You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by "Will N." <ll...@yahoo.fr> on 2013/08/06 10:10:37 UTC
Securing page with Tapestry
Hi,
I am trying secure some pages of my application as shown in this
tutorial. http://tapestryjava.blogspot.co.uk/search/label/security
But I am having following error message when I start the application.
Since the RequiresLoginFilte class implements the ComponentRequestFilter
interface, I am confused about the coertion error!
[ERROR] ioc.Registry Error invoking service contribution method
com.example.pms.services.PmsModule.contributeComponentRequestHandler(OrderedConfiguration):
Could not find a coercion from type
com.example.pms.services.RequiresLoginFilter to type
org.apache.tapestry5.services.ComponentRequestFilter.
[ERROR] ioc.Registry Operations trace:
[ERROR] ioc.Registry [ 1] Realizing service ComponentRequestHandler
[ERROR] ioc.Registry [ 2] Instantiating service ComponentRequestHandler
implementation via
org.apache.tapestry5.services.TapestryModule.buildComponentRequestHandler(List,
ComponentRequestHandlerTerminator, Logger) (at TapestryModule.java:2690)
[ERROR] ioc.Registry [ 3] Creating plan to invoke public
org.apache.tapestry5.services.ComponentRequestHandler
org.apache.tapestry5.services.TapestryModule.buildComponentRequestHandler(java.util.List,org.apache.tapestry5.internal.services.ComponentRequestHandlerTerminator,org.slf4j.Logger)
[ERROR] ioc.Registry [ 4] Determining injection value for parameter #1
(java.util.List)
[ERROR] ioc.Registry [ 5] Collecting ordered configuration for service
ComponentRequestHandler
[ERROR] ioc.Registry [ 6] Invoking
com.example.pms.services.PmsModule.contributeComponentRequestHandler(OrderedConfiguration)
(at PmsModule.java:146)
[ERROR] TapestryModule.ComponentRequestHandler Construction of service
ComponentRequestHandler failed: Error invoking service contribution
method
com.example.pms.services.PmsModule.contributeComponentRequestHandler(OrderedConfiguration):
Could not find a coercion from type
com.example.pms.services.RequiresLoginFilter to type
org.apache.tapestry5.services.ComponentRequestFilter.
org.apache.tapestry5.ioc.internal.OperationException: Error invoking
service contribution method
com.example.pms.services.PmsModule.contributeComponentRequestHandler(OrderedConfiguration):
Could not find a coercion from type
com.example.pms.services.RequiresLoginFilter to type
org.apache.tapestry5.services.ComponentRequestFilter.
at
org.apache.tapestry5.ioc.internal.OperationTrackerImpl.logAndRethrow(OperationTrackerImpl.java:121)
at
org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:88)
at
org.apache.tapestry5.ioc.internal.OperationTrackerImpl.run(OperationTrackerImpl.java:47)
at
org.apache.tapestry5.ioc.internal.PerThreadOperationTracker.run(PerThreadOperationTracker.java:76)
at
org.apache.tapestry5.ioc.internal.RegistryImpl.addToOrderedConfiguration(RegistryImpl.java:629)
at
org.apache.tapestry5.ioc.internal.RegistryImpl.getOrderedConfiguration(RegistryImpl.java:483)
at
org.apache.tapestry5.ioc.internal.ServiceResourcesImpl$2.invoke(ServiceResourcesImpl.java:110)...
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Securing page with Tapestry
Posted by "D.R." <d....@googlemail.com>.
Hi,
Of course it is null, if you don't provide it as a t5 service or pass it
wrong to your RequiresLoginFilter.
How does your code look after your changes?
Provide full stack trace after your changes pls.
This is also weird imho:
@SuppressWarnings("unchecked")
public static void
contributeComponentRequestHandler(OrderedConfiguration configuration) {
configuration.addInstance("RequiresLogin",
RequiresLoginFilter.class);
}
Correct me if i am wrong, but don't you have to provide the
RequiresLoginFilter as a t5 service?
Passing the request to the constructor is ok, but anyway this is not the
current issue.
whoops, the request is null in your t5 page class? I can not believe that.
With kind regards
David
Am 07.08.2013 18:11, schrieb Will N.:
>
> I have changed that but the exception remains... seems like the the
> request the AuthenticatorImpl.java is null;
>
> public boolean isLoggedIn() {
>
> org.apache.tapestry5.services.Session session =
> request.getSession(true); // request is null
> if (session != null) { return session.getAttribute(AUTH_TOKEN)
> != null; }
> return false;
>
> }
>
> Am i Suppose to pass the request to the constructor or to add anything
> else in the AppModule?
>
> Am 07.08.2013 17:18, schrieb D.R.:
>> Hi,
>>
>> where is the registration of AuthenticatorImp implements
>> AuthenticatorInterface? I can not see it in your binder.bind
>>
>> Your constructor looks weird:
>> public void PageAccessFilter in class RequiresLoginFilter ???
>>
>> You should pass the interface there, not the impl.
