You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Jimr <ji...@codesilver.ca> on 2007/01/30 19:19:27 UTC
Feedback for the AcegiSpringJava5FormBased wiki page
It's great to see this howto up on the wiki! I have been playing around with
the example and I have a couple of suggestions to make.
1. The FormProcessingFilter service point is most likely not required. Since
the actual authentication is done programatically through the Acegi API, it
does not appear to use the FormProcessingFilter at all. When I take this
code out, there is no change whatsoever to the behaviour of the app.
2. If a user navigates directly to the login page and logs in successfully,
the savedRequest object will be null, resulting in a NullPointerException. I
don't have a generic solution for this one yet. It depends on how the pages
are set up.
3. Here is a snippet that could be added to the end of the page for people
wondering how to Logout:
Add the following code to any html page where you want a logout link to
appear:
<span jwcid="@ServiceLink"
service="ognl:@org.apache.tapestry.Tapestry@RESTART_SERVICE">Logout</span>
FYI this only works when using form based authentication through Tapestry.
If you use Basic authentication, it will not. The root cause of this appears
to be that Acegi maintains a session independently of Tapestry with Basic
auth, because Tapestry is bypassed. When using Form based authentication,
the ContextHolder's context gets tied to the Tapestry session, and is
discarded when that session is destroyed.
--
View this message in context: http://www.nabble.com/Feedback-for-the-AcegiSpringJava5FormBased-wiki-page-tf3143789.html#a8714094
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: [WARNING] Feedback for the AcegiSpringJava5FormBased wiki page
Posted by Jim Roycroft <ji...@codesilver.ca>.
You are quite right... I just threw that key in there when I was re-writing
the other parts and I did not yet know how to deal with the errors.
So, just ignore that key, and put a try-catch block around the
authenticationManager.authenticate() call, and catch a
BadCredentialsException (for things like missing login/passwords) and an
AuthorizationException (for things like locked or disabled accounts). Then
you can get the error messages from the exceptions, and do what you like
with them.
Jim
Michael Waluk wrote:
>
> Hi,
> I'm new to using Acegi with Tapestry-Acegi. At the end of
> http://wiki.apache.org/tapestry/AcegiSpringJava5FormBased there is the
> Q&A:
>
> How do we retrieve the errors from Acegi and display them in the
> Login
> page?
> ( Using
> AbstractProcessingFilter<http://wiki.apache.org/tapestry/AbstractProcessingFilter>.ACEGI_SECURITY_LAST_EXCEPTION_KEY
> )
>
> But I haven't found it to be there. There isn't any code storing it there
> as there would be in a normal Acegi/Spring app. I could be wrong, but
> wouldn't we have to configure the AuthenticationProcessingFilter (which
> does
> this for us) rather than the default (from tapestry-acegi)
> BasicProcessingFilter? Or to be ugly store it in Login.java's catch block
> so it may be displayed.
>
> Am I missing something or should I set the AuthenticationProcessingFilter
> in
> hivemodule.xml to override the default?
>
> Thanks for any help,
> Michael
>
>
>
> On 2/6/07, Jim Roycroft <ji...@codesilver.ca> wrote:
>>
>>
>> Wiki pages updated.
>>
>>
>> Jim Roycroft wrote:
>> >
>> > I'd like to hang on for a bit to let Jesper update the wiki with any
>> new
>> > things he has figured out. If I don't see any changes in another few
>> days,
>> > I'll update it.
>> >
>> > Now, more new stuff for: AcegiSpringJava5Part2! (refactoring)
>> >
>> > 1. As specified in the Acegi javadocs, the getContext() method will
>> never
>> > return null, so there is no need to check it.
>> > 2. The userName variable can be set to "" at the start, avoiding the
>> need
>> > for the "if" statement at the end. Actually, we don't need the variable
>> at
>> > all.
>> > 3. Since the Authentication object implements the Principal interface,
>> we
>> > can actually call getName() on it. This avoids the need for a lot of
>> the
>> > checking and casting code on the page.
