You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Olle Hallin <ol...@gmail.com> on 2008/03/14 14:55:52 UTC
T5: Cannot get org.acegisecurity.CredentialsExpiredException to work
Hi!
We use tapestry5-acegi for our app, but I'm not sure if this is a Tapestry
or Acegi problem.
When setting forcePasswordChange=true in the database for a user, Acegi
throws org.acegisecurity.CredentialsExpiredException (since
our implementation of UserDetails.isCredentialsNonExpired() returns false).
So far so good.
Now the problem is that despite having the symbol "acegi.accessDenied.url"
defined to "/loginrejected", no forwarding to this page occurs.
I have verified that the AccessDeniedHandlerImpl has been injected with this
value by removing the leading slash. (AccessDeniedHandlerImpl throws when
errorPage
does not start with '/')
Instead, the user is redirected to the normal login page.
Any ideas?
Regards,
Olle
Re: T5: Cannot get org.acegisecurity.CredentialsExpiredException to work
Posted by Olle Hallin <ol...@gmail.com>.
Oh, I forgot to mention the versions:
Tapestry 5.0.11
tapestry5-acegi 1.0.4
Olle
2008/3/14, Olle Hallin <ol...@gmail.com>:
>
> Hi!
>
> We use tapestry5-acegi for our app, but I'm not sure if this is a Tapestry
> or Acegi problem.
>
> When setting forcePasswordChange=true in the database for a user, Acegi
> throws org.acegisecurity.CredentialsExpiredException (since
> our implementation of UserDetails.isCredentialsNonExpired() returns
> false).
>
> So far so good.
>
> Now the problem is that despite having the symbol "acegi.accessDenied.url"
> defined to "/loginrejected", no forwarding to this page occurs.
>
> I have verified that the AccessDeniedHandlerImpl has been injected with
> this value by removing the leading slash. (AccessDeniedHandlerImpl throws
> when errorPage
> does not start with '/')
>
> Instead, the user is redirected to the normal login page.
>
> Any ideas?
>
> Regards,
> Olle
>
>
--
Olle Hallin M.Sc.
+46 70 6653071
olle.hallin@hit.se
www.hit.se
Re: T5: Cannot get org.acegisecurity.CredentialsExpiredException to work
Posted by Robin Helgelin <lo...@gmail.com>.
On Fri, Mar 28, 2008 at 2:13 PM, Olle Hallin <ol...@gmail.com> wrote:
> Hi again,
Hi!
> I've made a new version of the SecurityModule.java that follows the usual
> build + contribute pattern in tapestry-ioc.
Thanks for taking time to go to the bottom with this. I'll update and
release a new version when I'm back from vacation next week.
--
regards,
Robin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5: Cannot get org.acegisecurity.CredentialsExpiredException to work
Posted by Olle Hallin <ol...@gmail.com>.
Hi again,
I've made a new version of the SecurityModule.java that follows the usual
build + contribute pattern in tapestry-ioc.
Sorry for the changed formatting, I hit Ctrl-Shift-F by accident in Eclipse.
Regards,
Olle
2008/3/28, Olle Hallin <ol...@gmail.com>:
>
> Hi, I found the solution.
>
> It was an empty AuthenticationProcessingFilter.exceptionMappings that
> caused all
> AuthenticationExceptions to be treated equally.
>
> I added a default public static Properties
> buildAuthenticationExceptionMappings() to SecurityModule.java, which maps
> certain AuthenticationExceptions to "${acegi.accessDenied.url}" if it is
> defined, and then sets this mapping in
> buildAuthenticationProcessingFilter().
>
> The user of the tapestry5-acegi module can then override this default
> mapping
> in his own AppModule, e.g., to map CredentialsExpiredException and
> LockedException to different URLs.
>
> I've attached the modified SecurityModule.java, with my changes marked
> with "// patch"
>
> Regards,
> Olle
>
>
Re: T5: Cannot get org.acegisecurity.CredentialsExpiredException to work
Posted by Olle Hallin <ol...@gmail.com>.
Hi, I found the solution.
It was an empty AuthenticationProcessingFilter.exceptionMappings that caused
all
AuthenticationExceptions to be treated equally.
I added a default public static Properties
buildAuthenticationExceptionMappings() to SecurityModule.java, which maps
certain AuthenticationExceptions to "${acegi.accessDenied.url}" if it is
defined, and then sets this mapping in
buildAuthenticationProcessingFilter().
The user of the tapestry5-acegi module can then override this default
mapping
in his own AppModule, e.g., to map CredentialsExpiredException and
LockedException to different URLs.
I've attached the modified SecurityModule.java, with my changes marked with
"// patch"
Regards,
Olle
2008/3/17, Robin Helgelin <lo...@gmail.com>:
>
> On Mon, Mar 17, 2008 at 8:40 AM, Olle Hallin <ol...@gmail.com>
> wrote:
> > It properly catches the CredentialsExpiredException that was thrown by
> the
> > UsernamePasswordAuthenticationToken and tries to publish the event, but
> the
> > ProviderManager.applicationEventPublisher is null.
> >
> > I don't know the inner mechanics of Acegi nor tapestry-ioc well enough
> to
> > inject that dependency myself, so help would be appreciated.
>
>
> Looking at the code it seems there must be an
> ApplicationEventPublished defined. I''m too green in spring for this,
> but I'll look into it.