>>
>>
>> Kind regards
>> David
>>
>> Am 07.08.2013 16:12, schrieb Willy Browne:
>>> thanks for the help. I removed my Interface and now i get a
>>> NullPointerException
>>> *
>>> RequiresLoginFilter.dispatchedToLoginPage(RequiresLoginFilter.java:66)
>>> *
>>> services.RequiresLoginFilter.handlePageRender(RequiresLoginFilter.java:57)
>>> *
>>> org.apache.tapestry5.services.InitializeActivePageName.handlePageRender(InitializeActivePageName.java:47)
>>> *
>>> org.apache.tapestry5.internal.services.RootPathDispatcher.dispatch(RootPathDispatcher.java:66)
>>> *
>>> org.apache.tapestry5.services.TapestryModule$RequestHandlerTerminator.service(TapestryModule.java:302)
>>> * .services.PmsModule$1.service(PmsModule.java:115)
>>> *
>>> org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:26)
>>> *
>>> org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:902)
>>> *
>>> org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:892)
>>> *
>>> org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:90)
>>> *
>>> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:105)
>>> *
>>> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:95)
>>> *
>>> org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85)
>>> *
>>> org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:119)
>>> *
>>> org.apache.tapestry5.services.TapestryModule$HttpServletRequestHandlerTerminator.service(TapestryModule.java:253)
>>> *
>>> org.apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java:53)
>>> *
>>> org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
>>> *
>>> org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
>>> *
>>> org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
>>>
>>> public class RequiresLoginFilter implements ComponentRequestFilter {
>>> private PageRenderLinkSource renderLinkSource;
>>>
>>> private ComponentSource componentSource;
>>> private Response response;
>>>
>>> private AuthenticatorImp authService;
>>>
>>> public void PageAccessFilter(PageRenderLinkSource renderLinkSource,
>>> ComponentSource componentSource, Response response,
>>> AuthenticatorImp authService) {
>>>
>>> this.renderLinkSource = renderLinkSource;
>>> this.componentSource = componentSource;
>>> this.response = response;
>>> this.authService = authService;
>>>
>>> }
>>>
>>> public void handleComponentEvent(
>>> ComponentEventRequestParameters parameters,
>>> ComponentRequestHandler handler) throws IOException {
>>>
>>> if (dispatchedToLoginPage(parameters.getActivePageName())) {
>>> return;
>>> }
>>>
>>> handler.handleComponentEvent(parameters);
>>>
>>> }
>>>
>>> public void handlePageRender(PageRenderRequestParameters parameters,
>>> ComponentRequestHandler handler) throws IOException {
>>> if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
>>> return;
>>> }
>>>
>>> handler.handlePageRender(parameters);
>>> }
>>>
>>> private boolean dispatchedToLoginPage(String pageName) throws
>>> IOException {
>>> if (authService.isLoggedIn()) { // line 66
>>> return false;
>>> }
>>>
>>> Component page = componentSource.getPage(pageName);
>>>
>>> if (!page.getClass().isAnnotationPresent(RequiresLogin.class)) {
>>> return false;
>>> }
>>>
>>> Link link = renderLinkSource.createPageRenderLink("Login");
>>>
>>> response.sendRedirect(link);
>>>
>>> return true;
>>> }
>>> }
>>>
>>>
>>> public class RequiresLoginFilter implements ComponentRequestFilter {
>>> private PageRenderLinkSource renderLinkSource;
>>>
>>> private ComponentSource componentSource;
>>> private Response response;
>>>
>>> private AuthenticatorImp authService;
>>>
>>> public void PageAccessFilter(PageRenderLinkSource renderLinkSource,
>>> ComponentSource componentSource, Response response,
>>> AuthenticatorImp authService) {
>>>
>>> this.renderLinkSource = renderLinkSource;
>>> this.componentSource = componentSource;
>>> this.response = response;
>>> this.authService = authService;
>>>
>>> }
>>>
>>> public void handleComponentEvent(
>>> ComponentEventRequestParameters parameters,
>>> ComponentRequestHandler handler) throws IOException {
>>>
>>> if (dispatchedToLoginPage(parameters.getActivePageName())) {
>>> return;
>>> }
>>>
>>> handler.handleComponentEvent(parameters);
>>>
>>> }
>>>
>>> public void handlePageRender(PageRenderRequestParameters parameters,
>>> ComponentRequestHandler handler) throws IOException {
>>> if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
>>> return;
>>> }
>>>
>>> handler.handlePageRender(parameters);
>>> }
>>>
>>> private boolean dispatchedToLoginPage(String pageName) throws
>>> IOException { // line 57
>>> if (authService.isLoggedIn()) {
>>> return false;
>>> }
>>>
>>> Component page = componentSource.getPage(pageName);
>>>
>>> if (!page.getClass().isAnnotationPresent(RequiresLogin.class)) {
>>> return false;
>>> }
>>>
>>> Link link = renderLinkSource.createPageRenderLink("Login");
>>>
>>> response.sendRedirect(link);
>>>
>>> return true;
>>> }
>>> }
>>>
>>>
>>>
>>> public class AuthenticatorImp implements AuthenticatorInterface{
>>>
>>> public static final String AUTH_TOKEN = "authToken";
>>> /**
>>> *
>>> */
>>> public AuthenticatorImp() {
>>> super();
>>> // TODO Auto-generated constructor stub
>>> }
>>>
>>> /**
>>> * @param request
>>> */
>>> public AuthenticatorImp(Request request) {
>>> super();
>>> this.request = request;
>>> }
>>>
>>>
>>>
>>>
>>> @Inject
>>> private Request request;
>>> public Mitarbeiter getLoggedUser() {
>>> Mitarbeiter user = null;
>>>
>>> if (isLoggedIn())
>>> user = (Mitarbeiter)
>>> request.getSession(true).getAttribute(AUTH_TOKEN);
>>> else
>>> throw new IllegalStateException("The user is not logged
>>> ! ");
>>> return user;
>>> }
>>>
>>> public boolean isLoggedIn() {
>>> org.apache.tapestry5.services.Session session =
>>> request.getSession(true);
>>> if (session != null) { return
>>> session.getAttribute(AUTH_TOKEN) != null; }
>>> return false;
>>>
>>> }
>>>
>>> @SuppressWarnings("unchecked")
>>> public void login(String nickName, String password,
>>> org.hibernate.Session session)
>>> throws NoSuchAlgorithmException, UnsupportedEncodingException {
>>> MitarbeiterDaoImpl mitarbeiterDao = new MitarbeiterDaoImpl(
>>> Mitarbeiter.class, session);
>>> Mitarbeiter authUser = mitarbeiterDao.authenticate(nickName,
>>> Encrypt.MD5(password));
>>>
>>> try{
>>> request.getSession(true).setAttribute(AUTH_TOKEN, authUser);
>>> }
>>> catch(NullPointerException e){
>>> System.out.println("Beim Einlogen ist ein fehler aufgetreten");
>>> }
>>> }
>>>
>>> public void logout() {
>>> org.apache.tapestry5.services.Session session =
>>> request.getSession(false);
>>> if (session != null)
>>> {
>>> session.setAttribute(AUTH_TOKEN, null);
>>> session.invalidate();
>>> }
>>> }
>>>
>>>
>>> }
>>>
>>> ________________________________
>>> De : Taha Hafeez Siddiqi <ta...@gmail.com>
>>> À : Tapestry users <us...@tapestry.apache.org>
>>> Envoyé le : Mardi 6 août 2013 14h41
>>> Objet : Re: Securing page with Tapestry
>>>
>>> Are you defining your own ComponentRequestFilter interface? As you
>>> have included the code for that I am assuming you have.
