You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Olve Hansen <ol...@intermedia.uib.no> on 2005/05/20 13:15:26 UTC
acegi security and tapestry
Hi all, new to this list..
Just started using tapestry, and I really like what I see. Our project has
decided to use tapestry and it is a relief compared to struts!
How can I tell tapestry to leave some runtime exceptions as they were and let
they trickle past the Exception page? I am using Tapestry 3.0.3. Is this
possible, or perhaps only in Tapestry 4?
I have just managed to hook acegi into tapestry, and it works well when using
url based security filter. Given the urls Tapestry generates I opted for method
based security interceptors instead, and here Tapestry gives me a challenge, as
acegi uses a family of runtime exceptions for capturing insufficient privileges,
and redirecting the user to a login page.
For url-based security this works well, but for method based security, the
exception is thrown behind the tapestry framework when I call a method on my
spring managed service bean. Using AOP the method is never called, and a
net.sf.acegisecurity.AuthenticationCredentialsNotFoundException is thrown.
A securityEnforcmentFilter hooked into a FilterChainProxy is responsible for
catching this exception and forwarding to the login page, but tapestry is too
kind, and shows me the nice-looking exception page, and thus swallows the
exception the securityEnforcmentFilter expects.
I really hope someone can help me on this, as using method based security is a
blessing, specially combined with java annotations.
Now I this is sufficient to secure a method (and declarative transaction setup
as well), from my UserManager interface;
@SecurityConfig (value = {"ROLE_ADMIN"})
@Transactional (propagation = Propagation.SUPPORTS, readOnly = true)
List getAdministrativeUsers() throws ServiceException;
Here is the stacktrace (sorry about the garbled linex, posting though gmane,
with 80 character limit):
net.sf.acegisecurity.AuthenticationCredentialsNotFoundException
A valid SecureContext was not provided in the RequestContext
Stack Trace:
* net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.
credentialsNotFound(AbstractSecurityInterceptor.java:477)
* net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.
beforeInvocation(AbstractSecurityInterceptor.java:355)
* net.sf.acegisecurity.intercept.method.aopalliance.
MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)
* org.springframework.aop.framework.ReflectiveMethodInvocation.
proceed(ReflectiveMethodInvocation.java:144)
* org.springframework.aop.framework.JdkDynamicAopProxy.
invoke(JdkDynamicAopProxy.java:174)
* $Proxy7.getAdministrativeUsers(Unknown Source)
* no.imb.bite.useradmin.web.UserCollectionPage.
buildListEditMap(UserCollectionPage.java:55)
* no.imb.bite.useradmin.web.UserCollectionPage.
pageBeginRender(UserCollectionPage.java:81)
* org.apache.tapestry.AbstractPage.
firePageBeginRender(AbstractPage.java:463)
* org.apache.tapestry.AbstractPage.
renderPage(AbstractPage.java:293)
* org.apache.tapestry.engine.RequestCycle.
renderPage(RequestCycle.java:368)
* org.apache.tapestry.engine.AbstractEngine.
renderResponse(AbstractEngine.java:749)
* org.apache.tapestry.engine.PageService.service(PageService.java:77)
* org.apache.tapestry.engine.AbstractEngine.service(AbstractEngine.java:889)
* org.apache.tapestry.ApplicationServlet.
doService(ApplicationServlet.java:198)
* org.apache.tapestry.ApplicationServlet.doGet(ApplicationServlet.java:159)
* javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
* javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
* org.apache.catalina.core.ApplicationFilterChain.
internalDoFilter(ApplicationFilterChain.java:237)
* org.apache.catalina.core.ApplicationFilterChain.
doFilter(ApplicationFilterChain.java:157)
* net.sf.acegisecurity.util.FilterChainProxy.
doFilter(FilterChainProxy.java:167)
* net.sf.acegisecurity.util.FilterToBeanProxy.
doFilter(FilterToBeanProxy.java:125)
* org.apache.catalina.core.ApplicationFilterChain.
internalDoFilter(ApplicationFilterChain.java:186)
* org.apache.catalina.core.ApplicationFilterChain.
doFilter(ApplicationFilterChain.java:157)
* org.springframework.orm.hibernate.support.OpenSessionInViewFilter.
