You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Robin Helgelin <lo...@gmail.com> on 2007/08/16 14:11:09 UTC
[Announce] Acegi Security library for Tapestry 5
Hi,
Thanks to Ivan Dubrov I've been able to put together an Acegi Security
library for T5. My idea was a library similar to James Carman's
tapestry-acegi for T4.
Basic usage is that it works with the @Secured annotation. Currently
only class level, but page listeners is planned.
There are also a few components planned to make things easier, but
this is merely "get it out of the door release". :-).
More information and example usage and application can be found here:
http://www.localhost.nu/java/tapestry5-acegi/
--
regards,
Robin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [Announce] Acegi Security library for Tapestry 5
Posted by Kheldar666 <ma...@liber-mundi.org>.
Alleluia !!!!
--
View this message in context: http://www.nabble.com/-Announce--Acegi-Security-library-for-Tapestry-5-tf4279236.html#a12180260
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [Announce] Acegi Security library for Tapestry 5
Posted by Robin Helgelin <lo...@gmail.com>.
On 8/17/07, Kheldar666 <ma...@liber-mundi.org> wrote:
>
> For the SecurityContextHolder I went a little too fast... You don't need to
> use WebContextApplication :
Ok, good, I'll add it to the next release.
> For the loggout service, if the purpose is to use only the LogoutService...
> What's the use of "acegi.logout.url" ?
It's no use, it should be removed :).
> By the way, it's a great work you did. You solve many of my problems in one
> jar :)
Thanks, also thank Ivan, who wrote most of the code :).
--
regards,
Robin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [Announce] Acegi Security library for Tapestry 5
Posted by Kheldar666 <ma...@liber-mundi.org>.
For the SecurityContextHolder I went a little too fast... You don't need to
use WebContextApplication :
> configuration.add("acegiSecurityContextHolderAwareRequestFilter",
> new HttpServletRequestFilterWrapper(new
> SecurityContextHolderAwareRequestFilter()),
> "after:acegiRememberMeProcessingFilter");
>
For the loggout service, if the purpose is to use only the LogoutService...
What's the use of "acegi.logout.url" ?
By the way, it's a great work you did. You solve many of my problems in one
jar :)
Cheers,
Martin
Robin Ericsson-3 wrote:
>
> On 8/16/07, Kheldar666 <ma...@liber-mundi.org> wrote:
>>
>> I may have two questions :
>>
>> - First is it normal that you choose not to use the
>> SecurityContextHolderAwareRequestFilter ? I used this :
>
> Is it needed? Can the filter be found without using spring beans? I
> want the library to be completly free of spring dependencies (I know I
> can't avoid Acegi using spring, but the library doesn't need to.
>
>> - I tryied to use the "loggout" feature, but it seams not working : Error
>> 404 when calling /j_acegi_logout. Should I add something somewhere ?
>
> The idea is to use the LogoutService.
>
> @Inject
> LogoutService logoutService;
>
> logoutService.logout();
>
> If that doesn't work, something is wrong :)
>
> --
> regards,
> Robin
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/-Announce--Acegi-Security-library-for-Tapestry-5-tf4279236.html#a12190506
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [Announce] Acegi Security library for Tapestry 5
Posted by Robin Helgelin <lo...@gmail.com>.
On 8/16/07, Kheldar666 <ma...@liber-mundi.org> wrote:
>
> I may have two questions :
>
> - First is it normal that you choose not to use the
> SecurityContextHolderAwareRequestFilter ? I used this :
Is it needed? Can the filter be found without using spring beans? I
want the library to be completly free of spring dependencies (I know I
can't avoid Acegi using spring, but the library doesn't need to.
> - I tryied to use the "loggout" feature, but it seams not working : Error
> 404 when calling /j_acegi_logout. Should I add something somewhere ?
The idea is to use the LogoutService.
@Inject
LogoutService logoutService;
logoutService.logout();
If that doesn't work, something is wrong :)
--
regards,
Robin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [Announce] Acegi Security library for Tapestry 5
Posted by Kheldar666 <ma...@liber-mundi.org>.