>>>
>>> You have to implement Tapestry's ComponentRequestFilter, not your
>>> own as you can't contribute to the RequestHandler any other
>>> implementation.
>>>
>>> regards
>>> Taha
>>>
>>> On 06-Aug-2013, at 5:53 PM, Will N. <ll...@yahoo.fr> wrote:
>>>
>>>> Am 06.08.2013 14:13, schrieb Thiago H de Paula Figueiredo:
>>>>> I'm sorry, I should have asked for your ComponentRequestFilter
>>>>> implementation source too. ;)
>>>>>
>>>>> On Tue, 06 Aug 2013 08:31:15 -0300, Will N.
>>>>> <ll...@yahoo.fr> wrote:
>>>>>
>>>>>> Am 06.08.2013 13:25, schrieb Thiago H de Paula Figueiredo:
>>>>>>> On Tue, 06 Aug 2013 05:10:37 -0300, Will N.
>>>>>>> <ll...@yahoo.fr> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>> Hi!
>>>>>>>
>>>>>>>> I am trying secure some pages of my application as shown in
>>>>>>>> this tutorial.
>>>>>>>> http://tapestryjava.blogspot.co.uk/search/label/security
>>>>>>>> But I am having following error message when I start the
>>>>>>>> application.
>>>>>>>> Since the RequiresLoginFilte class implements the
>>>>>>>> ComponentRequestFilter interface, I am confused about the
>>>>>>>> coertion error!
>>>>>>> The error is weird. Could you post your
>>>>>>> PmsModule.contributeComponentRequestHandler() method
>>>>>> /**
>>>>>> * This module is automatically included as part of the
>>>>>> Tapestry IoC Registry,
>>>>>> * it's a good place to configure and extend Tapestry, or to
>>>>>> place your own
>>>>>> * service definitions. spring
>>>>>> */
>>>>>> public class PmsModule {
>>>>>> // public static void bind(ServiceBinder binder) {
>>>>>> // // binder.bind(MyServiceInterface.class,
>>>>>> MyServiceImpl.class);
>>>>>> //
>>>>>> // // Make bind() calls on the binder object to define
>>>>>> most IoC services.
>>>>>> // // Use service builder methods (example below) when the
>>>>>> implementation
>>>>>> // // is provided inline, or requires more initialization
>>>>>> than simply
>>>>>> // // invoking the constructor.
>>>>>> // binder.bind(ArbeitspaketDao.class,
>>>>>> ArbeitspaketDaoImpl.class);
>>>>>> // binder.bind(AufgabeDao.class, AufgabeDaoImpl.class);
>>>>>> // binder.bind(BasicDao.class, BasicDaoImpl.class);
>>>>>> // binder.bind(FunktionDao.class, FunktionDaoImpl.class);
>>>>>> //// binder.bind(GrantedAuthorityBeanDao.class,
>>>>>> //// GrantedAuthorityBeanDaoImpl.class);
>>>>>> // binder.bind(MitarbeiterDao.class,
>>>>>> MitarbeiterDaoImpl.class);
>>>>>> // binder.bind(MitarbeiterProjektDao.class,
>>>>>> // MitarbeiterProjektDaoImpl.class);
>>>>>> // binder.bind(ModulDao.class, ModulDaoImpl.class);
>>>>>> // binder.bind(PersonMonatDao.class,
>>>>>> PersonMonatDaoImpl.class);
>>>>>> // binder.bind(UserDataDao.class, UserDataDaoImpl.class);
>>>>>> // binder.bind(ProjektDao.class, ProjektDaoImpl.class);
>>>>>> // binder.bind(UnteraufgabeDao.class,
>>>>>> UnteraufgabeDaoImpl.class);
>>>>>> // binder.bind(UnterunteraufgabeDao.class,
>>>>>> UnterunteraufgabeDaoImpl.class);
>>>>>> //
>>>>>> // }
>>>>>>
>>>>>> public static void contributeFactoryDefaults(
>>>>>> MappedConfiguration<String, Object> configuration) {
>>>>>> // The application version number is incorprated into
>>>>>> URLs for some
>>>>>> // assets. Web browsers will cache assets because of
>>>>>> the far future
>>>>>> // expires
>>>>>> // header. If existing assets are changed, the version
>>>>>> number should
>>>>>> // also
>>>>>> // change, to force the browser to download new
>>>>>> versions. This overrides
>>>>>> // Tapesty's default
>>>>>> // (a random hexadecimal number), but may be further
>>>>>> overriden by
>>>>>> // DevelopmentModule or
>>>>>> // QaModule.
>>>>>> configuration.override(SymbolConstants.APPLICATION_VERSION,
>>>>>> "1.0-SNAPSHOT");
>>>>>> }
>>>>>>
>>>>>> public static void contributeApplicationDefaults(
>>>>>> MappedConfiguration<String, Object> configuration) {
>>>>>> // Contributions to ApplicationDefaults will override
>>>>>> any contributions
>>>>>> // to
>>>>>> // FactoryDefaults (with the same key). Here we're
>>>>>> restricting the
>>>>>> // supported
>>>>>> // locales to just "en" (English). As you add localised
>>>>>> message catalogs
>>>>>> // and other assets,
>>>>>> // you can extend this list of locales (it's a comma
>>>>>> separated series of
>>>>>> // locale names;
>>>>>> // the first locale name is the default when there's no
>>>>>> reasonable
>>>>>> // match).
>>>>>> // configuration.add(SymbolConstants.SUPPORTED_LOCALES,
>>>>>> "en");
>>>>>> configuration.add(SymbolConstants.SUPPORTED_LOCALES,
>>>>>> "de");
>>>>>> configuration.add(SymbolConstants.COMPRESS_WHITESPACE,
>>>>>> "true");
>>>>>>
>>>>>> }
>>>>>>
>>>>>> /**
>>>>>> * This is a service definition, the service will be named
>>>>>> "TimingFilter".
>>>>>> * The interface, RequestFilter, is used within the
>>>>>> RequestHandler service
>>>>>> * pipeline, which is built from the RequestHandler service
>>>>>> configuration.
>>>>>> * Tapestry IoC is responsible for passing in an
>>>>>> appropriate Logger
>>>>>> * instance. Requests for static resources are handled at a
>>>>>> higher level, so
>>>>>> * this filter will only be invoked for Tapestry related
>>>>>> requests.
