You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tapestry.apache.org by angelochen <an...@yahoo.com.hk> on 2011/12/29 02:59:09 UTC

T5.3.1 a simple security

Hi,

I know there are many security solutions, what I'm looking is a very simple
one:
my app has a few pages all except login requires user signed, for that I
checked a class by ApplicationStateManager.
I'd like to redirect to login page if not sign in. hints?

Thanks,

Angelo


--
View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5106576.html
Sent from the Tapestry - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: T5.3.1 a simple security

Posted by Chris Poulsen <ma...@nesluop.dk>.

Hi,

I'd prefer a filter based solution based on something like spring
security or apache shiro for a requirement like the one you mention.
They are usually really easy to setup for the basic case and can be
configured to handle something more complex later on, if necessary.

A separate filter based solution keeps the security concerns separate
from your pages - so you can concentrate on getting the pages to work
and then apply the security in another pass.

-- 
Chris

On Thu, Dec 29, 2011 at 4:08 AM, angelochen <an...@yahoo.com.hk> wrote:
> hi,
>
> right, that's what I was looking for. however, lprimak pointed me to that
> tynamo's security package, think might be time now to look at a more
> complete security package for future projects, applying that to a current,
> small project might be a good practice. Thanks,
>
> Angelo
>
> --
> View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5106671.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: T5.3.1 a simple security

Posted by angelochen <an...@yahoo.com.hk>.

hi,

right, that's what I was looking for. however, lprimak pointed me to that
tynamo's security package, think might be time now to look at a more
complete security package for future projects, applying that to a current,
small project might be a good practice. Thanks,

Angelo

--
View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5106671.html
Sent from the Tapestry - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: T5.3.1 a simple security

Posted by Taha Hafeez Siddiqi <ta...@gmail.com>.

This is a simple implementation

http://tapestryjava.blogspot.com/2009/12/securing-tapestry-pages-with.html

regards
Taha

On Dec 29, 2011, at 8:02 AM, angelochen wrote:

> ok, i put it in the pom, it got around 800k in size, looks like i have to
> read that doc, that's quite many.
> 
> --
> View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5106613.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>

Re: T5.3.1 a simple security

Posted by angelochen <an...@yahoo.com.hk>.

ok, i put it in the pom, it got around 800k in size, looks like i have to
read that doc, that's quite many.

--
View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5106613.html
Sent from the Tapestry - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: T5.3.1 a simple security

Posted by angelochen <an...@yahoo.com.hk>.

hi,

This works, thanks, however, it seems I can't catch the exception:

 @OnEvent(EventConstants.SUCCESS)
    Class succcess() {
        AuthenticationToken authenticationToken = new
UsernamePasswordToken(email, password, false);
        try {
            SecurityUtils.getSubject().login(authenticationToken);
            signIn.login();
            return MyInex.class;
        } catch (AuthenticationException e) {
            System.out.println(e.getStackTrace()); // passed wrong password,
but never catch here
        }
        return null;
    }

--
View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5108839.html
Sent from the Tapestry - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: T5.3.1 a simple security

Posted by Kalle Korhonen <ka...@gmail.com>.

On Thu, Dec 29, 2011 at 9:09 AM, angelochen <an...@yahoo.com.hk> wrote:
> thanks, that works. now I use my own login page, what needed to be set in
> that log in page?

Something like this:

		AuthenticationToken authenticationToken = new
UsernamePasswordToken(username, password, rememberme);
		try {
			SecurityUtils.getSubject().login(authenticationToken);
		} catch (AuthenticationException e) {
			// FIXME Deal with other account exception types like expired and
			// locked
			signinForm.recordError("User doesn't exist or password is
incorrect. Please try again or click below for a password reminder.");
		}

> currently I use a sessionState data to flag as logged in,
> with this tapestry-security, how to change? thanks.

Up to you, you can by all means use sessionState objects with security.

Kalle

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: T5.3.1 a simple security

Posted by angelochen <an...@yahoo.com.hk>.

hi,

thanks, that works. now I use my own login page, what needed to be set in
that log in page? currently I use a sessionState data to flag as logged in,
with this tapestry-security, how to change? thanks.

angelo

--
View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5108130.html
Sent from the Tapestry - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: T5.3.1 a simple security

Posted by Kalle Korhonen <ka...@gmail.com>.

On Thu, Dec 29, 2011 at 5:12 AM, angelochen <an...@yahoo.com.hk> wrote:
> I follow the guide and added this to AppModule:
>
> public static void contributeWebSecurityManager(Configuration<Realm>
> configuration) {
>                ExtendedPropertiesRealm realm = new
> ExtendedPropertiesRealm("classpath:shiro-users.properties");
>                configuration.add(realm);
>        }
> now, how to specify users in the shiro-users.properties? the default was a
> INI file, but Tynamo's doc says INI file support has been removed.
> also, how to use that to protect a page, need some simple sample codes,
> thanks

See the documentation for Shiro's PropertiesRealm (that
ExtendedPropertiesRealm inherits from):
http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/text/PropertiesRealm.html

Also, the security module's internal test application uses the
ExtendedPropertiesRealm, see
http://svn.codehaus.org/tynamo/trunk/tapestry-security/src/test/resources/shiro-users.properties
for an example.

Kalle

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: T5.3.1 a simple security

Posted by Lenny Primak <lp...@hope.nyc.ny.us>.

I would just write a simple realm. I never used the Shiro.ini authentication so I can't help you there. There is also Shiro mailing list. 
A sample of a unix authenticating realm in in the examples (hope project) in the FlowLogix library. 
It's really I easy to do. 



On Dec 29, 2011, at 8:12 AM, angelochen <an...@yahoo.com.hk> wrote:

> Hi,
> 
> I follow the guide and added this to AppModule:
> 
> public static void contributeWebSecurityManager(Configuration<Realm>
> configuration) {
>        ExtendedPropertiesRealm realm = new
> ExtendedPropertiesRealm("classpath:shiro-users.properties");
>        configuration.add(realm);
>    }
> 
> now, how to specify users in the shiro-users.properties? the default was a
> INI file, but Tynamo's doc says INI file support has been removed.
> also, how to use that to protect a page, need some simple sample codes,
> thanks
> 
> Angelo
> 
> --
> View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5107632.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: T5.3.1 a simple security

Posted by angelochen <an...@yahoo.com.hk>.

Hi,

I follow the guide and added this to AppModule:

public static void contributeWebSecurityManager(Configuration<Realm>
configuration) {
		ExtendedPropertiesRealm realm = new
ExtendedPropertiesRealm("classpath:shiro-users.properties");
		configuration.add(realm);
	}

now, how to specify users in the shiro-users.properties? the default was a
INI file, but Tynamo's doc says INI file support has been removed.
also, how to use that to protect a page, need some simple sample codes,
thanks

Angelo

--
View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5107632.html
Sent from the Tapestry - User mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: T5.3.1 a simple security

Posted by Lenny Primak <lp...@hope.nyc.ny.us>.

Tynamo Tapestry-Security was very simple for me.
http://tynamo.org/tapestry-security+guide

It does require some tweaking, which I did in,
and there are examples in the flowlogix library  
http://code.google.com/p/flowlogix/

On Dec 28, 2011, at 8:59 PM, angelochen wrote:

> Hi,
> 
> I know there are many security solutions, what I'm looking is a very simple
> one:
> my app has a few pages all except login requires user signed, for that I
> checked a class by ApplicationStateManager.
> I'd like to redirect to login page if not sign in. hints?
> 
> Thanks,


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org