>> >
>> > Here is the new code:
>> >
>> > public abstract class UserPage extends
>> org.apache.tapestry.html.BasePage{
>> >
>> > public String getUserName() {
>> >
>> > Authentication auth =
>> > SecurityContextHolder.getContext().getAuthentication();
>> > if( auth != null ) {
>> > return auth.getName();
>> > }
>> >
>> > return "";
>> > }
>> > }
>> >
>> >
>> > Regards,
>> > Jim
>> >
>> >
>> >
>> > andyhot wrote:
>> >>
>> >> Yea, i've noticed some of those too, esp. the basic authentication
>> >> 'issue'
>> >>
>> >> As for loging out, there's a wiki page that describes this and other
>> >> ways...
>> >>
>> >> But anyway, you can go ahead and edit the wiki page yourself and add
>> >> these findings.
>> >> They should prove useful and time-saving
>> >>
>> >>
>> >> Jimr wrote:
>> >>> It's great to see this howto up on the wiki! I have been playing
>> around
>> >>> with
>> >>> the example and I have a couple of suggestions to make.
>> >>>
>> >>> 1. The FormProcessingFilter service point is most likely not
>> required.
>> >>> Since
>> >>> the actual authentication is done programatically through the Acegi
>> API,
>> >>> it
>> >>> does not appear to use the FormProcessingFilter at all. When I take
>> this
>> >>> code out, there is no change whatsoever to the behaviour of the app.
>> >>>
>> >>> 2. If a user navigates directly to the login page and logs in
>> >>> successfully,
>> >>> the savedRequest object will be null, resulting in a
>> >>> NullPointerException. I
>> >>> don't have a generic solution for this one yet. It depends on how the
>> >>> pages
>> >>> are set up.
>> >>>
>> >>> 3. Here is a snippet that could be added to the end of the page for
>> >>> people
>> >>> wondering how to Logout:
>> >>> Add the following code to any html page where you want a logout link
>> to
>> >>> appear:
>> >>>
>> >>> <span jwcid="@ServiceLink"
>> >>> service="ognl:@org.apache.tapestry.Tapestry
>> @RESTART_SERVICE">Logout</span>
>> >>>
>> >>> FYI this only works when using form based authentication through
>> >>> Tapestry.
>> >>> If you use Basic authentication, it will not. The root cause of this
>> >>> appears
>> >>> to be that Acegi maintains a session independently of Tapestry with
>> >>> Basic
>> >>> auth, because Tapestry is bypassed. When using Form based
>> >>> authentication,
>> >>> the ContextHolder's context gets tied to the Tapestry session, and is
>> >>> discarded when that session is destroyed.
>> >>>
>> >>
>> >>
>> >> --
>> >> Andreas Andreou - andyhot@apache.org - http://andyhot.di.uoa.gr
>> >> Tapestry / Tacos developer
>> >> Open Source / J2EE Consulting
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> >> For additional commands, e-mail: users-help@tapestry.apache.org
>> >>
>> >>
>> >>
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Feedback-for-the-AcegiSpringJava5FormBased-wiki-page-tf3143789.html#a8831753
>> Sent from the Tapestry - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Feedback-for-the-AcegiSpringJava5FormBased-wiki-page-tf3143789.html#a9014361
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Feedback for the AcegiSpringJava5FormBased wiki page
Posted by Michael Waluk <mw...@gmail.com>.
Hi,
I'm new to using Acegi with Tapestry-Acegi. At the end of
http://wiki.apache.org/tapestry/AcegiSpringJava5FormBased there is the Q&A:
How do we retrieve the errors from Acegi and display them in the Login
page?
( Using
AbstractProcessingFilter<http://wiki.apache.org/tapestry/AbstractProcessingFilter>.ACEGI_SECURITY_LAST_EXCEPTION_KEY
)
But I haven't found it to be there. There isn't any code storing it there
as there would be in a normal Acegi/Spring app. I could be wrong, but
wouldn't we have to configure the AuthenticationProcessingFilter (which does
this for us) rather than the default (from tapestry-acegi)
BasicProcessingFilter? Or to be ugly store it in Login.java's catch block
so it may be displayed.