>>>>>> * <p/>
>>>>>> * <p/>
>>>>>> * Service builder methods are useful when the
>>>>>> implementation is inline as
>>>>>> * an inner class (as here) or require some other kind of
>>>>>> special
>>>>>> * initialization. In most cases, use the static bind()
>>>>>> method instead.
>>>>>> * <p/>
>>>>>> * <p/>
>>>>>> * If this method was named "build", then the service id
>>>>>> would be taken from
>>>>>> * the service interface and would be "RequestFilter".
>>>>>> Since Tapestry
>>>>>> * already defines a service named "RequestFilter" we use
>>>>>> an explicit
>>>>>> * service id that we can reference inside the contribution
>>>>>> method.
>>>>>> */
>>>>>> public RequestFilter buildTimingFilter(final Logger log) {
>>>>>> return new RequestFilter() {
>>>>>> public boolean service(Request request, Response
>>>>>> response,
>>>>>> RequestHandler handler) throws IOException {
>>>>>> long startTime = System.currentTimeMillis();
>>>>>>
>>>>>> try {
>>>>>> // The responsibility of a filter is to
>>>>>> invoke the
>>>>>> // corresponding method
>>>>>> // in the handler. When you chain multiple
>>>>>> filters together,
>>>>>> // each filter
>>>>>> // received a handler that is a bridge to
>>>>>> the next filter.
>>>>>>
>>>>>> return handler.service(request, response);
>>>>>> } finally {
>>>>>> long elapsed = System.currentTimeMillis() -
>>>>>> startTime;
>>>>>>
>>>>>> log.info(String.format("Request time: %d
>>>>>> ms", elapsed));
>>>>>> }
>>>>>> }
>>>>>> };
>>>>>> }
>>>>>>
>>>>>> /**
>>>>>> * This is a contribution to the RequestHandler service
>>>>>> configuration. This
>>>>>> * is how we extend Tapestry using the timing filter. A
>>>>>> common use for this
>>>>>> * kind of filter is transaction management or security.
>>>>>> The @Local
>>>>>> * annotation selects the desired service by type, but only
>>>>>> from the same
>>>>>> * module. Without @Local, there would be an error due to
>>>>>> the other
>>>>>> * service(s) that implement RequestFilter (defined in
>>>>>> other modules).
>>>>>> */
>>>>>> public void
>>>>>> contributeRequestHandler(OrderedConfiguration<RequestFilter>
>>>>>> configuration, @Local RequestFilter filter) {
>>>>>> // Each contribution to an ordered configuration has a
>>>>>> name, When
>>>>>> // necessary, you may
>>>>>> // set constraints to precisely control the invocation
>>>>>> order of the
>>>>>> // contributed filter
>>>>>> // within the pipeline.
>>>>>>
>>>>>> configuration.add("Timing", filter);
>>>>>> }
>>>>>>
>>>>>>
>>>>>> @SuppressWarnings("unchecked")
>>>>>> public static void
>>>>>> contributeComponentRequestHandler(OrderedConfiguration
>>>>>> configuration) {
>>>>>> configuration.addInstance("RequiresLogin",
>>>>>> RequiresLoginFilter.class);
>>>>>>
>>>>>> }
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> }
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>>
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>>>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>>>>
>>>>
>>>> import java.io.IOException;
>>>>
>>>> import org.apache.tapestry5.services.ComponentEventRequestParameters;
>>>> import org.apache.tapestry5.services.ComponentRequestHandler;
>>>> import org.apache.tapestry5.services.PageRenderRequestParameters;
>>>>
>>>>
>>>> /**
>>>> * Filter interface for {@link
>>>> org.apache.tapestry5.services.ComponentRequestHandler}.
>>>> */
>>>> /**
>>>> * Our implementation of this filter will check the page referenced
>>>> in the request to see if it has the annotation.
>>>> * If the annotation is present and the user has not yet logged in,
>>>> we'll redirect to the Login page.
>>>> * When a redirect is not necessary, we delegate to the next handler
>>>> in the pipeline2:
>>>> */
>>>> public interface ComponentRequestFilter
>>>> {
>>>> /**
>>>> * Handler for a component action request which will trigger
>>>> an event on a component and use the return value to
>>>> * send a response to the client (typically, a redirect to a
>>>> page render URL).
>>>> *
>>>> * @param parameters defining the request
>>>> * @param handler next handler in the pipeline
>>>> */
>>>> void handleComponentEvent(ComponentEventRequestParameters
>>>> parameters, ComponentRequestHandler handler)
>>>> throws IOException;
>>>>
>>>> /**
>>>> * Invoked to activate and render a page. In certain cases,
>>>> based on values returned when activating the page, a
>>>> * {@link
>>>> org.apache.tapestry5.services.ComponentEventResultProcessor} may be
>>>> used to send an alternate response
>>>> * (typically, a redirect).
