You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by David Beer <da...@gmail.com> on 2017/01/06 18:38:00 UTC
Re: Wicket 7 + Spring Security 7
Hi Martin
Happy New Year.
Thanks for this. I have managed to get Started and have a configuration
which indeed allows authenticated user to a specifc page. I can login and
logout and it cleans the session, however I am having a hard time getting
and displaying errors.
My demo project is located on github here
https://github.com/dmbeer/wicket-7-spring-security/tree/master. I wondered
if could have a quick look and see if everything is correct and point me in
the right direction for obtaining the error messages.
Thanks
David
On 31 December 2016 at 06:12, Martin Grigorov <ma...@gmail.com>
wrote:
> Hi David,
>
> Latest Spring Security release is 4.1.4, there is no 7.x ;-)
>
> I cannot share my project but the integration is quite simple.
>
> 1) define the Spring config (with an impl of UserDetailsService!)
> 2) in your login logic (MyAuthenticatedWebSession#signin() or
> MyLoginForm#onSubmit()) use Spring AuthenticationService#authenticate(new
> UsernamePasswordAuthenticationToken(username, password))
> 3) if 2) is successful then you can use
> SecurityContextHolder.getContext().getUser() to get the User returned by
> your UserDetailsService with its authorities, i.e. roles. You can use them
> in Wicket's RolesAuthorizationStrategy
> 4) if 2) is not successful then Spring Security will throw very specific
> exception with the reason
>
> P.S. I am on my phone now, without access to the application code, so some
> class/method names might be slightly wrong but I hope they are good enough
> to get you going!
>
> Happy New Year!
>
> On Dec 30, 2016 8:23 PM, "David Beer" <da...@gmail.com> wrote:
>
> > Hi All
> >
> > I am trying to add spring security to wicket 7. I have looked at example
> > thomberges did but that doesn't really seem to work. If I comment out the
> > code in the SecureWebsession all still seems to authenticate somehow.
> >
> > Is there an up to date project anyone has of integrating spring security
> > with apache wicket? It would be really useful if a basic project could be
> > shared.
> >
> > Thanks
> > David
> >
> > Happy New Year All
> >
>
Re: Wicket 7 + Spring Security 7
Posted by David Beer <da...@gmail.com>.
Hi
After more investigation, it seems that if you use Wicket 6 and Spring
Security 3 all works as expected. However Wicket 7 and Spring Security 4
and you get the behaviour I am facing. Spring Security seems to take care
of the whole login process.
David
On 6 January 2017 at 18:38, David Beer <da...@gmail.com> wrote:
> Hi Martin
>
> Happy New Year.
>
> Thanks for this. I have managed to get Started and have a configuration
> which indeed allows authenticated user to a specifc page. I can login and
> logout and it cleans the session, however I am having a hard time getting
> and displaying errors.
>
> My demo project is located on github here https://github.com/
> dmbeer/wicket-7-spring-security/tree/master. I wondered if could have a
> quick look and see if everything is correct and point me in the right
> direction for obtaining the error messages.
>
> Thanks
>
> David
>
> On 31 December 2016 at 06:12, Martin Grigorov <ma...@gmail.com>
> wrote:
>
>> Hi David,
>>
>> Latest Spring Security release is 4.1.4, there is no 7.x ;-)
>>
>> I cannot share my project but the integration is quite simple.
>>
>> 1) define the Spring config (with an impl of UserDetailsService!)
>> 2) in your login logic (MyAuthenticatedWebSession#signin() or
>> MyLoginForm#onSubmit()) use Spring AuthenticationService#authenticate(new
>> UsernamePasswordAuthenticationToken(username, password))
>> 3) if 2) is successful then you can use
>> SecurityContextHolder.getContext().getUser() to get the User returned by
>> your UserDetailsService with its authorities, i.e. roles. You can use them
>> in Wicket's RolesAuthorizationStrategy
>> 4) if 2) is not successful then Spring Security will throw very specific
>> exception with the reason
>>
>> P.S. I am on my phone now, without access to the application code, so some
>> class/method names might be slightly wrong but I hope they are good enough
>> to get you going!
>>
>> Happy New Year!
>>
>> On Dec 30, 2016 8:23 PM, "David Beer" <da...@gmail.com> wrote:
>>
>> > Hi All
>> >
>> > I am trying to add spring security to wicket 7. I have looked at example
>> > thomberges did but that doesn't really seem to work. If I comment out
>> the
>> > code in the SecureWebsession all still seems to authenticate somehow.
>> >
>> > Is there an up to date project anyone has of integrating spring security
>> > with apache wicket? It would be really useful if a basic project could
>> be
>> > shared.
>> >
>> > Thanks
>> > David
>> >
>> > Happy New Year All
>> >
>>
>
>
Re: Wicket 7 + Spring Security 7
Posted by Zala Pierre GOUPIL <go...@gmail.com>.
Hi,
Thanks a lot for sharing this! Very useful!