Am I missing something or should I set the AuthenticationProcessingFilter in
hivemodule.xml to override the default?
Thanks for any help,
Michael
On 2/6/07, Jim Roycroft <ji...@codesilver.ca> wrote:
>
>
> Wiki pages updated.
>
>
> Jim Roycroft wrote:
> >
> > I'd like to hang on for a bit to let Jesper update the wiki with any new
> > things he has figured out. If I don't see any changes in another few
> days,
> > I'll update it.
> >
> > Now, more new stuff for: AcegiSpringJava5Part2! (refactoring)
> >
> > 1. As specified in the Acegi javadocs, the getContext() method will
> never
> > return null, so there is no need to check it.
> > 2. The userName variable can be set to "" at the start, avoiding the
> need
> > for the "if" statement at the end. Actually, we don't need the variable
> at
> > all.
> > 3. Since the Authentication object implements the Principal interface,
> we
> > can actually call getName() on it. This avoids the need for a lot of the
> > checking and casting code on the page.
> >
> > Here is the new code:
> >
> > public abstract class UserPage extends org.apache.tapestry.html.BasePage{
> >
> > public String getUserName() {
> >
> > Authentication auth =
> > SecurityContextHolder.getContext().getAuthentication();
> > if( auth != null ) {
> > return auth.getName();
> > }
> >
> > return "";
> > }
> > }
> >
> >
> > Regards,
> > Jim
> >
> >
> >
> > andyhot wrote:
> >>
> >> Yea, i've noticed some of those too, esp. the basic authentication
> >> 'issue'
> >>
> >> As for loging out, there's a wiki page that describes this and other
> >> ways...
> >>
> >> But anyway, you can go ahead and edit the wiki page yourself and add
> >> these findings.
> >> They should prove useful and time-saving
> >>
> >>
> >> Jimr wrote:
> >>> It's great to see this howto up on the wiki! I have been playing
> around
> >>> with
> >>> the example and I have a couple of suggestions to make.
> >>>
> >>> 1. The FormProcessingFilter service point is most likely not required.
> >>> Since
> >>> the actual authentication is done programatically through the Acegi
> API,
> >>> it
> >>> does not appear to use the FormProcessingFilter at all. When I take
> this
> >>> code out, there is no change whatsoever to the behaviour of the app.
> >>>
> >>> 2. If a user navigates directly to the login page and logs in
> >>> successfully,
> >>> the savedRequest object will be null, resulting in a
> >>> NullPointerException. I
> >>> don't have a generic solution for this one yet. It depends on how the
> >>> pages
> >>> are set up.
> >>>
> >>> 3. Here is a snippet that could be added to the end of the page for
> >>> people
> >>> wondering how to Logout:
> >>> Add the following code to any html page where you want a logout link
> to
> >>> appear:
> >>>
> >>> <span jwcid="@ServiceLink"
> >>> service="ognl:@org.apache.tapestry.Tapestry
> @RESTART_SERVICE">Logout</span>
> >>>
> >>> FYI this only works when using form based authentication through
> >>> Tapestry.
> >>> If you use Basic authentication, it will not. The root cause of this
> >>> appears
> >>> to be that Acegi maintains a session independently of Tapestry with
> >>> Basic
> >>> auth, because Tapestry is bypassed. When using Form based
> >>> authentication,
> >>> the ContextHolder's context gets tied to the Tapestry session, and is
> >>> discarded when that session is destroyed.
> >>>
> >>
> >>
> >> --
> >> Andreas Andreou - andyhot@apache.org - http://andyhot.di.uoa.gr
> >> Tapestry / Tacos developer
> >> Open Source / J2EE Consulting
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> >> For additional commands, e-mail: users-help@tapestry.apache.org
> >>
> >>
> >>
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Feedback-for-the-AcegiSpringJava5FormBased-wiki-page-tf3143789.html#a8831753
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
Re: Feedback for the AcegiSpringJava5FormBased wiki page
Posted by Jim Roycroft <ji...@codesilver.ca>.
