ways to inject the response (I thought it would be
>> similar) but no luck.
>>
>> exception
>> org.apache.tapestry5.internal.services.TransformationException:
>> Error obtaining injected value for field
>> com.foo.tapestry.pages.Login.response: No service implements the
>> interface javax.servlet.http.HttpServletResponse.
>>
>> # org.apache.tapestry5.internal.services.TransformationException
>> Error obtaining injected value for field
>> com.foo.tapestry.pages.Login.response: No service implements the
>> interface javax.servlet.http.HttpServletResponse.
>>
>>
>> In case it matters, I'm using T 5.0.18 and JBoss 4.2.2GA
>> Thanks in advance,
>> JL
>>
>> On Sun, Dec 14, 2008 at 7:44 PM, Hugo Palma <hu...@gmail.com> wrote:
>>> In your page class inject the check url like this:
>>>
>>> @Inject
>>> @Value("${spring-security.check.url}")
>>> private String checkUrl;
>>>
>>> then on your onSuccessMethod:
>>>
>>> response.sendRedirect(request.getContextPath() + checkUrl + "?j_username=" +
>>> username + "&j_password=" + password);
>>>
>>> where username and password are the bound variables for your username and
>>> password text fields on the form.
>>>
>>> Jean Luc wrote:
>>>>
>>>> Hello,
>>>>
>>>> I've been trying to integrate T5 and Spring Security (2.0.4, not the older
>>>> Acegi) but haven't succeeded in making the two work together.
>>>>
>>>> The standard way to specify a form login with Spring 2.5 is like below.
>>>> See
>>>> the <form-login> element which specified the login page (Login) and what
>>>> URL
>>>> Spring will intercept (the standard j_security_check).
>>>>
>>>> <b:beans xmlns="http://www.springframework.org/schema/security"
>>>> <http>
>>>> <form-login login-page="/Login"
>>>> default-target-url="/Start"
>>>> authentication-failure-url="/Login?login_error=1"
>>>> login-processing-url="j_security_check" />
>>>> </http>
>>>>
>>>> I have a typical Login.tml (labels and cosmetic stuff removed for brevity)
>>>>
>>>> <t:form t:id="loginForm">
>>>> <table><tr><td><input type="text" t:id="j_username" t:type="TextField"
>>>> t:value="j_username"/></td></tr>
>>>> <tr><td><input type="text" t:id="j_password" t:type="PasswordField"
>>>> t:value="j_password"/></td></tr>
>>>> <tr><input type="submit" value="Log In"/></td> </tr>
>>>> </table>
>>>> </t:form>
>>>>
>>>> What happens is that the POST that occurs when submitting the form goes to
>>>> the Login.onSubmit() instead of j_security_check. While it is possible to
>>>> add code there to call Spring's AuthenticationManager, I would end up
>>>> duplicating what Spring Security does (the logic to redirect to different
>>>> pages if the login succeeded or not and so on). I'd like to use Spring
>>>> since
>>>> it already implements this.
>>>>
>>>> Is it possible to submit the login info to j_security_check instead? Or to
>>>> forward the request from within Login.onSubmit() to /j_security_check?
>>>>
>>>> I went through the "Tapestry 5" book by Alexander Kolesnikov, but didn't
>>>> find this info. Also, I am aware of the tapestry5-acegi extension (
>>>> http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under
>>>> development and for such a simple thing I didn't want to add a dependency
>>>> on
>>>> another jar.
>>>>
>>>> As you can tell, I'm new to T5. I've had some exposure to T4 and an older
>>>> version of Spring (2.0) but there things were quite different, both in
>>>> Tapestry itself and in how Acegi is configured in Spring.
>>>>
>>>> Advice is appreciated,
>>>> JL
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: integrating T5 a login form with Spring Security?
Posted by SergeEby <sd...@hotmail.com>.