Well... I made this, and now I can Login / Logout and use isUserInRole() and
getUserPrincipal() methods
> public static void contributeHttpServletRequestHandler(
> OrderedConfiguration<HttpServletRequestFilter> configuration,
> WebApplicationContext webApplicationContext,
> @InjectService("rememberMeLogoutHandler")
> LogoutHandler rememberMeLogoutHandler,
> @Inject @Value("${acegi.logout.url}")
> String logoutUrl,
> @Inject @Value("${acegi.afterlogout.url}")
> String afterLogoutUrl
> ) {
>
> Filter securityContextHolderAwareRequestFilter =
> (Filter)webApplicationContext.getBean("securityContextHolderAwareRequestFilter");
> configuration.add("acegiSecurityContextHolderAwareRequestFilter",
> new
> HttpServletRequestFilterWrapper(securityContextHolderAwareRequestFilter),
> "after:acegiRememberMeProcessingFilter");
>
> LogoutHandler[] logoutHandler = {
> new SecurityContextLogoutHandler(),
> rememberMeLogoutHandler
> } ;
>
> LogoutFilter acegiLogoutFilter = new
> LogoutFilter(afterLogoutUrl,logoutHandler);
>
> acegiLogoutFilter.setFilterProcessesUrl(logoutUrl);
>
> configuration.add("acegiLogoutFilter",
> new HttpServletRequestFilterWrapper(acegiLogoutFilter),
> "after:acegiHttpSessionContextIntegrationFilter");
> }
>
>
--
View this message in context: http://www.nabble.com/-Announce--Acegi-Security-library-for-Tapestry-5-tf4279236.html#a12185631
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [Announce] Acegi Security library for Tapestry 5
Posted by Kheldar666 <ma...@liber-mundi.org>.
I may have two questions :
- First is it normal that you choose not to use the
SecurityContextHolderAwareRequestFilter ? I used this :
> public static void contributeHttpServletRequestHandler(
> OrderedConfiguration<HttpServletRequestFilter> configuration,
> WebApplicationContext webApplicationContext) {
>
> Filter securityContextHolderAwareRequestFilter =
> (Filter)webApplicationContext.getBean("securityContextHolderAwareRequestFilter");
> configuration.add("acegiSecurityContextHolderAwareRequestFilter",
> new
> HttpServletRequestFilterWrapper(securityContextHolderAwareRequestFilter),
> "after:acegiRememberMeProcessingFilter");
> }
>
- I tryied to use the "loggout" feature, but it seams not working : Error
404 when calling /j_acegi_logout. Should I add something somewhere ?
Best regards,
Martin
--
View this message in context: http://www.nabble.com/-Announce--Acegi-Security-library-for-Tapestry-5-tf4279236.html#a12184379
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [Announce] Acegi Security library for Tapestry 5
Posted by Robin Helgelin <lo...@gmail.com>.
On 8/18/07, Mark Helmstetter <ma...@helmstetter.com> wrote:
> One more question, have you been able to get logout to work? I tried
> creating a simple link to /j_acegi_logout and to /app/j_acegi_logout
> which didn't seem to work. I get a 404 not found.
>
> It seems that the logout filter has not been created/initialized?
That's correct, the acegi.logout.url is being removed in the next
release, the idea is to use the LogoutService as described in an
earilier mail to this thread.
The next update of the example application will have an example of how
to logout.
--
regards,
Robin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [Announce] Acegi Security library for Tapestry 5
Posted by Mark Helmstetter <ma...@helmstetter.com>.
One more question, have you been able to get logout to work? I tried
creating a simple link to /j_acegi_logout and to /app/j_acegi_logout
which didn't seem to work. I get a 404 not found.
It seems that the logout filter has not been created/initialized?
Thanks,
Mark
Robin Helgelin wrote:
> On 8/18/07, Mark Helmstetter <ma...@helmstetter.com> wrote:
>
>> Do you have any examples of how to implement the login form/page? I'd
>> certainly much prefer to implement this as a Tapestry page rather than
>> other approaches that use JSP. How will login errors be reported on the
>> login page?
>>
>
> There is a small example application available here:
> http://www.localhost.nu/svn/public/tapestry5-acegi-example/
>
> Currently I'm using the acegi.failure.url application option to give
> information that the login didn't work out. If you have other idea,
> just shoot them over here :)
>
>
Re: [Announce] Acegi Security library for Tapestry 5
Posted by Robin Helgelin <lo...@gmail.com>.