Regards,
Pierre
On Mon, Jan 9, 2017 at 9:43 PM, David Beer <da...@gmail.com> wrote:
> Hi Martin/All
>
> I actually solved the problem late yesterday. The issue is around the way
> in which spring security can be configured. There had been a lot of changes
> between 3.1 and 4.2. Mainly around configuration, as I said earlier. It is
> now advised also to use the configuration in the Java Code. However there
> were a few defaults that don't get overridden in the java config but do
> automatically in the XML definition, the main part being the way in which
> error and login processing is handled. Spring Security will default to
> process the login for you if you don't configure it correctly, which is why
> the signin code was not get used.
>
> Which meant that error's were being handle by the spring security form
> which is why I couldn't access them. I have now configured everything
> properly and the example project shows how it needs to be configured.
>
> Thanks
>
> David
>
> On 9 January 2017 at 19:22, Martin Grigorov <mg...@apache.org> wrote:
>
> > Hi David,
> >
> > What exactly is hard ?
> > What kind of errors you mean?
> >
> > Martin Grigorov
> > Wicket Training and Consulting
> > https://twitter.com/mtgrigorov
> >
> > On Fri, Jan 6, 2017 at 7:38 PM, David Beer <da...@gmail.com>
> wrote:
> >
> > > Hi Martin
> > >
> > > Happy New Year.
> > >
> > > Thanks for this. I have managed to get Started and have a configuration
> > > which indeed allows authenticated user to a specifc page. I can login
> and
> > > logout and it cleans the session, however I am having a hard time
> getting
> > > and displaying errors.
> > >
> > > My demo project is located on github here
> > > https://github.com/dmbeer/wicket-7-spring-security/tree/master. I
> > wondered
> > > if could have a quick look and see if everything is correct and point
> me
> > in
> > > the right direction for obtaining the error messages.
> > >
> > > Thanks
> > >
> > > David
> > >
> > > On 31 December 2016 at 06:12, Martin Grigorov <
> martin.grigorov@gmail.com
> > >
> > > wrote:
> > >
> > > > Hi David,
> > > >
> > > > Latest Spring Security release is 4.1.4, there is no 7.x ;-)
> > > >
> > > > I cannot share my project but the integration is quite simple.
> > > >
> > > > 1) define the Spring config (with an impl of UserDetailsService!)
> > > > 2) in your login logic (MyAuthenticatedWebSession#signin() or
> > > > MyLoginForm#onSubmit()) use Spring AuthenticationService#
> > > authenticate(new
> > > > UsernamePasswordAuthenticationToken(username, password))
> > > > 3) if 2) is successful then you can use
> > > > SecurityContextHolder.getContext().getUser() to get the User
> returned
> > by
> > > > your UserDetailsService with its authorities, i.e. roles. You can use
> > > them
> > > > in Wicket's RolesAuthorizationStrategy
> > > > 4) if 2) is not successful then Spring Security will throw very
> > specific
> > > > exception with the reason
> > > >
> > > > P.S. I am on my phone now, without access to the application code, so
> > > some
> > > > class/method names might be slightly wrong but I hope they are good
> > > enough
> > > > to get you going!
> > > >
> > > > Happy New Year!
> > > >
> > > > On Dec 30, 2016 8:23 PM, "David Beer" <da...@gmail.com>
> wrote:
> > > >
> > > > > Hi All
> > > > >
> > > > > I am trying to add spring security to wicket 7. I have looked at
> > > example
> > > > > thomberges did but that doesn't really seem to work. If I comment
> out
> > > the
> > > > > code in the SecureWebsession all still seems to authenticate
> somehow.
> > > > >
> > > > > Is there an up to date project anyone has of integrating spring
> > > security
> > > > > with apache wicket? It would be really useful if a basic project
> > could
> > > be
> > > > > shared.
> > > > >
> > > > > Thanks
> > > > > David
> > > > >
> > > > > Happy New Year All
> > > > >
> > > >
> > >
> >
>
--
Je n'aime pas seulement ma vie, mais aussi celle des autres.
(Blade Runner)
Re: Wicket 7 + Spring Security 7
Posted by David Beer <da...@gmail.com>.
Hi Martin/All
I actually solved the problem late yesterday. The issue is around the way
in which spring security can be configured. There had been a lot of changes
between 3.1 and 4.2. Mainly around configuration, as I said earlier. It is
now advised also to use the configuration in the Java Code. However there
were a few defaults that don't get overridden in the java config but do
automatically in the XML definition, the main part being the way in which
error and login processing is handled. Spring Security will default to
process the login for you if you don't configure it correctly, which is why
the signin code was not get used.
Which meant that error's were being handle by the spring security form
which is why I couldn't access them. I have now configured everything
properly and the example project shows how it needs to be configured.
Thanks
David
On 9 January 2017 at 19:22, Martin Grigorov <mg...@apache.org> wrote:
> Hi David,
>
> What exactly is hard ?
> What kind of errors you mean?
>
> Martin Grigorov
> Wicket Training and Consulting
> https://twitter.com/mtgrigorov
>
> On Fri, Jan 6, 2017 at 7:38 PM, David Beer <da...@gmail.com> wrote:
>
> > Hi Martin
> >
> > Happy New Year.
