You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by angelochen <an...@yahoo.com.hk> on 2011/12/29 02:59:09 UTC
T5.3.1 a simple security
Hi,
I know there are many security solutions, what I'm looking is a very simple
one:
my app has a few pages all except login requires user signed, for that I
checked a class by ApplicationStateManager.
I'd like to redirect to login page if not sign in. hints?
Thanks,
Angelo
--
View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5106576.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5.3.1 a simple security
Posted by Chris Poulsen <ma...@nesluop.dk>.
Hi,
I'd prefer a filter based solution based on something like spring
security or apache shiro for a requirement like the one you mention.
They are usually really easy to setup for the basic case and can be
configured to handle something more complex later on, if necessary.
A separate filter based solution keeps the security concerns separate
from your pages - so you can concentrate on getting the pages to work
and then apply the security in another pass.
--
Chris
On Thu, Dec 29, 2011 at 4:08 AM, angelochen <an...@yahoo.com.hk> wrote:
> hi,
>
> right, that's what I was looking for. however, lprimak pointed me to that
> tynamo's security package, think might be time now to look at a more
> complete security package for future projects, applying that to a current,
> small project might be a good practice. Thanks,
>
> Angelo
>
> --
> View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5106671.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5.3.1 a simple security
Posted by angelochen <an...@yahoo.com.hk>.
hi,
right, that's what I was looking for. however, lprimak pointed me to that
tynamo's security package, think might be time now to look at a more
complete security package for future projects, applying that to a current,
small project might be a good practice. Thanks,
Angelo
--
View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5106671.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5.3.1 a simple security
Posted by Taha Hafeez Siddiqi <ta...@gmail.com>.
This is a simple implementation
http://tapestryjava.blogspot.com/2009/12/securing-tapestry-pages-with.html
regards
Taha
On Dec 29, 2011, at 8:02 AM, angelochen wrote:
> ok, i put it in the pom, it got around 800k in size, looks like i have to
> read that doc, that's quite many.
>
> --
> View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5106613.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
Re: T5.3.1 a simple security
Posted by angelochen <an...@yahoo.com.hk>.
ok, i put it in the pom, it got around 800k in size, looks like i have to
read that doc, that's quite many.
--
View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5106613.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5.3.1 a simple security
Posted by angelochen <an...@yahoo.com.hk>.
hi,
This works, thanks, however, it seems I can't catch the exception:
@OnEvent(EventConstants.SUCCESS)
Class succcess() {
AuthenticationToken authenticationToken = new
UsernamePasswordToken(email, password, false);
try {
SecurityUtils.getSubject().login(authenticationToken);
signIn.login();
return MyInex.class;
} catch (AuthenticationException e) {
System.out.println(e.getStackTrace()); // passed wrong password,
but never catch here
}
return null;
}
--
View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5108839.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5.3.1 a simple security
Posted by Kalle Korhonen <ka...@gmail.com>.
On Thu, Dec 29, 2011 at 9:09 AM, angelochen <an...@yahoo.com.hk> wrote:
> thanks, that works. now I use my own login page, what needed to be set in
> that log in page?
Something like this:
AuthenticationToken authenticationToken = new
UsernamePasswordToken(username, password, rememberme);
try {
SecurityUtils.getSubject().login(authenticationToken);
} catch (AuthenticationException e) {
// FIXME Deal with other account exception types like expired and
// locked
signinForm.recordError("User doesn't exist or password is
incorrect. Please try again or click below for a password reminder.");
}
> currently I use a sessionState data to flag as logged in,
> with this tapestry-security, how to change? thanks.
Up to you, you can by all means use sessionState objects with security.
Kalle
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5.3.1 a simple security
Posted by angelochen <an...@yahoo.com.hk>.
hi,
thanks, that works. now I use my own login page, what needed to be set in
that log in page? currently I use a sessionState data to flag as logged in,
with this tapestry-security, how to change? thanks.
angelo
--
View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5108130.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5.3.1 a simple security
Posted by Kalle Korhonen <ka...@gmail.com>.
On Thu, Dec 29, 2011 at 5:12 AM, angelochen <an...@yahoo.com.hk> wrote:
> I follow the guide and added this to AppModule:
>
> public static void contributeWebSecurityManager(Configuration<Realm>
> configuration) {
> ExtendedPropertiesRealm realm = new
> ExtendedPropertiesRealm("classpath:shiro-users.properties");
> configuration.add(realm);
> }
> now, how to specify users in the shiro-users.properties? the default was a
> INI file, but Tynamo's doc says INI file support has been removed.
> also, how to use that to protect a page, need some simple sample codes,
> thanks
See the documentation for Shiro's PropertiesRealm (that
ExtendedPropertiesRealm inherits from):
http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/text/PropertiesRealm.html
Also, the security module's internal test application uses the
ExtendedPropertiesRealm, see
http://svn.codehaus.org/tynamo/trunk/tapestry-security/src/test/resources/shiro-users.properties
for an example.
Kalle
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5.3.1 a simple security
Posted by Lenny Primak <lp...@hope.nyc.ny.us>.
I would just write a simple realm. I never used the Shiro.ini authentication so I can't help you there. There is also Shiro mailing list.
A sample of a unix authenticating realm in in the examples (hope project) in the FlowLogix library.
It's really I easy to do.
On Dec 29, 2011, at 8:12 AM, angelochen <an...@yahoo.com.hk> wrote:
> Hi,
>
> I follow the guide and added this to AppModule:
>
> public static void contributeWebSecurityManager(Configuration<Realm>
> configuration) {
> ExtendedPropertiesRealm realm = new
> ExtendedPropertiesRealm("classpath:shiro-users.properties");
> configuration.add(realm);
> }
>
> now, how to specify users in the shiro-users.properties? the default was a
> INI file, but Tynamo's doc says INI file support has been removed.
> also, how to use that to protect a page, need some simple sample codes,
> thanks
>
> Angelo
>
> --
> View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5107632.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5.3.1 a simple security
Posted by angelochen <an...@yahoo.com.hk>.
Hi,
I follow the guide and added this to AppModule:
public static void contributeWebSecurityManager(Configuration<Realm>
configuration) {
ExtendedPropertiesRealm realm = new
ExtendedPropertiesRealm("classpath:shiro-users.properties");
configuration.add(realm);
}
now, how to specify users in the shiro-users.properties? the default was a
INI file, but Tynamo's doc says INI file support has been removed.
also, how to use that to protect a page, need some simple sample codes,
thanks
Angelo
--
View this message in context: http://tapestry.1045711.n5.nabble.com/T5-3-1-a-simple-security-tp5106576p5107632.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5.3.1 a simple security
Posted by Lenny Primak <lp...@hope.nyc.ny.us>.
Tynamo Tapestry-Security was very simple for me.
http://tynamo.org/tapestry-security+guide
It does require some tweaking, which I did in,
and there are examples in the flowlogix library
http://code.google.com/p/flowlogix/
On Dec 28, 2011, at 8:59 PM, angelochen wrote:
> Hi,
>
> I know there are many security solutions, what I'm looking is a very simple
> one:
> my app has a few pages all except login requires user signed, for that I
> checked a class by ApplicationStateManager.
> I'd like to redirect to login page if not sign in. hints?
>
> Thanks,
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org