doFilterInternal(OpenSessionInViewFilter.java:172)
* org.springframework.web.filter.OncePerRequestFilter.
doFilter(OncePerRequestFilter.java:76)
* org.apache.catalina.core.ApplicationFilterChain.
internalDoFilter(ApplicationFilterChain.java:186)
* org.apache.catalina.core.ApplicationFilterChain.
doFilter(ApplicationFilterChain.java:157)
* org.apache.catalina.core.StandardWrapperValve.
invoke(StandardWrapperValve.java:214)
* org.apache.catalina.core.StandardContextValve.
invoke(StandardContextValve.java:178)
* org.apache.catalina.valves.AccessLogValve.
invoke(AccessLogValve.java:526)
* org.apache.catalina.core.StandardHostValve.
invoke(StandardHostValve.java:126)
* org.apache.catalina.cluster.tcp.ReplicationValve.
invoke(ReplicationValve.java:129)
* org.apache.catalina.valves.ErrorReportValve.
invoke(ErrorReportValve.java:105)
* org.apache.catalina.core.StandardEngineValve.
invoke(StandardEngineValve.java:107)
* org.apache.catalina.connector.CoyoteAdapter.
service(CoyoteAdapter.java:148)
* org.apache.coyote.http11.Http11Processor.
process(Http11Processor.java:825)
* org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.
processConnection(Http11Protocol.java:731)
* org.apache.tomcat.util.net.PoolTcpEndpoint.
processSocket(PoolTcpEndpoint.java:526)
* org.apache.tomcat.util.net.LeaderFollowerWorkerThread.
runIt(LeaderFollowerWorkerThread.java:80)
* org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.
run(ThreadPool.java:684)
* java.lang.Thread.run(Thread.java:595)
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: acegi security and tapestry
Posted by Geoff Longman <gl...@gmail.com>.
Olve,
Would love to see the src for your ExceptionRethrower if you are still
willing to post it.
Geoff
On 5/23/05, Olve Hansen <ol...@intermedia.uib.no> wrote:
> Michael Echerer <mech <at> tngtech.com> writes:
> >
> > Olve Hansen wrote:
> > > [snip]
> > You can customize the stale link, stale session and exception pages.
> >
> > See oder Howard's book:
> > http://tapestry-tutorial.cloudnine.net.nz/pages-example.html
> >
> > Basically you could create your own exception page that gets called.
> > Then you can filter/rethrow or let anything pass thru you want in your
> > custom exception page class.
> >
> I will definitely do this later, but for this case I found a more elegant way of
> solving the problem. By overriding the activateErrorPage in AbstractEngine,
> and before I call super, fetch a SpringManagedBean where I can configure which
> families of exceptions to rethrow:
>
> <bean id="exceptionRethrower" class="no.imb.bite.framework.ExceptionRethrower">
> <!-- Remember that this list is in prioritized order -->
> <property name="toRethrow">
> <list>
> <value>net.sf.acegisecurity.AuthenticationException</value>
> <value>net.sf.acegisecurity.AcegiSecurityException</value>
> </list>
> </property>
> </bean>
>
> Works perfectly. I'll post the class as well, if someone is interested. (Not
> posting now, as gmane is quite pedantic about the 80 character limit, and all my
> classes are above).
>
> Thanks a lot for the link, haven't seen that one before, and thanks to Gregor
> for the hispacta. It didn't solve this problem, but definitely a good source for
> acegi setup.
>
> --
> Cheers
> Olve
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
>
--
The Spindle guy. http://spindle.sf.net
Get help with Spindle:
http://lists.sourceforge.net/mailman/listinfo/spindle-user
Announcement Feed:
http://www.jroller.com/rss/glongman?catname=/Announcements
Feature Updates: http://spindle.sf.net/updates
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: acegi security and tapestry
Posted by Olve Hansen <ol...@intermedia.uib.no>.
Michael Echerer <mech <at> tngtech.com> writes:
>
> Olve Hansen wrote:
> > [snip]
> You can customize the stale link, stale session and exception pages.
>
> See oder Howard's book:
> http://tapestry-tutorial.cloudnine.net.nz/pages-example.html
>
> Basically you could create your own exception page that gets called.