>>>> *
>>>> * @param parameters defines the page name and activation context
>>>> * @param handler next handler in the pipeline
>>>> */
>>>> void handlePageRender(PageRenderRequestParameters parameters,
>>>> ComponentRequestHandler handler) throws IOException;
>>>> }
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> import java.io.IOException;
>>>>
>>>> import org.apache.tapestry5.Link;
>>>> import org.apache.tapestry5.runtime.Component;
>>>> import org.apache.tapestry5.services.ComponentEventRequestParameters;
>>>> import org.apache.tapestry5.services.ComponentRequestHandler;
>>>> import org.apache.tapestry5.services.ComponentSource;
>>>> import org.apache.tapestry5.services.PageRenderLinkSource;
>>>> import org.apache.tapestry5.services.PageRenderRequestParameters;
>>>> import org.apache.tapestry5.services.Response;
>>>>
>>>>
>>>> import com.example.pms.annotations.*;
>>>>
>>>>
>>>> public class RequiresLoginFilter implements ComponentRequestFilter {
>>>>
>>>> private PageRenderLinkSource renderLinkSource;
>>>>
>>>> private ComponentSource componentSource;
>>>>
>>>> private Response response;
>>>>
>>>> // private final AuthenticationService authService;
>>>> private AuthenticatorImp authService;
>>>>
>>>>
>>>> public void PageAccessFilter(PageRenderLinkSource
>>>> renderLinkSource, ComponentSource componentSource,
>>>> Response response,
>>>> AuthenticatorImp authService) {
>>>>
>>>> this.renderLinkSource = renderLinkSource;
>>>> this.componentSource = componentSource;
>>>> this.response = response;
>>>> this.authService = authService;
>>>>
>>>> }
>>>>
>>>> public void handleComponentEvent(
>>>> ComponentEventRequestParameters parameters,
>>>> ComponentRequestHandler handler) throws IOException {
>>>>
>>>> if (dispatchedToLoginPage(parameters.getActivePageName())) {
>>>> return;
>>>> }
>>>>
>>>> handler.handleComponentEvent(parameters);
>>>>
>>>> }
>>>>
>>>> public void handlePageRender(PageRenderRequestParameters
>>>> parameters,
>>>> ComponentRequestHandler handler) throws IOException {
>>>>
>>>> if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
>>>> return;
>>>> }
>>>>
>>>> handler.handlePageRender(parameters);
>>>> }
>>>>
>>>> private boolean dispatchedToLoginPage(String pageName) throws
>>>> IOException {
>>>>
>>>> if (authService.isLoggedIn()) {
>>>> return false;
>>>> }
>>>>
>>>> Component page = componentSource.getPage(pageName);
>>>>
>>>> if (! page.getClass().isAnnotationPresent(RequiresLogin.class)) {
>>>> return false;
>>>> }
>>>>
>>>> Link link = renderLinkSource.createPageRenderLink("Index");
>>>>
>>>> response.sendRedirect(link);
>>>>
>>>> return true;
>>>> }
>>>> }
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Securing page with Tapestry
Posted by "Will N." <ll...@yahoo.fr>.
I have changed that but the exception remains... seems like the the
request the AuthenticatorImpl.java is null;
public boolean isLoggedIn() {
org.apache.tapestry5.services.Session session =
request.getSession(true); // request is null
if (session != null) { return session.getAttribute(AUTH_TOKEN)
!= null; }
return false;
}
Am i Suppose to pass the request to the constructor or to add anything
else in the AppModule?
Am 07.08.2013 17:18, schrieb D.R.:
> Hi,
>
> where is the registration of AuthenticatorImp implements
> AuthenticatorInterface? I can not see it in your binder.bind
>
> Your constructor looks weird:
> public void PageAccessFilter in class RequiresLoginFilter ???
>
> You should pass the interface there, not the impl.
>
>
> Kind regards
> David
>
> Am 07.08.2013 16:12, schrieb Willy Browne:
>> thanks for the help. I removed my Interface and now i get a NullPointerException
>> * RequiresLoginFilter.dispatchedToLoginPage(RequiresLoginFilter.java:66)
>> * services.RequiresLoginFilter.handlePageRender(RequiresLoginFilter.java:57)
>> * org.apache.tapestry5.services.InitializeActivePageName.handlePageRender(InitializeActivePageName.java:47)
>> * org.apache.tapestry5.internal.services.RootPathDispatcher.dispatch(RootPathDispatcher.java:66)
>> * org.apache.tapestry5.services.TapestryModule$RequestHandlerTerminator.service(TapestryModule.java:302)
>> * .services.PmsModule$1.service(PmsModule.java:115)
>> * org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:26)
>> * org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:902)
>> * org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:892)
>> * org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:90)
>> * org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:105)
>> * org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:95)
>> * org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85)
>> * org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:119)
>> * org.apache.tapestry5.services.TapestryModule$HttpServletRequestHandlerTerminator.service(TapestryModule.java:253)
>> * org.apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java:53)
>> * org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
>> * org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
>> * org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
>>
>> public class RequiresLoginFilter implements ComponentRequestFilter {
>> private PageRenderLinkSource renderLinkSource;
>>
>> private ComponentSource componentSource;
>> private Response response;
>>
>> private AuthenticatorImp authService;
>>
>> public void PageAccessFilter(PageRenderLinkSource renderLinkSource,
>> ComponentSource componentSource, Response response,
>> AuthenticatorImp authService) {
>>
>> this.renderLinkSource = renderLinkSource;
>> this.componentSource = componentSource;
>> this.response = response;
>> this.authService = authService;
>>
>> }
>>
>> public void handleComponentEvent(
>> ComponentEventRequestParameters parameters,
>> ComponentRequestHandler handler) throws IOException {
>>
>> if (dispatchedToLoginPage(parameters.getActivePageName())) {
>> return;
>> }
>>
>> handler.handleComponentEvent(parameters);
>>
>> }
>>
>> public void handlePageRender(PageRenderRequestParameters parameters,
>> ComponentRequestHandler handler) throws IOException {
>> if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
>> return;
>> }
>>
>> handler.handlePageRender(parameters);
>> }
>>
>> private boolean dispatchedToLoginPage(String pageName) throws IOException {
>> if (authService.isLoggedIn()) { // line 66
>> return false;
>> }
>>
>> Component page = componentSource.getPage(pageName);
>>
>> if (!page.getClass().isAnnotationPresent(RequiresLogin.class)) {
>> return false;
>> }
>>
>> Link link = renderLinkSource.createPageRenderLink("Login");
>>
>> response.sendRedirect(link);
>>
>> return true;
>> }
>> }
>>
>>
>> public class RequiresLoginFilter implements ComponentRequestFilter {
>> private PageRenderLinkSource renderLinkSource;
>>
