tapestry-spring-security dynamic failure url

[Borut Bolčina <bo...@gmail.com>]

Hi,

using tapestry-spring-security 2.0.1 one can contribute

    public static void
contributeApplicationDefaults(MappedConfiguration<String, String>
configuration) {
...
        configuration.add("spring-security.failure.url", "/login/failed");
...
    }

and therefore override the factory default set in SecurityModule

    public static void contributeFactoryDefaults(
            final MappedConfiguration<String, String> configuration) {
...
        configuration.add("spring-security.failure.url", "/loginfailed");
...
    }


I need to configure AuthenticationProcessingFilter "on the fly". Can I
inject the filter and call the setAuthenticationFailureUrl(failureUrl) in my
page class? I want to have different failureUrl based on some condition.

Cheers,
Borut

P.S. How far is tapestry-spring-security from being T5.1 compatible?

Re: tapestry-spring-security dynamic failure url

[Michael Gerzabek <mi...@gmx.net>]

Borut Bolčina schrieb:
> The solution is a three-liner:
>
>     @Inject
>     private AuthenticationProcessingFilter apf;
>
> and
>     apf.setAuthenticationFailureUrl("acme/login/failed");
>
> in method
>     void onActivate(EventContext eventContext)
>
> Should have tried that before asking :-|
>
> Thanks,
> Borut
>
>   
Not sure if you're done with that: What if user A requests your login 
page and user B ~at the same time~ the acme/login page? This would be a 
test case you have to double check.

Cheers,
Michael

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: tapestry-spring-security dynamic failure url

[Borut Bolčina <bo...@gmail.com>]

The solution is a three-liner:

    @Inject
    private AuthenticationProcessingFilter apf;

and
    apf.setAuthenticationFailureUrl("acme/login/failed");

in method
    void onActivate(EventContext eventContext)

Should have tried that before asking :-|

Thanks,
Borut

2009/5/27 Michael Gerzabek <mi...@gmx.net>

> Hi Borut,
>
> Sorry, didn't have such an issue. Maybe you want browse the SS-Forum. There
> are some threads about this issue [1]. In case the searchid gets lost use
> [2] and be aware there are other threads either.
>
> Cheers,
> Michael
>
> [1] http://forum.springsource.org/search.php?searchid=5332409
> [2]
> http://forum.springsource.org/showthread.php?t=59581&highlight=dynamic+failure
>
> Bolčina schrieb:
>
>  Hi Michael,
>>
>>
>> 2009/5/26 Michael Gerzabek <mi...@gmx.net>
>>
>>
>>
>>> Borut Bolčina schrieb:
>>>
>>>
>>>
>>>> I need to configure AuthenticationProcessingFilter "on the fly".
>>>>
>>>>
>>>>
>>> Are you sure? Or do you just want different failureURLs?
>>>
>>>
>>
>>
>> I just want a different failureURL.
>>
>>
>>
>>
>>>  Can I
>>>
>>>
>>>> inject the filter and call the setAuthenticationFailureUrl(failureUrl)
>>>> in
>>>> my
>>>> page class? I want to have different failureUrl based on some condition.
>>>>
>>>>
>>>>
>>>>
>>> Aha. Mhm. I think the easiest would be to inject the
>>> AuthenticationProcessingFilter into your service or whereever you decide
>>> which failureURL to serve and call setAuthenticationFailureUrl() with the
>>> correct URL. Don't know where in the request chain you might do this
>>> though.
>>>
>>>
>>
>>
>> I have two login pages (src/main/java/com/foo/bar/Login and
>> src/main/java/com/foo/bar/acme/Login which extends the first one). The
>> only
>> difference is a different layout component (for now), so in other words -
>> it
>> looks quite different.
>>
>> What I intended to do was to setAuthenticationFailureUrl(acme/login) in
>> the
>> acme/Login class so if the user fails to present the correct username and
>> password, he/she won't be presented the wrong Login page (which is failure
>> url set in the contributeApplicationDefaults method). So if user fails to
>> login in the first Login page, he/she is presented with Login/failed and
>> if
>> he/she fails on the acme/Login page he/she is presented with
>> acme/Login/failed failureUrl.
>>
>> Cheers,
>> Borut
>>
>>
>>
>>
>>> BUT: I cannot imagine a case where your software would act like that.
>>> Since
>>> when authentication fails you probably might inform your user why this
>>> happens. So a discrete page with the logic to display the results of your
>>> role voters or similar security aspects may seem old fashioned but did
>>> the
>>> job for me in the past.
>>>
>>> Third possibility might be to write your own
>>> AuthenticationProcessingFilter, you could extend it, prepare it with your
>>> logic and ...
>>>
>>>
>>>
>>>> Cheers,
>>>> Borut
>>>>
>>>> P.S. How far is tapestry-spring-security from being T5.1 compatible?
>>>>
>>>>
>>>>
>>>>
>>>>
>>> This is finally in the pipeline now.
>>>
>>> Cheers,
>>> Michael
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>>
>>>
>>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>

Re: tapestry-spring-security dynamic failure url

[Michael Gerzabek <mi...@gmx.net>]

Hi Borut,

Sorry, didn't have such an issue. Maybe you want browse the SS-Forum. 
There are some threads about this issue [1]. In case the searchid gets 
lost use [2] and be aware there are other threads either.