Wiki pages updated.
Jim Roycroft wrote:
>
> I'd like to hang on for a bit to let Jesper update the wiki with any new
> things he has figured out. If I don't see any changes in another few days,
> I'll update it.
>
> Now, more new stuff for: AcegiSpringJava5Part2! (refactoring)
>
> 1. As specified in the Acegi javadocs, the getContext() method will never
> return null, so there is no need to check it.
> 2. The userName variable can be set to "" at the start, avoiding the need
> for the "if" statement at the end. Actually, we don't need the variable at
> all.
> 3. Since the Authentication object implements the Principal interface, we
> can actually call getName() on it. This avoids the need for a lot of the
> checking and casting code on the page.
>
> Here is the new code:
>
> public abstract class UserPage extends org.apache.tapestry.html.BasePage {
>
> public String getUserName() {
>
> Authentication auth =
> SecurityContextHolder.getContext().getAuthentication();
> if( auth != null ) {
> return auth.getName();
> }
>
> return "";
> }
> }
>
>
> Regards,
> Jim
>
>
>
> andyhot wrote:
>>
>> Yea, i've noticed some of those too, esp. the basic authentication
>> 'issue'
>>
>> As for loging out, there's a wiki page that describes this and other
>> ways...
>>
>> But anyway, you can go ahead and edit the wiki page yourself and add
>> these findings.
>> They should prove useful and time-saving
>>
>>
>> Jimr wrote:
>>> It's great to see this howto up on the wiki! I have been playing around
>>> with
>>> the example and I have a couple of suggestions to make.
>>>
>>> 1. The FormProcessingFilter service point is most likely not required.
>>> Since
>>> the actual authentication is done programatically through the Acegi API,
>>> it
>>> does not appear to use the FormProcessingFilter at all. When I take this
>>> code out, there is no change whatsoever to the behaviour of the app.
>>>
>>> 2. If a user navigates directly to the login page and logs in
>>> successfully,
>>> the savedRequest object will be null, resulting in a
>>> NullPointerException. I
>>> don't have a generic solution for this one yet. It depends on how the
>>> pages
>>> are set up.
>>>
>>> 3. Here is a snippet that could be added to the end of the page for
>>> people
>>> wondering how to Logout:
>>> Add the following code to any html page where you want a logout link to
>>> appear:
>>>
>>> <span jwcid="@ServiceLink"
>>> service="ognl:@org.apache.tapestry.Tapestry@RESTART_SERVICE">Logout</span>
>>>
>>> FYI this only works when using form based authentication through
>>> Tapestry.
>>> If you use Basic authentication, it will not. The root cause of this
>>> appears
>>> to be that Acegi maintains a session independently of Tapestry with
>>> Basic
>>> auth, because Tapestry is bypassed. When using Form based
>>> authentication,
>>> the ContextHolder's context gets tied to the Tapestry session, and is
>>> discarded when that session is destroyed.
>>>
>>
>>
>> --
>> Andreas Andreou - andyhot@apache.org - http://andyhot.di.uoa.gr
>> Tapestry / Tacos developer
>> Open Source / J2EE Consulting
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Feedback-for-the-AcegiSpringJava5FormBased-wiki-page-tf3143789.html#a8831753
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Feedback for the AcegiSpringJava5FormBased wiki page
Posted by Jimr <ji...@codesilver.ca>.
I'd like to hang on for a bit to let Jesper update the wiki with any new
things he has figured out. If I don't see any changes in another few days,
I'll update it.
Now, more new stuff for: AcegiSpringJava5Part2! (refactoring)
1. As specified in the Acegi javadocs, the getContext() method will never
return null, so there is no need to check it.
2. The userName variable can be set to "" at the start, avoiding the need
for the "if" statement at the end. Actually, we don't need the variable at
all.
3. Since the Authentication object implements the Principal interface, we
can actually call getName() on it. This avoids the need for a lot of the
checking and casting code on the page.