>> private ComponentSource componentSource;
>> private Response response;
>>
>> private AuthenticatorImp authService;
>>
>> public void PageAccessFilter(PageRenderLinkSource renderLinkSource,
>> ComponentSource componentSource, Response response,
>> AuthenticatorImp authService) {
>>
>> this.renderLinkSource = renderLinkSource;
>> this.componentSource = componentSource;
>> this.response = response;
>> this.authService = authService;
>>
>> }
>>
>> public void handleComponentEvent(
>> ComponentEventRequestParameters parameters,
>> ComponentRequestHandler handler) throws IOException {
>>
>> if (dispatchedToLoginPage(parameters.getActivePageName())) {
>> return;
>> }
>>
>> handler.handleComponentEvent(parameters);
>>
>> }
>>
>> public void handlePageRender(PageRenderRequestParameters parameters,
>> ComponentRequestHandler handler) throws IOException {
>> if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
>> return;
>> }
>>
>> handler.handlePageRender(parameters);
>> }
>>
>> private boolean dispatchedToLoginPage(String pageName) throws IOException { // line 57
>> if (authService.isLoggedIn()) {
>> return false;
>> }
>>
>> Component page = componentSource.getPage(pageName);
>>
>> if (!page.getClass().isAnnotationPresent(RequiresLogin.class)) {
>> return false;
>> }
>>
>> Link link = renderLinkSource.createPageRenderLink("Login");
>>
>> response.sendRedirect(link);
>>
>> return true;
>> }
>> }
>>
>>
>>
>> public class AuthenticatorImp implements AuthenticatorInterface{
>>
>> public static final String AUTH_TOKEN = "authToken";
>> /**
>> *
>> */
>> public AuthenticatorImp() {
>> super();
>> // TODO Auto-generated constructor stub
>> }
>>
>> /**
>> * @param request
>> */
>> public AuthenticatorImp(Request request) {
>> super();
>> this.request = request;
>> }
>>
>>
>>
>>
>> @Inject
>> private Request request;
>> public Mitarbeiter getLoggedUser() {
>>
>> Mitarbeiter user = null;
>>
>> if (isLoggedIn())
>> user = (Mitarbeiter) request.getSession(true).getAttribute(AUTH_TOKEN);
>>
>> else
>> throw new IllegalStateException("The user is not logged ! ");
>>
>> return user;
>> }
>>
>> public boolean isLoggedIn() {
>> org.apache.tapestry5.services.Session session = request.getSession(true);
>> if (session != null) { return session.getAttribute(AUTH_TOKEN) != null; }
>> return false;
>>
>> }
>>
>> @SuppressWarnings("unchecked")
>> public void login(String nickName, String password, org.hibernate.Session session)
>> throws NoSuchAlgorithmException, UnsupportedEncodingException {
>> MitarbeiterDaoImpl mitarbeiterDao = new MitarbeiterDaoImpl( Mitarbeiter.class, session);
>> Mitarbeiter authUser = mitarbeiterDao.authenticate(nickName, Encrypt.MD5(password));
>>
>> try{
>> request.getSession(true).setAttribute(AUTH_TOKEN, authUser);
>> }
>> catch(NullPointerException e){
>> System.out.println("Beim Einlogen ist ein fehler aufgetreten");
>> }
>>
>>
>> }
>>
>> public void logout() {
>> org.apache.tapestry5.services.Session session = request.getSession(false);
>> if (session != null)
>> {
>> session.setAttribute(AUTH_TOKEN, null);
>> session.invalidate();
>> }
>> }
>>
>>
>> }
>>
>> ________________________________
>> De : Taha Hafeez Siddiqi <ta...@gmail.com>
>> À : Tapestry users <us...@tapestry.apache.org>
>> Envoyé le : Mardi 6 août 2013 14h41
>> Objet : Re: Securing page with Tapestry
>>
>>
>> Are you defining your own ComponentRequestFilter interface? As you have included the code for that I am assuming you have.
>>
>> You have to implement Tapestry's ComponentRequestFilter, not your own as you can't contribute to the RequestHandler any other implementation.
>>
>> regards
>> Taha
>>
>> On 06-Aug-2013, at 5:53 PM, Will N. <ll...@yahoo.fr> wrote:
>>
>>> Am 06.08.2013 14:13, schrieb Thiago H de Paula Figueiredo:
>>>> I'm sorry, I should have asked for your ComponentRequestFilter implementation source too. ;)
>>>>
>>>> On Tue, 06 Aug 2013 08:31:15 -0300, Will N. <ll...@yahoo.fr> wrote:
>>>>
>>>>> Am 06.08.2013 13:25, schrieb Thiago H de Paula Figueiredo:
>>>>>> On Tue, 06 Aug 2013 05:10:37 -0300, Will N. <ll...@yahoo.fr> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>> Hi!
>>>>>>
>>>>>>> I am trying secure some pages of my application as shown in this tutorial. http://tapestryjava.blogspot.co.uk/search/label/security
>>>>>>> But I am having following error message when I start the application.
>>>>>>> Since the RequiresLoginFilte class implements the ComponentRequestFilter interface, I am confused about the coertion error!
>>>>>> The error is weird. Could you post your PmsModule.contributeComponentRequestHandler() method
>>>>> /**
>>>>> * This module is automatically included as part of the Tapestry IoC Registry,
>>>>> * it's a good place to configure and extend Tapestry, or to place your own
>>>>> * service definitions. spring
>>>>> */
>>>>> public class PmsModule {
>>>>> // public static void bind(ServiceBinder binder) {
>>>>> // // binder.bind(MyServiceInterface.class, MyServiceImpl.class);
>>>>> //
>>>>> // // Make bind() calls on the binder object to define most IoC services.
>>>>> // // Use service builder methods (example below) when the implementation
>>>>> // // is provided inline, or requires more initialization than simply
>>>>> // // invoking the constructor.
>>>>> // binder.bind(ArbeitspaketDao.class, ArbeitspaketDaoImpl.class);
>>>>> // binder.bind(AufgabeDao.class, AufgabeDaoImpl.class);
>>>>> // binder.bind(BasicDao.class, BasicDaoImpl.class);
>>>>> // binder.bind(FunktionDao.class, FunktionDaoImpl.class);
>>>>> //// binder.bind(GrantedAuthorityBeanDao.class,
>>>>> //// GrantedAuthorityBeanDaoImpl.class);
>>>>> // binder.bind(MitarbeiterDao.class, MitarbeiterDaoImpl.class);
>>>>> // binder.bind(MitarbeiterProjektDao.class,
>>>>> // MitarbeiterProjektDaoImpl.class);
>>>>> // binder.bind(ModulDao.class, ModulDaoImpl.class);
>>>>> // binder.bind(PersonMonatDao.class, PersonMonatDaoImpl.class);
>>>>> // binder.bind(UserDataDao.class, UserDataDaoImpl.class);
>>>>> // binder.bind(ProjektDao.class, ProjektDaoImpl.class);
>>>>> // binder.bind(UnteraufgabeDao.class, UnteraufgabeDaoImpl.class);
>>>>> // binder.bind(UnterunteraufgabeDao.class, UnterunteraufgabeDaoImpl.class);
>>>>> //
>>>>> // }
>>>>>
>>>>> public static void contributeFactoryDefaults(
>>>>> MappedConfiguration<String, Object> configuration) {
>>>>> // The application version number is incorprated into URLs for some
>>>>> // assets. Web browsers will cache assets because of the far future
>>>>> // expires
>>>>> // header. If existing assets are changed, the version number should
>>>>> // also
>>>>> // change, to force the browser to download new versions. This overrides
>>>>> // Tapesty's default
>>>>> // (a random hexadecimal number), but may be further overriden by
>>>>> // DevelopmentModule or
>>>>> // QaModule.