>
>
> --
>
> regards,
> Robin
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
Olle Hallin M.Sc.
+46 70 6653071
olle.hallin@hit.se
www.hit.se
Re: T5: Cannot get org.acegisecurity.CredentialsExpiredException to work
Posted by Robin Helgelin <lo...@gmail.com>.
On Mon, Mar 17, 2008 at 8:40 AM, Olle Hallin <ol...@gmail.com> wrote:
> It properly catches the CredentialsExpiredException that was thrown by the
> UsernamePasswordAuthenticationToken and tries to publish the event, but the
> ProviderManager.applicationEventPublisher is null.
>
> I don't know the inner mechanics of Acegi nor tapestry-ioc well enough to
> inject that dependency myself, so help would be appreciated.
Looking at the code it seems there must be an
ApplicationEventPublished defined. I''m too green in spring for this,
but I'll look into it.
--
regards,
Robin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5: Cannot get org.acegisecurity.CredentialsExpiredException to work
Posted by Olle Hallin <ol...@gmail.com>.
Correction to myself: tapestry5-acegi version: 1.0.3
As I said, it looks like there is a missing collaborator in the standard
Acegi ProviderManager.
It properly catches the CredentialsExpiredException that was thrown by the
UsernamePasswordAuthenticationToken and tries to publish the event, but the
ProviderManager.applicationEventPublisher is null.
I don't know the inner mechanics of Acegi nor tapestry-ioc well enough to
inject that dependency myself, so help would be appreciated.
Regards,
Olle
2008/3/14, Olle Hallin <ol...@gmail.com>:
>
> Hi!
>
> I single-stepped through the problem, and it looks like
> org.acegisecurity.providers.ProviderManager.publishEvent() is swallowing
> the exception
> because the
> org.acegisecurity.providers.ProviderManager.applicationEventPublisher ==
> null.
>
> Acegi Security version = 1.0.6
>
> Regards,
> Olle
>
>
> 2008/3/14, Robin Helgelin <lo...@gmail.com>:
> >
> > On Fri, Mar 14, 2008 at 2:55 PM, Olle Hallin <ol...@gmail.com>
> > wrote:
> > > Hi!
> >
> > Hi.
> >
> >
> > > Now the problem is that despite having the symbol "
> > acegi.accessDenied.url"
> > > defined to "/loginrejected", no forwarding to this page occurs.
> > >
> > > I have verified that the AccessDeniedHandlerImpl has been injected
> > with this
> > > value by removing the leading slash. (AccessDeniedHandlerImpl throws
> > when
> > > errorPage
> > > does not start with '/')
> >
> >
> > What does acegi-logging say? I heard a few others say that access
> > denied was non-working, and as I haven't tested this code myself I
> > don't really know whethers it's tapestry5-acegi or Acegi itself.
> >
> >
> > --
> > regards,
> > Robin
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> > For additional commands, e-mail: users-help@tapestry.apache.org
> >
> >
>
>
> --
> Olle Hallin M.Sc.
> +46 70 6653071
> olle.hallin@hit.se
> www.hit.se
>
--
Olle Hallin M.Sc.
+46 70 6653071
olle.hallin@hit.se
www.hit.se
Re: T5: Cannot get org.acegisecurity.CredentialsExpiredException to work
Posted by Olle Hallin <ol...@gmail.com>.
Hi!
I single-stepped through the problem, and it looks like
org.acegisecurity.providers.ProviderManager.publishEvent() is swallowing the
exception
because the
org.acegisecurity.providers.ProviderManager.applicationEventPublisher ==
null.
Acegi Security version = 1.0.6
Regards,
Olle
2008/3/14, Robin Helgelin <lo...@gmail.com>:
>
> On Fri, Mar 14, 2008 at 2:55 PM, Olle Hallin <ol...@gmail.com>
> wrote:
> > Hi!
>
> Hi.
>
>
> > Now the problem is that despite having the symbol "
> acegi.accessDenied.url"
> > defined to "/loginrejected", no forwarding to this page occurs.
> >
> > I have verified that the AccessDeniedHandlerImpl has been injected with
> this
> > value by removing the leading slash. (AccessDeniedHandlerImpl throws
> when
> > errorPage
> > does not start with '/')
>
>
> What does acegi-logging say? I heard a few others say that access
> denied was non-working, and as I haven't tested this code myself I
> don't really know whethers it's tapestry5-acegi or Acegi itself.
>
>
> --
> regards,
> Robin
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
--
Olle Hallin M.Sc.
+46 70 6653071
olle.hallin@hit.se
www.hit.se
Re: T5: Cannot get org.acegisecurity.CredentialsExpiredException to work
Posted by Robin Helgelin <lo...@gmail.com>.
On Fri, Mar 14, 2008 at 2:55 PM, Olle Hallin <ol...@gmail.com> wrote:
> Hi!
Hi.
> Now the problem is that despite having the symbol "acegi.accessDenied.url"
> defined to "/loginrejected", no forwarding to this page occurs.
>
> I have verified that the AccessDeniedHandlerImpl has been injected with this
> value by removing the leading slash. (AccessDeniedHandlerImpl throws when
> errorPage
> does not start with '/')
What does acegi-logging say? I heard a few others say that access
denied was non-working, and as I haven't tested this code myself I
don't really know whethers it's tapestry5-acegi or Acegi itself.
--
regards,
Robin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org