You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by John <jo...@quivinco.com> on 2012/11/08 14:29:57 UTC
Tapestry security Tynamo vs filter+service
I've been looking at Tynamo tapestry-security and while it is feature rich, it seems complex and not documented or with detailed enough with full examples for me to follow.
So I am trying to implement the RequiresLoginFilter code HLS provided. This requies implementing authService.isLoggedIn().
My login page will place a User object into session state. I assume I need to grab session state and pass that to my authService which will simply check for the session state != null?
Any suggestions on how I obtain the session state in a service? Or otherwise a clear and complete Tynamo tapestry-security example I can browse?
TIA
Re: Tapestry security Tynamo vs filter+service
Posted by Lenny Primak <lp...@hope.nyc.ny.us>.
+1 for tapestry-security.
This module is excellent and very well documented. The key is, indeed to understanding Shiro,
and T-security is just a very lightweight front-end/configuration module for Shiro.
On Nov 8, 2012, at 9:45 AM, Richard Frovarp wrote:
> On 11/08/2012 07:29 AM, John wrote:
>> I've been looking at Tynamo tapestry-security and while it is feature rich, it seems complex and not documented or with detailed enough with full examples for me to follow.
>>
>> So I am trying to implement the RequiresLoginFilter code HLS provided. This requies implementing authService.isLoggedIn().
>>
>> My login page will place a User object into session state. I assume I need to grab session state and pass that to my authService which will simply check for the session state != null?
>>
>> Any suggestions on how I obtain the session state in a service? Or otherwise a clear and complete Tynamo tapestry-security example I can browse?
>>
>> TIA
>>
>
> Over the past week, I've been moving us from Spring Security to Tynamo's tapestry-security. After attending a Spring Security talk at No Fluff Just Stuff, I was interested in implementing method level security in my application, but discovered the the Spring Security module for Tapestry is out of date. So I decided to move us to Tynamo's tapestry-security, and have been quite happy with the change so far.
>
> tapestry-security is an integration module with Apache Shiro. Understanding Shiro is key to understanding tapestry-security in my very recent experience. I highly recommend reading Shiro's reference documentation, including the sections on Architecture, Authentication, Auhorizations, Realms, and of course the the Terminology section (start with that one).
> http://shiro.apache.org/reference.html
>
> You'll need to add to the chain the authc filter to take the username and password, which will then pass it onto a realm. The authc filter by default goes to this filter, which describes how it works:
> http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html
>
> That will then attempt to authenticate against one of your realms, so you'll need to configure one of those. From there Shiro will handle remembering the user. The authorization information is retrieved each time, unless you enable caching.
>
> From there you use the rest of Shiro / tapestry-security to perform your authorization.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Tapestry security Tynamo vs filter+service
Posted by Richard Frovarp <rf...@apache.org>.
On 11/08/2012 07:29 AM, John wrote:
> I've been looking at Tynamo tapestry-security and while it is feature rich, it seems complex and not documented or with detailed enough with full examples for me to follow.
>
> So I am trying to implement the RequiresLoginFilter code HLS provided. This requies implementing authService.isLoggedIn().
>
> My login page will place a User object into session state. I assume I need to grab session state and pass that to my authService which will simply check for the session state != null?
>
> Any suggestions on how I obtain the session state in a service? Or otherwise a clear and complete Tynamo tapestry-security example I can browse?
>
> TIA
>
Over the past week, I've been moving us from Spring Security to Tynamo's
tapestry-security. After attending a Spring Security talk at No Fluff
Just Stuff, I was interested in implementing method level security in my
application, but discovered the the Spring Security module for Tapestry
is out of date. So I decided to move us to Tynamo's tapestry-security,
and have been quite happy with the change so far.
tapestry-security is an integration module with Apache Shiro.
Understanding Shiro is key to understanding tapestry-security in my very
recent experience. I highly recommend reading Shiro's reference
documentation, including the sections on Architecture, Authentication,
Auhorizations, Realms, and of course the the Terminology section (start
with that one).
http://shiro.apache.org/reference.html
You'll need to add to the chain the authc filter to take the username
and password, which will then pass it onto a realm. The authc filter by
default goes to this filter, which describes how it works:
http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html
That will then attempt to authenticate against one of your realms, so
you'll need to configure one of those. From there Shiro will handle
remembering the user. The authorization information is retrieved each
time, unless you enable caching.
From there you use the rest of Shiro / tapestry-security to perform
your authorization.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Tapestry security Tynamo vs filter+service
Posted by Thiago H de Paula Figueiredo <th...@gmail.com>.
On Thu, 08 Nov 2012 11:29:57 -0200, John <jo...@quivinco.com> wrote:
> I've been looking at Tynamo tapestry-security and while it is feature
> rich, it seems complex and not documented or with detailed enough with
> full examples for me to follow.
I've never used it, but the documentation states quite clearly that it is
an integration of Tapestry with Apache Shiro, so I think you should take a
look at Shiro's documentation.
> So I am trying to implement the RequiresLoginFilter code HLS provided.
> This requies implementing authService.isLoggedIn().
>
> My login page will place a User object into session state. I assume I
> need to grab session state and pass that to my authService which will
> simply check for the session state != null?
>
> Any suggestions on how I obtain the session state in a service?
Inject and use the ApplicationStateManager service.
--
Thiago H. de Paula Figueiredo
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org