Hi,
Take a look at the Login page in tapestry5-appfuse project here:
http://code.google.com/p/tapestry5-appfuse
There is an example of direct integration between T5 and Spring Security 2.
/Serge
Jean Luc wrote:
>
> Update: I can get the response with:
>
> @Inject
> private RequestGlobals requestGlobals;
>
> and using requestGlobals.getHTTPServletResponse();
>
> I'll need to change the redirect into a forward (to save a trip and to
> prevent the username/pwd appear in the URL) but that's standard
> servlet stuff.
>
> Thanks.
>
> On Sun, Dec 14, 2008 at 8:05 PM, Jean Luc <je...@gmail.com> wrote:
>> Thanks Hugo,
>>
>> I've [tried to] inject the request and the response as mentioned (for
>> the request) at:
>> http://wiki.apache.org/tapestry/Tapestry5ObtainingHttpServletRequest
>>
>> @Inject
>> private HttpServletRequest request;
>>
>> @Inject
>> private HttpServletResponse response;
>>
>> It works for the request, but not for the response (exception below).
>> I've googled for ways to inject the response (I thought it would be
>> similar) but no luck.
>>
>> exception
>> org.apache.tapestry5.internal.services.TransformationException:
>> Error obtaining injected value for field
>> com.foo.tapestry.pages.Login.response: No service implements the
>> interface javax.servlet.http.HttpServletResponse.
>>
>> # org.apache.tapestry5.internal.services.TransformationException
>> Error obtaining injected value for field
>> com.foo.tapestry.pages.Login.response: No service implements the
>> interface javax.servlet.http.HttpServletResponse.
>>
>>
>> In case it matters, I'm using T 5.0.18 and JBoss 4.2.2GA
>> Thanks in advance,
>> JL
>>
>> On Sun, Dec 14, 2008 at 7:44 PM, Hugo Palma <hu...@gmail.com>
>> wrote:
>>> In your page class inject the check url like this:
>>>
>>> @Inject
>>> @Value("${spring-security.check.url}")
>>> private String checkUrl;
>>>
>>> then on your onSuccessMethod:
>>>
>>> response.sendRedirect(request.getContextPath() + checkUrl +
>>> "?j_username=" +
>>> username + "&j_password=" + password);
>>>
>>> where username and password are the bound variables for your username
>>> and
>>> password text fields on the form.
>>>
>>> Jean Luc wrote:
>>>>
>>>> Hello,
>>>>
>>>> I've been trying to integrate T5 and Spring Security (2.0.4, not the
>>>> older
>>>> Acegi) but haven't succeeded in making the two work together.
>>>>
>>>> The standard way to specify a form login with Spring 2.5 is like below.
>>>> See
>>>> the <form-login> element which specified the login page (Login) and
>>>> what
>>>> URL
>>>> Spring will intercept (the standard j_security_check).
>>>>
>>>> <b:beans xmlns="http://www.springframework.org/schema/security"
>>>> <http>
>>>> <form-login login-page="/Login"
>>>> default-target-url="/Start"
>>>> authentication-failure-url="/Login?login_error=1"
>>>> login-processing-url="j_security_check" />
>>>> </http>
>>>>
>>>> I have a typical Login.tml (labels and cosmetic stuff removed for
>>>> brevity)
>>>>
>>>> <t:form t:id="loginForm">
>>>> <table><tr><td><input type="text" t:id="j_username"
>>>> t:type="TextField"
>>>> t:value="j_username"/></td></tr>
>>>> <tr><td><input type="text" t:id="j_password"
>>>> t:type="PasswordField"
>>>> t:value="j_password"/></td></tr>
>>>> <tr><input type="submit" value="Log In"/></td> </tr>
>>>> </table>
>>>> </t:form>
>>>>
>>>> What happens is that the POST that occurs when submitting the form goes
>>>> to
>>>> the Login.onSubmit() instead of j_security_check. While it is possible
>>>> to
>>>> add code there to call Spring's AuthenticationManager, I would end up
>>>> duplicating what Spring Security does (the logic to redirect to
>>>> different
>>>> pages if the login succeeded or not and so on). I'd like to use Spring
>>>> since
>>>> it already implements this.