On 8/18/07, Mark Helmstetter <ma...@helmstetter.com> wrote:
> There's still a lot that's going on here that I don't quite understand,
> but most of that is due to my lack of understanding of how all of the T5
> IoC magic works. I'd really prefer to have a bit more control over how
> the Acegi classes are configured, and to do so using a more
> "traditional" Spring-based approach. I managed to do this for the
> injection of the UserDetailsService by omitting the binder.bind() call
> in the AppModule. I was unable to do this with the
> daoAuthenticationProvider, resulting in the error "Service id
> 'daoAuthenticationProvider' has already been defined.". It looks like
> I'd need to modify the SecurityModule to do this.
The binder.bind() is only for simple services that doesn't need any
special parameters such as constructor or properties set before use.
You can always create a build method for your object where you provide
the information you need, such as the buildUserInitializer. Also, when
I look at the code now, I think it's a double declaration of
UserDetailsService as I use it with both binder.bind() and a
buildUserDetailsService. :-)
> Overall though, I'm really happy with it, and thanks to you and Ivan for
> your contribution.
Thanks!
--
regards,
Robin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [Announce] Acegi Security library for Tapestry 5
Posted by Mark Helmstetter <ma...@helmstetter.com>.
Robin Helgelin wrote:
> On 8/18/07, Mark Helmstetter <ma...@helmstetter.com> wrote:
>
>> Do you have any examples of how to implement the login form/page? I'd
>> certainly much prefer to implement this as a Tapestry page rather than
>> other approaches that use JSP. How will login errors be reported on the
>> login page?
>>
>
> There is a small example application available here:
> http://www.localhost.nu/svn/public/tapestry5-acegi-example/
>
> Currently I'm using the acegi.failure.url application option to give
> information that the login didn't work out. If you have other idea,
> just shoot them over here :)
>
Thanks Robin, I just found the example app, and I've got it working
now. I think that is really all that is needed for the login failure case.
There's still a lot that's going on here that I don't quite understand,
but most of that is due to my lack of understanding of how all of the T5
IoC magic works. I'd really prefer to have a bit more control over how
the Acegi classes are configured, and to do so using a more
"traditional" Spring-based approach. I managed to do this for the
injection of the UserDetailsService by omitting the binder.bind() call
in the AppModule. I was unable to do this with the
daoAuthenticationProvider, resulting in the error "Service id
'daoAuthenticationProvider' has already been defined.". It looks like
I'd need to modify the SecurityModule to do this.
Overall though, I'm really happy with it, and thanks to you and Ivan for
your contribution.
Mark
Re: [Announce] Acegi Security library for Tapestry 5
Posted by Robin Helgelin <lo...@gmail.com>.
On 8/18/07, Mark Helmstetter <ma...@helmstetter.com> wrote:
> Do you have any examples of how to implement the login form/page? I'd
> certainly much prefer to implement this as a Tapestry page rather than
> other approaches that use JSP. How will login errors be reported on the
> login page?
There is a small example application available here:
http://www.localhost.nu/svn/public/tapestry5-acegi-example/
Currently I'm using the acegi.failure.url application option to give
information that the login didn't work out. If you have other idea,
just shoot them over here :)
--
regards,
Robin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [Announce] Acegi Security library for Tapestry 5
Posted by Mark Helmstetter <ma...@helmstetter.com>.
Do you have any examples of how to implement the login form/page? I'd
certainly much prefer to implement this as a Tapestry page rather than
other approaches that use JSP. How will login errors be reported on the
login page?
I think (hope) I can figure out how to adapt the example from the
approaches I've seen in T4, but I suspect this is going to take a lot of
digging.
Thanks,
Mark
Robin Helgelin wrote:
> Hi,
>
> Thanks to Ivan Dubrov I've been able to put together an Acegi Security
> library for T5. My idea was a library similar to James Carman's
> tapestry-acegi for T4.
>
> Basic usage is that it works with the @Secured annotation. Currently
> only class level, but page listeners is planned.
>
> There are also a few components planned to make things easier, but
> this is merely "get it out of the door release". :-).
>
> More information and example usage and application can be found here:
> http://www.localhost.nu/java/tapestry5-acegi/
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org