You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Volker Lamp <vo...@gmail.com> on 2009/04/06 14:29:12 UTC
Tapestry 5.1.0.2 and tapestry-spring-security 2.0.1
While attempting to upgrade my webapp to Tapestry 5.1.0.2 from Tapestry 5.0.18 I run into a problem related with tapestry-spring-security 2.0.1.
Triggering LogoutService.logout() in a 5.1.0.2 environment results in a IllegalStateException which was not the case in 5.0.18.
>From a recent discussion in another thread in this list [1] as well as the comments in TAP5-413 I suppose the problem's root is that Spring Security's SecurityContextLogoutHandler.logout() [3] actually invalidates the Servlet API HttpSession rather than Tapestry's Session.
I'd be interested to learn if anyone else is facing the same problem and has solutions or ideas for it.
Best wishes,
Volker
[1] Thread "[T5 5.0.18] java.lang.IllegalStateException: Cannot create a session after the response has been committed"
[2] http://issues.apache.org/jira/browse/TAP5-413
[3] http://acegisecurity.svn.sourceforge.net/viewvc/acegisecurity/spring-security/tags/spring-security-parent-2.0.4/core/src/main/java/org/springframework/security/ui/logout/SecurityContextLogoutHandler.java?view=markup
--
View this message in context: http://n2.nabble.com/Tapestry-5.1.0.2-and-tapestry-spring-security-2.0.1-tp2592789p2592789.html
Sent from the Tapestry Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Tapestry 5.1.0.2 and tapestry-spring-security 2.0.1
Posted by Anthony Schexnaildre <ap...@gmail.com>.
I also would love to see first class support for spring security in
tapestry. I am currently having to define all this in xml. Spring
Webflow is cool but I would have though security would have been
higher on the priority list.
-Anthony
On Apr 6, 2009, at 5:35 PM, Borut Bolčina wrote:
> I'd love to see tapestry-spring-security work with T5.1
>
> -Borut
>
> 2009/4/6 manuel aldana <al...@gmx.de>
>
>> Thiago H. de Paula Figueiredo schrieb[
>>
>>> [...] session rather than Tapestry's Session.
>>>>
>>>>
>>>
>>> I'm having this issue too. Besides this, the @Secured annotation
>>> does not
>>> work.
>>>
>> I asked the creator about this. He said spring-security is not
>> compatible
>> with 5.1. So I guess we need to wait or help :)
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Tapestry 5.1.0.2 and tapestry-spring-security 2.0.1
Posted by Borut Bolčina <bo...@gmail.com>.
I'd love to see tapestry-spring-security work with T5.1
-Borut
2009/4/6 manuel aldana <al...@gmx.de>
> Thiago H. de Paula Figueiredo schrieb[
>
>> [...] session rather than Tapestry's Session.
>>>
>>>
>>
>> I'm having this issue too. Besides this, the @Secured annotation does not
>> work.
>>
> I asked the creator about this. He said spring-security is not compatible
> with 5.1. So I guess we need to wait or help :)
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
Re: Tapestry 5.1.0.2 and tapestry-spring-security 2.0.1
Posted by Paul Field <pa...@db.com>.
FYI, the problem with the @Secured annotation is related to the
performance improvements ( https://issues.apache.org/jira/browse/TAP5-417
). The ComponentClassTransformWorker now needs to explicitly specify which
render phases it requires. tapestry-acegi and tapestry-spring-security
don't do this yet.
Here's a quick'n'dirty work-around for tapestry-acegi that makes the
@Secured annotation work. Just add this to one of your Modules:
// Fix while tapestry-acegi is not compatible with T5.1
public static void contributeComponentClassTransformWorker(
OrderedConfiguration<ComponentClassTransformWorker>
configuration, SecurityChecker securityChecker) {
final AcegiWorker acegiWorker = new AcegiWorker(securityChecker);
configuration.override("Acegi", new
ComponentClassTransformWorker() {
public void transform(ClassTransformation transformation,
MutableComponentModel model) {
Secured annotation = transformation.getAnnotation(Secured.
class);
if (annotation != null) {
model.addRenderPhase(BeginRender.class);
model.addRenderPhase(CleanupRender.class);
}
acegiWorker.transform(transformation, model);
}
});
}
I'm not using Spring Security (yet) but by looking in the
tapestry-spring-security SVN repository and modifying the code about, I
suspect this might do the trick:
// Fix while tapestry-spring-security is not compatible with T5.1
public static void contributeComponentClassTransformWorker(
OrderedConfiguration<ComponentClassTransformWorker>
configuration, SecurityChecker securityChecker) {
final SpringSecurityWorker securityWorker = new
SpringSecurityWorker(securityChecker);
configuration.override("SpringSecurity", new
ComponentClassTransformWorker() {
public void transform(ClassTransformation transformation,
MutableComponentModel model) {
Secured annotation = transformation.getAnnotation(Secured.
class);
if (annotation != null) {
model.addRenderPhase(BeginRender.class);
model.addRenderPhase(CleanupRender.class);
}
securityWorker.transform(transformation, model);
}
});
}
Paul
------------------
Paul Field
Research IT
Deutsche Bank
manuel aldana <al...@gmx.de>
06/04/2009 17:26
Please respond to
"Tapestry users" <us...@tapestry.apache.org>
To
Tapestry users <us...@tapestry.apache.org>
cc
Subject
Re: Tapestry 5.1.0.2 and tapestry-spring-security 2.0.1
Thiago H. de Paula Figueiredo schrieb[
>> [...] session rather than Tapestry's Session.
>>
>
> I'm having this issue too. Besides this, the @Secured annotation does
not work.
I asked the creator about this. He said spring-security is not
compatible with 5.1. So I guess we need to wait or help :)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional EU corporate and regulatory disclosures.
Re: Tapestry 5.1.0.2 and tapestry-spring-security 2.0.1
Posted by manuel aldana <al...@gmx.de>.
Thiago H. de Paula Figueiredo schrieb[
>> [...] session rather than Tapestry's Session.
>>
>
> I'm having this issue too. Besides this, the @Secured annotation does not work.
I asked the creator about this. He said spring-security is not
compatible with 5.1. So I guess we need to wait or help :)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Tapestry 5.1.0.2 and tapestry-spring-security 2.0.1
Posted by "Thiago H. de Paula Figueiredo" <th...@gmail.com>.
On Mon, Apr 6, 2009 at 9:29 AM, Volker Lamp <vo...@gmail.com> wrote:
> While attempting to upgrade my webapp to Tapestry 5.1.0.2 from Tapestry 5.0.18 I run into a problem related with tapestry-spring-security 2.0.1.
> Triggering LogoutService.logout() in a 5.1.0.2 environment results in a IllegalStateException which was not the case in 5.0.18.
> From a recent discussion in another thread in this list [1] as well as the comments in TAP5-413 I suppose the problem's root is that Spring Security's
> SecurityContextLogoutHandler.logout() [3] actually invalidates the Servlet API HttpSession rather than Tapestry's Session.
I'm having this issue too. Besides this, the @Secured annotation does not work.
--
Thiago
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org