> Then you can filter/rethrow or let anything pass thru you want in your
> custom exception page class.
>
I will definitely do this later, but for this case I found a more elegant way of
solving the problem. By overriding the activateErrorPage in AbstractEngine,
and before I call super, fetch a SpringManagedBean where I can configure which
families of exceptions to rethrow:
<bean id="exceptionRethrower" class="no.imb.bite.framework.ExceptionRethrower">
<!-- Remember that this list is in prioritized order -->
<property name="toRethrow">
<list>
<value>net.sf.acegisecurity.AuthenticationException</value>
<value>net.sf.acegisecurity.AcegiSecurityException</value>
</list>
</property>
</bean>
Works perfectly. I'll post the class as well, if someone is interested. (Not
posting now, as gmane is quite pedantic about the 80 character limit, and all my
classes are above).
Thanks a lot for the link, haven't seen that one before, and thanks to Gregor
for the hispacta. It didn't solve this problem, but definitely a good source for
acegi setup.
--
Cheers
Olve
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: acegi security and tapestry
Posted by Michael Echerer <me...@tngtech.com>.
Olve Hansen wrote:
> Hi all, new to this list..
> Just started using tapestry, and I really like what I see. Our project has
> decided to use tapestry and it is a relief compared to struts!
>
> How can I tell tapestry to leave some runtime exceptions as they were and let
> they trickle past the Exception page? I am using Tapestry 3.0.3. Is this
> possible, or perhaps only in Tapestry 4?
>
You can customize the stale link, stale session and exception pages.
See oder Howard's book:
http://tapestry-tutorial.cloudnine.net.nz/pages-example.html
Basically you could create your own exception page that gets called.
Then you can filter/rethrow or let anything pass thru you want in your
custom exception page class.
In our case we just changed the "design" of the exception page and
simply log all exceptions into a log4j file instead of displaying the
Tapestry html dump.
Cheers
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
AW: acegi security and tapestry
Posted by Gregor Melhorn <g....@web.de>.
There is a really nice example for this:
http://sourceforge.net/projects/hispacta/
Hibernate, Spring, Acegi Security and Tapestry. I don't know if this will
help you, but as far as I know, method based security is used.
Best regards
Gregor
-----Ursprüngliche Nachricht-----
Von: tapestry-user-return-20866-g.melhorn=web.de@jakarta.apache.org
[mailto:tapestry-user-return-20866-g.melhorn=web.de@jakarta.apache.org] Im
Auftrag von Olve Hansen
Gesendet: Freitag, 20. Mai 2005 13:15
An: tapestry-user@jakarta.apache.org
Betreff: acegi security and tapestry
Hi all, new to this list..
Just started using tapestry, and I really like what I see. Our project has
decided to use tapestry and it is a relief compared to struts!
How can I tell tapestry to leave some runtime exceptions as they were and
let
they trickle past the Exception page? I am using Tapestry 3.0.3. Is this
possible, or perhaps only in Tapestry 4?
I have just managed to hook acegi into tapestry, and it works well when
using
url based security filter. Given the urls Tapestry generates I opted for
method
based security interceptors instead, and here Tapestry gives me a challenge,
as
acegi uses a family of runtime exceptions for capturing insufficient
privileges,
and redirecting the user to a login page.
For url-based security this works well, but for method based security, the
exception is thrown behind the tapestry framework when I call a method on my
spring managed service bean. Using AOP the method is never called, and a
net.sf.acegisecurity.AuthenticationCredentialsNotFoundException is thrown.
A securityEnforcmentFilter hooked into a FilterChainProxy is responsible for
catching this exception and forwarding to the login page, but tapestry is
too
kind, and shows me the nice-looking exception page, and thus swallows the
exception the securityEnforcmentFilter expects.
I really hope someone can help me on this, as using method based security is
a
blessing, specially combined with java annotations.
Now I this is sufficient to secure a method (and declarative transaction
setup
as well), from my UserManager interface;
@SecurityConfig (value = {"ROLE_ADMIN"})
@Transactional (propagation = Propagation.SUPPORTS, readOnly = true)
List getAdministrativeUsers() throws ServiceException;
Here is the stacktrace (sorry about the garbled linex, posting though gmane,
with 80 character limit):
net.sf.acegisecurity.AuthenticationCredentialsNotFoundException
A valid SecureContext was not provided in the RequestContext
Stack Trace:
* net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.
credentialsNotFound(AbstractSecurityInterceptor.java:477)
* net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.
beforeInvocation(AbstractSecurityInterceptor.java:355)
* net.sf.acegisecurity.intercept.method.aopalliance.
MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)
* org.springframework.aop.framework.ReflectiveMethodInvocation.
proceed(ReflectiveMethodInvocation.java:144)
* org.springframework.aop.framework.JdkDynamicAopProxy.
invoke(JdkDynamicAopProxy.java:174)
* $Proxy7.getAdministrativeUsers(Unknown Source)
* no.imb.bite.useradmin.web.UserCollectionPage.
buildListEditMap(UserCollectionPage.java:55)
* no.imb.bite.useradmin.web.UserCollectionPage.
pageBeginRender(UserCollectionPage.java:81)
* org.apache.tapestry.AbstractPage.
firePageBeginRender(AbstractPage.java:463)
* org.apache.tapestry.AbstractPage.
renderPage(AbstractPage.java:293)
* org.apache.tapestry.engine.RequestCycle.
renderPage(RequestCycle.java:368)
* org.apache.tapestry.engine.AbstractEngine.
renderResponse(AbstractEngine.java:749)
* org.apache.tapestry.engine.PageService.service(PageService.java:77)
*
org.apache.tapestry.engine.AbstractEngine.service(AbstractEngine.java:889)
* org.apache.tapestry.ApplicationServlet.
doService(ApplicationServlet.java:198)
*
org.apache.tapestry.ApplicationServlet.doGet(ApplicationServlet.java:159)
* javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
* javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
* org.apache.catalina.core.ApplicationFilterChain.
internalDoFilter(ApplicationFilterChain.java:237)
* org.apache.catalina.core.ApplicationFilterChain.
doFilter(ApplicationFilterChain.java:157)
* net.sf.acegisecurity.util.FilterChainProxy.
doFilter(FilterChainProxy.java:167)
* net.sf.acegisecurity.util.FilterToBeanProxy.
doFilter(FilterToBeanProxy.java:125)
* org.apache.catalina.core.ApplicationFilterChain.
internalDoFilter(ApplicationFilterChain.java:186)
* org.apache.catalina.core.ApplicationFilterChain.
doFilter(ApplicationFilterChain.java:157)
* org.springframework.orm.hibernate.support.OpenSessionInViewFilter.
doFilterInternal(OpenSessionInViewFilter.java:172)
* org.springframework.web.filter.OncePerRequestFilter.
doFilter(OncePerRequestFilter.java:76)
* org.apache.catalina.core.ApplicationFilterChain.
internalDoFilter(ApplicationFilterChain.java:186)
* org.apache.catalina.core.ApplicationFilterChain.
doFilter(ApplicationFilterChain.java:157)
* org.apache.catalina.core.StandardWrapperValve.
invoke(StandardWrapperValve.java:214)
* org.apache.catalina.core.StandardContextValve.
invoke(StandardContextValve.java:178)
* org.apache.catalina.valves.AccessLogValve.
invoke(AccessLogValve.java:526)
* org.apache.catalina.core.StandardHostValve.
invoke(StandardHostValve.java:126)
* org.apache.catalina.cluster.tcp.ReplicationValve.
invoke(ReplicationValve.java:129)
* org.apache.catalina.valves.ErrorReportValve.
invoke(ErrorReportValve.java:105)
* org.apache.catalina.core.StandardEngineValve.
invoke(StandardEngineValve.java:107)
* org.apache.catalina.connector.CoyoteAdapter.
service(CoyoteAdapter.java:148)
* org.apache.coyote.http11.Http11Processor.
process(Http11Processor.java:825)
* org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.
processConnection(Http11Protocol.java:731)
* org.apache.tomcat.util.net.PoolTcpEndpoint.
processSocket(PoolTcpEndpoint.java:526)
* org.apache.tomcat.util.net.LeaderFollowerWorkerThread.
runIt(LeaderFollowerWorkerThread.java:80)
* org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.
run(ThreadPool.java:684)
* java.lang.Thread.run(Thread.java:595)
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org