>>>>
>>>> Is it possible to submit the login info to j_security_check instead? Or
>>>> to
>>>> forward the request from within Login.onSubmit() to /j_security_check?
>>>>
>>>> I went through the "Tapestry 5" book by Alexander Kolesnikov, but
>>>> didn't
>>>> find this info. Also, I am aware of the tapestry5-acegi extension (
>>>> http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under
>>>> development and for such a simple thing I didn't want to add a
>>>> dependency
>>>> on
>>>> another jar.
>>>>
>>>> As you can tell, I'm new to T5. I've had some exposure to T4 and an
>>>> older
>>>> version of Spring (2.0) but there things were quite different, both in
>>>> Tapestry itself and in how Acegi is configured in Spring.
>>>>
>>>> Advice is appreciated,
>>>> JL
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/integrating-T5-a-login-form-with-Spring-Security--tp21006586p21012513.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: integrating T5 a login form with Spring Security?
Posted by Jean Luc <je...@gmail.com>.
Update: I can get the response with:
@Inject
private RequestGlobals requestGlobals;
and using requestGlobals.getHTTPServletResponse();
I'll need to change the redirect into a forward (to save a trip and to
prevent the username/pwd appear in the URL) but that's standard
servlet stuff.
Thanks.
On Sun, Dec 14, 2008 at 8:05 PM, Jean Luc <je...@gmail.com> wrote:
> Thanks Hugo,
>
> I've [tried to] inject the request and the response as mentioned (for
> the request) at:
> http://wiki.apache.org/tapestry/Tapestry5ObtainingHttpServletRequest
>
> @Inject
> private HttpServletRequest request;
>
> @Inject
> private HttpServletResponse response;
>
> It works for the request, but not for the response (exception below).
> I've googled for ways to inject the response (I thought it would be
> similar) but no luck.
>
> exception
> org.apache.tapestry5.internal.services.TransformationException:
> Error obtaining injected value for field
> com.foo.tapestry.pages.Login.response: No service implements the
> interface javax.servlet.http.HttpServletResponse.
>
> # org.apache.tapestry5.internal.services.TransformationException
> Error obtaining injected value for field
> com.foo.tapestry.pages.Login.response: No service implements the
> interface javax.servlet.http.HttpServletResponse.
>
>
> In case it matters, I'm using T 5.0.18 and JBoss 4.2.2GA
> Thanks in advance,
> JL
>
> On Sun, Dec 14, 2008 at 7:44 PM, Hugo Palma <hu...@gmail.com> wrote:
>> In your page class inject the check url like this:
>>
>> @Inject
>> @Value("${spring-security.check.url}")
>> private String checkUrl;
>>
>> then on your onSuccessMethod:
>>
>> response.sendRedirect(request.getContextPath() + checkUrl + "?j_username=" +
>> username + "&j_password=" + password);
>>
>> where username and password are the bound variables for your username and
>> password text fields on the form.
>>
>> Jean Luc wrote:
>>>
>>> Hello,
>>>
>>> I've been trying to integrate T5 and Spring Security (2.0.4, not the older
>>> Acegi) but haven't succeeded in making the two work together.
>>>
>>> The standard way to specify a form login with Spring 2.5 is like below.
>>> See
>>> the <form-login> element which specified the login page (Login) and what
>>> URL
>>> Spring will intercept (the standard j_security_check).