>>>>> configuration.override(SymbolConstants.APPLICATION_VERSION,
>>>>> "1.0-SNAPSHOT");
>>>>> }
>>>>>
>>>>> public static void contributeApplicationDefaults(
>>>>> MappedConfiguration<String, Object> configuration) {
>>>>> // Contributions to ApplicationDefaults will override any contributions
>>>>> // to
>>>>> // FactoryDefaults (with the same key). Here we're restricting the
>>>>> // supported
>>>>> // locales to just "en" (English). As you add localised message catalogs
>>>>> // and other assets,
>>>>> // you can extend this list of locales (it's a comma separated series of
>>>>> // locale names;
>>>>> // the first locale name is the default when there's no reasonable
>>>>> // match).
>>>>> // configuration.add(SymbolConstants.SUPPORTED_LOCALES, "en");
>>>>> configuration.add(SymbolConstants.SUPPORTED_LOCALES, "de");
>>>>> configuration.add(SymbolConstants.COMPRESS_WHITESPACE, "true");
>>>>>
>>>>> }
>>>>>
>>>>> /**
>>>>> * This is a service definition, the service will be named "TimingFilter".
>>>>> * The interface, RequestFilter, is used within the RequestHandler service
>>>>> * pipeline, which is built from the RequestHandler service configuration.
>>>>> * Tapestry IoC is responsible for passing in an appropriate Logger
>>>>> * instance. Requests for static resources are handled at a higher level, so
>>>>> * this filter will only be invoked for Tapestry related requests.
>>>>> * <p/>
>>>>> * <p/>
>>>>> * Service builder methods are useful when the implementation is inline as
>>>>> * an inner class (as here) or require some other kind of special
>>>>> * initialization. In most cases, use the static bind() method instead.
>>>>> * <p/>
>>>>> * <p/>
>>>>> * If this method was named "build", then the service id would be taken from
>>>>> * the service interface and would be "RequestFilter". Since Tapestry
>>>>> * already defines a service named "RequestFilter" we use an explicit
>>>>> * service id that we can reference inside the contribution method.
>>>>> */
>>>>> public RequestFilter buildTimingFilter(final Logger log) {
>>>>> return new RequestFilter() {
>>>>> public boolean service(Request request, Response response,
>>>>> RequestHandler handler) throws IOException {
>>>>> long startTime = System.currentTimeMillis();
>>>>>
>>>>> try {
>>>>> // The responsibility of a filter is to invoke the
>>>>> // corresponding method
>>>>> // in the handler. When you chain multiple filters together,
>>>>> // each filter
>>>>> // received a handler that is a bridge to the next filter.
>>>>>
>>>>> return handler.service(request, response);
>>>>> } finally {
>>>>> long elapsed = System.currentTimeMillis() - startTime;
>>>>>
>>>>> log.info(String.format("Request time: %d ms", elapsed));
>>>>> }
>>>>> }
>>>>> };
>>>>> }
>>>>>
>>>>> /**
>>>>> * This is a contribution to the RequestHandler service configuration. This
>>>>> * is how we extend Tapestry using the timing filter. A common use for this
>>>>> * kind of filter is transaction management or security. The @Local
>>>>> * annotation selects the desired service by type, but only from the same
>>>>> * module. Without @Local, there would be an error due to the other
>>>>> * service(s) that implement RequestFilter (defined in other modules).
>>>>> */
>>>>> public void contributeRequestHandler(OrderedConfiguration<RequestFilter> configuration, @Local RequestFilter filter) {
>>>>> // Each contribution to an ordered configuration has a name, When
>>>>> // necessary, you may
>>>>> // set constraints to precisely control the invocation order of the
>>>>> // contributed filter
>>>>> // within the pipeline.
>>>>>
>>>>> configuration.add("Timing", filter);
>>>>> }
>>>>>
>>>>>
>>>>> @SuppressWarnings("unchecked")
>>>>> public static void contributeComponentRequestHandler(OrderedConfiguration configuration) {
>>>>> configuration.addInstance("RequiresLogin", RequiresLoginFilter.class);
>>>>>
>>>>> }
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> }
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>>>
>>>
>>> import java.io.IOException;
>>>
>>> import org.apache.tapestry5.services.ComponentEventRequestParameters;
>>> import org.apache.tapestry5.services.ComponentRequestHandler;
>>> import org.apache.tapestry5.services.PageRenderRequestParameters;
>>>
>>>
>>> /**
>>> * Filter interface for {@link org.apache.tapestry5.services.ComponentRequestHandler}.
>>> */
>>> /**
>>> * Our implementation of this filter will check the page referenced in the request to see if it has the annotation.
>>> * If the annotation is present and the user has not yet logged in, we'll redirect to the Login page.
>>> * When a redirect is not necessary, we delegate to the next handler in the pipeline2:
>>> */
>>> public interface ComponentRequestFilter
>>> {
>>> /**
>>> * Handler for a component action request which will trigger an event on a component and use the return value to
>>> * send a response to the client (typically, a redirect to a page render URL).
>>> *
>>> * @param parameters defining the request
>>> * @param handler next handler in the pipeline
>>> */
>>> void handleComponentEvent(ComponentEventRequestParameters parameters, ComponentRequestHandler handler)
>>> throws IOException;
>>>
>>> /**
>>> * Invoked to activate and render a page. In certain cases, based on values returned when activating the page, a
>>> * {@link org.apache.tapestry5.services.ComponentEventResultProcessor} may be used to send an alternate response
>>> * (typically, a redirect).