Here is the new code:
public abstract class UserPage extends org.apache.tapestry.html.BasePage {
public String getUserName() {
Authentication auth =
SecurityContextHolder.getContext().getAuthentication();
if( auth != null ) {
return auth.getName();
}
return "";
}
}
Regards,
Jim
andyhot wrote:
>
> Yea, i've noticed some of those too, esp. the basic authentication 'issue'
>
> As for loging out, there's a wiki page that describes this and other
> ways...
>
> But anyway, you can go ahead and edit the wiki page yourself and add
> these findings.
> They should prove useful and time-saving
>
>
> Jimr wrote:
>> It's great to see this howto up on the wiki! I have been playing around
>> with
>> the example and I have a couple of suggestions to make.
>>
>> 1. The FormProcessingFilter service point is most likely not required.
>> Since
>> the actual authentication is done programatically through the Acegi API,
>> it
>> does not appear to use the FormProcessingFilter at all. When I take this
>> code out, there is no change whatsoever to the behaviour of the app.
>>
>> 2. If a user navigates directly to the login page and logs in
>> successfully,
>> the savedRequest object will be null, resulting in a
>> NullPointerException. I
>> don't have a generic solution for this one yet. It depends on how the
>> pages
>> are set up.
>>
>> 3. Here is a snippet that could be added to the end of the page for
>> people
>> wondering how to Logout:
>> Add the following code to any html page where you want a logout link to
>> appear:
>>
>> <span jwcid="@ServiceLink"
>> service="ognl:@org.apache.tapestry.Tapestry@RESTART_SERVICE">Logout</span>
>>
>> FYI this only works when using form based authentication through
>> Tapestry.
>> If you use Basic authentication, it will not. The root cause of this
>> appears
>> to be that Acegi maintains a session independently of Tapestry with Basic
>> auth, because Tapestry is bypassed. When using Form based authentication,
>> the ContextHolder's context gets tied to the Tapestry session, and is
>> discarded when that session is destroyed.
>>
>
>
> --
> Andreas Andreou - andyhot@apache.org - http://andyhot.di.uoa.gr
> Tapestry / Tacos developer
> Open Source / J2EE Consulting
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Feedback-for-the-AcegiSpringJava5FormBased-wiki-page-tf3143789.html#a8740491
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Feedback for the AcegiSpringJava5FormBased wiki page
Posted by andyhot <an...@di.uoa.gr>.
Yea, i've noticed some of those too, esp. the basic authentication 'issue'
As for loging out, there's a wiki page that describes this and other ways...
But anyway, you can go ahead and edit the wiki page yourself and add
these findings.
They should prove useful and time-saving
Jimr wrote:
> It's great to see this howto up on the wiki! I have been playing around with
> the example and I have a couple of suggestions to make.
>
> 1. The FormProcessingFilter service point is most likely not required. Since
> the actual authentication is done programatically through the Acegi API, it
> does not appear to use the FormProcessingFilter at all. When I take this
> code out, there is no change whatsoever to the behaviour of the app.
>
> 2. If a user navigates directly to the login page and logs in successfully,
> the savedRequest object will be null, resulting in a NullPointerException. I
> don't have a generic solution for this one yet. It depends on how the pages
> are set up.
>
> 3. Here is a snippet that could be added to the end of the page for people
> wondering how to Logout:
> Add the following code to any html page where you want a logout link to
> appear:
>
> <span jwcid="@ServiceLink"
> service="ognl:@org.apache.tapestry.Tapestry@RESTART_SERVICE">Logout</span>
>
> FYI this only works when using form based authentication through Tapestry.
> If you use Basic authentication, it will not. The root cause of this appears
> to be that Acegi maintains a session independently of Tapestry with Basic
> auth, because Tapestry is bypassed. When using Form based authentication,
> the ContextHolder's context gets tied to the Tapestry session, and is
> discarded when that session is destroyed.
>
--
Andreas Andreou - andyhot@apache.org - http://andyhot.di.uoa.gr
Tapestry / Tacos developer
Open Source / J2EE Consulting
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org