>>>
>>> <b:beans xmlns="http://www.springframework.org/schema/security"
>>> <http>
>>> <form-login login-page="/Login"
>>> default-target-url="/Start"
>>> authentication-failure-url="/Login?login_error=1"
>>> login-processing-url="j_security_check" />
>>> </http>
>>>
>>> I have a typical Login.tml (labels and cosmetic stuff removed for brevity)
>>>
>>> <t:form t:id="loginForm">
>>> <table><tr><td><input type="text" t:id="j_username" t:type="TextField"
>>> t:value="j_username"/></td></tr>
>>> <tr><td><input type="text" t:id="j_password" t:type="PasswordField"
>>> t:value="j_password"/></td></tr>
>>> <tr><input type="submit" value="Log In"/></td> </tr>
>>> </table>
>>> </t:form>
>>>
>>> What happens is that the POST that occurs when submitting the form goes to
>>> the Login.onSubmit() instead of j_security_check. While it is possible to
>>> add code there to call Spring's AuthenticationManager, I would end up
>>> duplicating what Spring Security does (the logic to redirect to different
>>> pages if the login succeeded or not and so on). I'd like to use Spring
>>> since
>>> it already implements this.
>>>
>>> Is it possible to submit the login info to j_security_check instead? Or to
>>> forward the request from within Login.onSubmit() to /j_security_check?
>>>
>>> I went through the "Tapestry 5" book by Alexander Kolesnikov, but didn't
>>> find this info. Also, I am aware of the tapestry5-acegi extension (
>>> http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under
>>> development and for such a simple thing I didn't want to add a dependency
>>> on
>>> another jar.
>>>
>>> As you can tell, I'm new to T5. I've had some exposure to T4 and an older
>>> version of Spring (2.0) but there things were quite different, both in
>>> Tapestry itself and in how Acegi is configured in Spring.
>>>
>>> Advice is appreciated,
>>> JL
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: integrating T5 a login form with Spring Security?
Posted by Jean Luc <je...@gmail.com>.
Thanks Hugo,
I've [tried to] inject the request and the response as mentioned (for
the request) at:
http://wiki.apache.org/tapestry/Tapestry5ObtainingHttpServletRequest
@Inject
private HttpServletRequest request;
@Inject
private HttpServletResponse response;
It works for the request, but not for the response (exception below).
I've googled for ways to inject the response (I thought it would be
similar) but no luck.
exception
org.apache.tapestry5.internal.services.TransformationException:
Error obtaining injected value for field
com.foo.tapestry.pages.Login.response: No service implements the
interface javax.servlet.http.HttpServletResponse.
# org.apache.tapestry5.internal.services.TransformationException
Error obtaining injected value for field
com.foo.tapestry.pages.Login.response: No service implements the
interface javax.servlet.http.HttpServletResponse.
In case it matters, I'm using T 5.0.18 and JBoss 4.2.2GA
Thanks in advance,
JL
On Sun, Dec 14, 2008 at 7:44 PM, Hugo Palma <hu...@gmail.com> wrote:
> In your page class inject the check url like this:
>
> @Inject
> @Value("${spring-security.check.url}")
> private String checkUrl;
>
> then on your onSuccessMethod:
>
> response.sendRedirect(request.getContextPath() + checkUrl + "?j_username=" +
> username + "&j_password=" + password);
>
> where username and password are the bound variables for your username and
> password text fields on the form.
>
> Jean Luc wrote:
>>
>> Hello,
>>
>> I've been trying to integrate T5 and Spring Security (2.0.4, not the older
>> Acegi) but haven't succeeded in making the two work together.
>>
>> The standard way to specify a form login with Spring 2.5 is like below.
>> See
>> the <form-login> element which specified the login page (Login) and what
>> URL
>> Spring will intercept (the standard j_security_check).