Cheers,
Michael

[1] http://forum.springsource.org/search.php?searchid=5332409
[2] 
http://forum.springsource.org/showthread.php?t=59581&highlight=dynamic+failure

Bolčina schrieb:
> Hi Michael,
>
>
> 2009/5/26 Michael Gerzabek <mi...@gmx.net>
>
>   
>> Borut Bolčina schrieb:
>>
>>     
>>> I need to configure AuthenticationProcessingFilter "on the fly".
>>>
>>>       
>> Are you sure? Or do you just want different failureURLs?
>>     
>
>
> I just want a different failureURL.
>
>
>   
>>  Can I
>>     
>>> inject the filter and call the setAuthenticationFailureUrl(failureUrl) in
>>> my
>>> page class? I want to have different failureUrl based on some condition.
>>>
>>>
>>>       
>> Aha. Mhm. I think the easiest would be to inject the
>> AuthenticationProcessingFilter into your service or whereever you decide
>> which failureURL to serve and call setAuthenticationFailureUrl() with the
>> correct URL. Don't know where in the request chain you might do this though.
>>     
>
>
> I have two login pages (src/main/java/com/foo/bar/Login and
> src/main/java/com/foo/bar/acme/Login which extends the first one). The only
> difference is a different layout component (for now), so in other words - it
> looks quite different.
>
> What I intended to do was to setAuthenticationFailureUrl(acme/login) in the
> acme/Login class so if the user fails to present the correct username and
> password, he/she won't be presented the wrong Login page (which is failure
> url set in the contributeApplicationDefaults method). So if user fails to
> login in the first Login page, he/she is presented with Login/failed and if
> he/she fails on the acme/Login page he/she is presented with
> acme/Login/failed failureUrl.
>
> Cheers,
> Borut
>
>
>   
>> BUT: I cannot imagine a case where your software would act like that. Since
>> when authentication fails you probably might inform your user why this
>> happens. So a discrete page with the logic to display the results of your
>> role voters or similar security aspects may seem old fashioned but did the
>> job for me in the past.
>>
>> Third possibility might be to write your own
>> AuthenticationProcessingFilter, you could extend it, prepare it with your
>> logic and ...
>>
>>     
>>> Cheers,
>>> Borut
>>>
>>> P.S. How far is tapestry-spring-security from being T5.1 compatible?
>>>
>>>
>>>
>>>       
>> This is finally in the pipeline now.
>>
>> Cheers,
>> Michael
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>     
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: tapestry-spring-security dynamic failure url

[Borut Bolčina <bo...@gmail.com>]

Hi Michael,


2009/5/26 Michael Gerzabek <mi...@gmx.net>

> Borut Bolčina schrieb:
>
>> I need to configure AuthenticationProcessingFilter "on the fly".
>>
> Are you sure? Or do you just want different failureURLs?


I just want a different failureURL.


>
>  Can I
>> inject the filter and call the setAuthenticationFailureUrl(failureUrl) in
>> my
>> page class? I want to have different failureUrl based on some condition.
>>
>>
> Aha. Mhm. I think the easiest would be to inject the
> AuthenticationProcessingFilter into your service or whereever you decide
> which failureURL to serve and call setAuthenticationFailureUrl() with the
> correct URL. Don't know where in the request chain you might do this though.


I have two login pages (src/main/java/com/foo/bar/Login and
src/main/java/com/foo/bar/acme/Login which extends the first one). The only
difference is a different layout component (for now), so in other words - it
looks quite different.

What I intended to do was to setAuthenticationFailureUrl(acme/login) in the
acme/Login class so if the user fails to present the correct username and
password, he/she won't be presented the wrong Login page (which is failure
url set in the contributeApplicationDefaults method). So if user fails to
login in the first Login page, he/she is presented with Login/failed and if
he/she fails on the acme/Login page he/she is presented with
acme/Login/failed failureUrl.

Cheers,
Borut


>
> BUT: I cannot imagine a case where your software would act like that. Since
> when authentication fails you probably might inform your user why this
> happens. So a discrete page with the logic to display the results of your
> role voters or similar security aspects may seem old fashioned but did the
> job for me in the past.
>
> Third possibility might be to write your own
> AuthenticationProcessingFilter, you could extend it, prepare it with your
> logic and ...
>
>> Cheers,
>> Borut
>>
>> P.S. How far is tapestry-spring-security from being T5.1 compatible?
>>
>>
>>
> This is finally in the pipeline now.
>
> Cheers,
> Michael
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>

Re: tapestry-spring-security dynamic failure url

[Michael Gerzabek <mi...@gmx.net>]

Borut Bolčina schrieb:
> I need to configure AuthenticationProcessingFilter "on the fly". 
Are you sure? Or do you just want different failureURLs?
> Can I
> inject the filter and call the setAuthenticationFailureUrl(failureUrl) in my
> page class? I want to have different failureUrl based on some condition.
>   
Aha. Mhm. I think the easiest would be to inject the 
AuthenticationProcessingFilter into your service or whereever you decide 
which failureURL to serve and call setAuthenticationFailureUrl() with 
the correct URL. Don't know where in the request chain you might do this 
though.

BUT: I cannot imagine a case where your software would act like that. 
Since when authentication fails you probably might inform your user why 
this happens. So a discrete page with the logic to display the results 
of your role voters or similar security aspects may seem old fashioned 
but did the job for me in the past.

Third possibility might be to write your own 
AuthenticationProcessingFilter, you could extend it, prepare it with 
your logic and ...
> Cheers,
> Borut
>
> P.S. How far is tapestry-spring-security from being T5.1 compatible?
>
>   
This is finally in the pipeline now.

Cheers,
Michael

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org