You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tapestry.apache.org by John <jo...@quivinco.com> on 2012/11/08 14:29:57 UTC

Tapestry security Tynamo vs filter+service

I've been looking at Tynamo tapestry-security and while it is feature rich, it seems complex and not documented or with detailed enough with full examples for me to follow.

So I am trying to implement the  RequiresLoginFilter code HLS provided. This requies implementing authService.isLoggedIn().

My login page will place a User object into session state. I assume I need to grab session state and pass that to my authService which will simply check for the session state != null?

Any suggestions on how I obtain the session state in a service? Or otherwise a clear and complete Tynamo tapestry-security example I can browse?

TIA

Re: Tapestry security Tynamo vs filter+service

Posted by Lenny Primak <lp...@hope.nyc.ny.us>.

+1 for tapestry-security.
This module is excellent and very well documented.  The key is, indeed to understanding Shiro,
and T-security is just a very lightweight front-end/configuration module for Shiro.


On Nov 8, 2012, at 9:45 AM, Richard Frovarp wrote:

> On 11/08/2012 07:29 AM, John wrote:
>> I've been looking at Tynamo tapestry-security and while it is feature rich, it seems complex and not documented or with detailed enough with full examples for me to follow.
>> 
>> So I am trying to implement the  RequiresLoginFilter code HLS provided. This requies implementing authService.isLoggedIn().
>> 
>> My login page will place a User object into session state. I assume I need to grab session state and pass that to my authService which will simply check for the session state != null?
>> 
>> Any suggestions on how I obtain the session state in a service? Or otherwise a clear and complete Tynamo tapestry-security example I can browse?
>> 
>> TIA
>> 
> 
> Over the past week, I've been moving us from Spring Security to Tynamo's tapestry-security. After attending a Spring Security talk at No Fluff Just Stuff, I was interested in implementing method level security in my application, but discovered the the Spring Security module for Tapestry is out of date. So I decided to move us to Tynamo's tapestry-security, and have been quite happy with the change so far.
> 
> tapestry-security is an integration module with Apache Shiro. Understanding Shiro is key to understanding tapestry-security in my very recent experience. I highly recommend reading Shiro's reference documentation, including the sections on Architecture, Authentication, Auhorizations, Realms, and of course the the Terminology section (start with that one).
> http://shiro.apache.org/reference.html
> 
> You'll need to add to the chain the authc filter to take the username and password, which will then pass it onto a realm. The authc filter by default goes to this filter, which describes how it works:
> http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html
> 
> That will then attempt to authenticate against one of your realms, so you'll need to configure one of those. From there Shiro will handle remembering the user. The authorization information is retrieved each time, unless you enable caching.
> 
> From there you use the rest of Shiro / tapestry-security to perform your authorization.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: Tapestry security Tynamo vs filter+service

Posted by Richard Frovarp <rf...@apache.org>.

On 11/08/2012 07:29 AM, John wrote:
> I've been looking at Tynamo tapestry-security and while it is feature rich, it seems complex and not documented or with detailed enough with full examples for me to follow.
>
> So I am trying to implement the  RequiresLoginFilter code HLS provided. This requies implementing authService.isLoggedIn().
>
> My login page will place a User object into session state. I assume I need to grab session state and pass that to my authService which will simply check for the session state != null?
>
> Any suggestions on how I obtain the session state in a service? Or otherwise a clear and complete Tynamo tapestry-security example I can browse?
>
> TIA
>

Over the past week, I've been moving us from Spring Security to Tynamo's 
tapestry-security. After attending a Spring Security talk at No Fluff 
Just Stuff, I was interested in implementing method level security in my 
application, but discovered the the Spring Security module for Tapestry 
is out of date. So I decided to move us to Tynamo's tapestry-security, 
and have been quite happy with the change so far.

tapestry-security is an integration module with Apache Shiro. 
Understanding Shiro is key to understanding tapestry-security in my very 
recent experience. I highly recommend reading Shiro's reference 
documentation, including the sections on Architecture, Authentication, 
Auhorizations, Realms, and of course the the Terminology section (start 
with that one).
http://shiro.apache.org/reference.html

You'll need to add to the chain the authc filter to take the username 
and password, which will then pass it onto a realm. The authc filter by 
default goes to this filter, which describes how it works:
http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html

That will then attempt to authenticate against one of your realms, so 
you'll need to configure one of those. From there Shiro will handle 
remembering the user. The authorization information is retrieved each 
time, unless you enable caching.

 From there you use the rest of Shiro / tapestry-security to perform 
your authorization.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: Tapestry security Tynamo vs filter+service

Posted by Thiago H de Paula Figueiredo <th...@gmail.com>.

On Thu, 08 Nov 2012 11:29:57 -0200, John <jo...@quivinco.com> wrote:

> I've been looking at Tynamo tapestry-security and while it is feature  
> rich, it seems complex and not documented or with detailed enough with  
> full examples for me to follow.

I've never used it, but the documentation states quite clearly that it is  
an integration of Tapestry with Apache Shiro, so I think you should take a  
look at Shiro's documentation.

> So I am trying to implement the  RequiresLoginFilter code HLS provided.  
> This requies implementing authService.isLoggedIn().
>
> My login page will place a User object into session state. I assume I  
> need to grab session state and pass that to my authService which will  
> simply check for the session state != null?
>
> Any suggestions on how I obtain the session state in a service?

Inject and use the ApplicationStateManager service.

-- 
Thiago H. de Paula Figueiredo

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org