>>
>> <b:beans xmlns="http://www.springframework.org/schema/security"
>> <http>
>> <form-login login-page="/Login"
>> default-target-url="/Start"
>> authentication-failure-url="/Login?login_error=1"
>> login-processing-url="j_security_check" />
>> </http>
>>
>> I have a typical Login.tml (labels and cosmetic stuff removed for brevity)
>>
>> <t:form t:id="loginForm">
>> <table><tr><td><input type="text" t:id="j_username" t:type="TextField"
>> t:value="j_username"/></td></tr>
>> <tr><td><input type="text" t:id="j_password" t:type="PasswordField"
>> t:value="j_password"/></td></tr>
>> <tr><input type="submit" value="Log In"/></td> </tr>
>> </table>
>> </t:form>
>>
>> What happens is that the POST that occurs when submitting the form goes to
>> the Login.onSubmit() instead of j_security_check. While it is possible to
>> add code there to call Spring's AuthenticationManager, I would end up
>> duplicating what Spring Security does (the logic to redirect to different
>> pages if the login succeeded or not and so on). I'd like to use Spring
>> since
>> it already implements this.
>>
>> Is it possible to submit the login info to j_security_check instead? Or to
>> forward the request from within Login.onSubmit() to /j_security_check?
>>
>> I went through the "Tapestry 5" book by Alexander Kolesnikov, but didn't
>> find this info. Also, I am aware of the tapestry5-acegi extension (
>> http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under
>> development and for such a simple thing I didn't want to add a dependency
>> on
>> another jar.
>>
>> As you can tell, I'm new to T5. I've had some exposure to T4 and an older
>> version of Spring (2.0) but there things were quite different, both in
>> Tapestry itself and in how Acegi is configured in Spring.
>>
>> Advice is appreciated,
>> JL
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: integrating T5 a login form with Spring Security?
Posted by Hugo Palma <hu...@gmail.com>.
In your page class inject the check url like this:
@Inject
@Value("${spring-security.check.url}")
private String checkUrl;
then on your onSuccessMethod:
response.sendRedirect(request.getContextPath() + checkUrl +
"?j_username=" + username + "&j_password=" + password);
where username and password are the bound variables for your username
and password text fields on the form.
Jean Luc wrote:
> Hello,
>
> I've been trying to integrate T5 and Spring Security (2.0.4, not the older
> Acegi) but haven't succeeded in making the two work together.
>
> The standard way to specify a form login with Spring 2.5 is like below. See
> the <form-login> element which specified the login page (Login) and what URL
> Spring will intercept (the standard j_security_check).
>
> <b:beans xmlns="http://www.springframework.org/schema/security"
> <http>
> <form-login login-page="/Login"
> default-target-url="/Start"
> authentication-failure-url="/Login?login_error=1"
> login-processing-url="j_security_check" />
> </http>
>
> I have a typical Login.tml (labels and cosmetic stuff removed for brevity)
>
> <t:form t:id="loginForm">
> <table><tr><td><input type="text" t:id="j_username" t:type="TextField"
> t:value="j_username"/></td></tr>
> <tr><td><input type="text" t:id="j_password" t:type="PasswordField"
> t:value="j_password"/></td></tr>
> <tr><input type="submit" value="Log In"/></td> </tr>
> </table>
> </t:form>
>
> What happens is that the POST that occurs when submitting the form goes to
> the Login.onSubmit() instead of j_security_check. While it is possible to
> add code there to call Spring's AuthenticationManager, I would end up
> duplicating what Spring Security does (the logic to redirect to different
> pages if the login succeeded or not and so on). I'd like to use Spring since
> it already implements this.
>
> Is it possible to submit the login info to j_security_check instead? Or to
> forward the request from within Login.onSubmit() to /j_security_check?
>
> I went through the "Tapestry 5" book by Alexander Kolesnikov, but didn't
> find this info. Also, I am aware of the tapestry5-acegi extension (
> http://www.localhost.nu/java/tapestry5-acegi/) but this one seems under
> development and for such a simple thing I didn't want to add a dependency on
> another jar.
>
> As you can tell, I'm new to T5. I've had some exposure to T4 and an older
> version of Spring (2.0) but there things were quite different, both in
> Tapestry itself and in how Acegi is configured in Spring.
>
> Advice is appreciated,
> JL
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org