> >
> > Thanks for this. I have managed to get Started and have a configuration
> > which indeed allows authenticated user to a specifc page. I can login and
> > logout and it cleans the session, however I am having a hard time getting
> > and displaying errors.
> >
> > My demo project is located on github here
> > https://github.com/dmbeer/wicket-7-spring-security/tree/master. I
> wondered
> > if could have a quick look and see if everything is correct and point me
> in
> > the right direction for obtaining the error messages.
> >
> > Thanks
> >
> > David
> >
> > On 31 December 2016 at 06:12, Martin Grigorov <martin.grigorov@gmail.com
> >
> > wrote:
> >
> > > Hi David,
> > >
> > > Latest Spring Security release is 4.1.4, there is no 7.x ;-)
> > >
> > > I cannot share my project but the integration is quite simple.
> > >
> > > 1) define the Spring config (with an impl of UserDetailsService!)
> > > 2) in your login logic (MyAuthenticatedWebSession#signin() or
> > > MyLoginForm#onSubmit()) use Spring AuthenticationService#
> > authenticate(new
> > > UsernamePasswordAuthenticationToken(username, password))
> > > 3) if 2) is successful then you can use
> > > SecurityContextHolder.getContext().getUser() to get the User returned
> by
> > > your UserDetailsService with its authorities, i.e. roles. You can use
> > them
> > > in Wicket's RolesAuthorizationStrategy
> > > 4) if 2) is not successful then Spring Security will throw very
> specific
> > > exception with the reason
> > >
> > > P.S. I am on my phone now, without access to the application code, so
> > some
> > > class/method names might be slightly wrong but I hope they are good
> > enough
> > > to get you going!
> > >
> > > Happy New Year!
> > >
> > > On Dec 30, 2016 8:23 PM, "David Beer" <da...@gmail.com> wrote:
> > >
> > > > Hi All
> > > >
> > > > I am trying to add spring security to wicket 7. I have looked at
> > example
> > > > thomberges did but that doesn't really seem to work. If I comment out
> > the
> > > > code in the SecureWebsession all still seems to authenticate somehow.
> > > >
> > > > Is there an up to date project anyone has of integrating spring
> > security
> > > > with apache wicket? It would be really useful if a basic project
> could
> > be
> > > > shared.
> > > >
> > > > Thanks
> > > > David
> > > >
> > > > Happy New Year All
> > > >
> > >
> >
>
Re: Wicket 7 + Spring Security 7
Posted by Martin Grigorov <mg...@apache.org>.
Hi David,
What exactly is hard ?
What kind of errors you mean?
Martin Grigorov
Wicket Training and Consulting
https://twitter.com/mtgrigorov
On Fri, Jan 6, 2017 at 7:38 PM, David Beer <da...@gmail.com> wrote:
> Hi Martin
>
> Happy New Year.
>
> Thanks for this. I have managed to get Started and have a configuration
> which indeed allows authenticated user to a specifc page. I can login and
> logout and it cleans the session, however I am having a hard time getting
> and displaying errors.
>
> My demo project is located on github here
> https://github.com/dmbeer/wicket-7-spring-security/tree/master. I wondered
> if could have a quick look and see if everything is correct and point me in
> the right direction for obtaining the error messages.
>
> Thanks
>
> David
>
> On 31 December 2016 at 06:12, Martin Grigorov <ma...@gmail.com>
> wrote:
>
> > Hi David,
> >
> > Latest Spring Security release is 4.1.4, there is no 7.x ;-)
> >
> > I cannot share my project but the integration is quite simple.
> >
> > 1) define the Spring config (with an impl of UserDetailsService!)
> > 2) in your login logic (MyAuthenticatedWebSession#signin() or
> > MyLoginForm#onSubmit()) use Spring AuthenticationService#
> authenticate(new
> > UsernamePasswordAuthenticationToken(username, password))
> > 3) if 2) is successful then you can use
> > SecurityContextHolder.getContext().getUser() to get the User returned by
> > your UserDetailsService with its authorities, i.e. roles. You can use
> them
> > in Wicket's RolesAuthorizationStrategy
> > 4) if 2) is not successful then Spring Security will throw very specific
> > exception with the reason
> >
> > P.S. I am on my phone now, without access to the application code, so
> some
> > class/method names might be slightly wrong but I hope they are good
> enough
> > to get you going!
> >
> > Happy New Year!
> >
> > On Dec 30, 2016 8:23 PM, "David Beer" <da...@gmail.com> wrote:
> >
> > > Hi All
> > >
> > > I am trying to add spring security to wicket 7. I have looked at
> example
> > > thomberges did but that doesn't really seem to work. If I comment out
> the
> > > code in the SecureWebsession all still seems to authenticate somehow.
> > >
> > > Is there an up to date project anyone has of integrating spring
> security
> > > with apache wicket? It would be really useful if a basic project could
> be
> > > shared.
> > >
> > > Thanks
> > > David
> > >
> > > Happy New Year All
> > >
> >
>