>>> *
>>> * @param parameters defines the page name and activation context
>>> * @param handler next handler in the pipeline
>>> */
>>> void handlePageRender(PageRenderRequestParameters parameters, ComponentRequestHandler handler) throws IOException;
>>> }
>>>
>>>
>>>
>>>
>>>
>>>
>>> import java.io.IOException;
>>>
>>> import org.apache.tapestry5.Link;
>>> import org.apache.tapestry5.runtime.Component;
>>> import org.apache.tapestry5.services.ComponentEventRequestParameters;
>>> import org.apache.tapestry5.services.ComponentRequestHandler;
>>> import org.apache.tapestry5.services.ComponentSource;
>>> import org.apache.tapestry5.services.PageRenderLinkSource;
>>> import org.apache.tapestry5.services.PageRenderRequestParameters;
>>> import org.apache.tapestry5.services.Response;
>>>
>>>
>>> import com.example.pms.annotations.*;
>>>
>>>
>>> public class RequiresLoginFilter implements ComponentRequestFilter {
>>>
>>> private PageRenderLinkSource renderLinkSource;
>>>
>>> private ComponentSource componentSource;
>>>
>>> private Response response;
>>>
>>> // private final AuthenticationService authService;
>>> private AuthenticatorImp authService;
>>>
>>>
>>> public void PageAccessFilter(PageRenderLinkSource renderLinkSource, ComponentSource componentSource,
>>> Response response, AuthenticatorImp authService) {
>>>
>>> this.renderLinkSource = renderLinkSource;
>>> this.componentSource = componentSource;
>>> this.response = response;
>>> this.authService = authService;
>>>
>>> }
>>>
>>> public void handleComponentEvent(
>>> ComponentEventRequestParameters parameters,
>>> ComponentRequestHandler handler) throws IOException {
>>>
>>> if (dispatchedToLoginPage(parameters.getActivePageName())) {
>>> return;
>>> }
>>>
>>> handler.handleComponentEvent(parameters);
>>>
>>> }
>>>
>>> public void handlePageRender(PageRenderRequestParameters parameters,
>>> ComponentRequestHandler handler) throws IOException {
>>>
>>> if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
>>> return;
>>> }
>>>
>>> handler.handlePageRender(parameters);
>>> }
>>>
>>> private boolean dispatchedToLoginPage(String pageName) throws IOException {
>>>
>>> if (authService.isLoggedIn()) {
>>> return false;
>>> }
>>>
>>> Component page = componentSource.getPage(pageName);
>>>
>>> if (! page.getClass().isAnnotationPresent(RequiresLogin.class)) {
>>> return false;
>>> }
>>>
>>> Link link = renderLinkSource.createPageRenderLink("Index");
>>>
>>> response.sendRedirect(link);
>>>
>>> return true;
>>> }
>>> }
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Securing page with Tapestry
Posted by "D.R." <d....@googlemail.com>.
Hi,
where is the registration of AuthenticatorImp implements
AuthenticatorInterface? I can not see it in your binder.bind
Your constructor looks weird:
public void PageAccessFilter in class RequiresLoginFilter ???
You should pass the interface there, not the impl.
Kind regards
David
Am 07.08.2013 16:12, schrieb Willy Browne:
> thanks for the help. I removed my Interface and now i get a NullPointerException
> * RequiresLoginFilter.dispatchedToLoginPage(RequiresLoginFilter.java:66)
> * services.RequiresLoginFilter.handlePageRender(RequiresLoginFilter.java:57)
> * org.apache.tapestry5.services.InitializeActivePageName.handlePageRender(InitializeActivePageName.java:47)
> * org.apache.tapestry5.internal.services.RootPathDispatcher.dispatch(RootPathDispatcher.java:66)
> * org.apache.tapestry5.services.TapestryModule$RequestHandlerTerminator.service(TapestryModule.java:302)
> * .services.PmsModule$1.service(PmsModule.java:115)
> * org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:26)
> * org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:902)
> * org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:892)
> * org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:90)
> * org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:105)
> * org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:95)
> * org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85)
> * org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:119)
> * org.apache.tapestry5.services.TapestryModule$HttpServletRequestHandlerTerminator.service(TapestryModule.java:253)
> * org.apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java:53)
> * org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
> * org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
> * org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
>
> public class RequiresLoginFilter implements ComponentRequestFilter {
> private PageRenderLinkSource renderLinkSource;
>
> private ComponentSource componentSource;
> private Response response;
>
> private AuthenticatorImp authService;
>
> public void PageAccessFilter(PageRenderLinkSource renderLinkSource,
> ComponentSource componentSource, Response response,
> AuthenticatorImp authService) {
>
> this.renderLinkSource = renderLinkSource;
> this.componentSource = componentSource;
> this.response = response;
> this.authService = authService;
>
> }
>
> public void handleComponentEvent(
> ComponentEventRequestParameters parameters,
> ComponentRequestHandler handler) throws IOException {
>
> if (dispatchedToLoginPage(parameters.getActivePageName())) {
> return;
> }
>
> handler.handleComponentEvent(parameters);
>
> }
>
> public void handlePageRender(PageRenderRequestParameters parameters,
> ComponentRequestHandler handler) throws IOException {
> if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
> return;
> }
>
> handler.handlePageRender(parameters);
> }
>
> private boolean dispatchedToLoginPage(String pageName) throws IOException {
> if (authService.isLoggedIn()) { // line 66
> return false;
> }
>
> Component page = componentSource.getPage(pageName);
>
> if (!page.getClass().isAnnotationPresent(RequiresLogin.class)) {
> return false;
> }
>
> Link link = renderLinkSource.createPageRenderLink("Login");
>
> response.sendRedirect(link);
>
> return true;
> }
> }
>
>
> public class RequiresLoginFilter implements ComponentRequestFilter {
> private PageRenderLinkSource renderLinkSource;
>
> private ComponentSource componentSource;
> private Response response;
>
> private AuthenticatorImp authService;
>
> public void PageAccessFilter(PageRenderLinkSource renderLinkSource,
> ComponentSource componentSource, Response response,
> AuthenticatorImp authService) {
>
> this.renderLinkSource = renderLinkSource;
> this.componentSource = componentSource;
> this.response = response;
> this.authService = authService;
>
> }
>
> public void handleComponentEvent(
> ComponentEventRequestParameters parameters,
> ComponentRequestHandler handler) throws IOException {
>
> if (dispatchedToLoginPage(parameters.getActivePageName())) {
> return;
> }
>
> handler.handleComponentEvent(parameters);
>
> }
>
> public void handlePageRender(PageRenderRequestParameters parameters,
> ComponentRequestHandler handler) throws IOException {
> if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
> return;
> }
>
> handler.handlePageRender(parameters);
> }
>
> private boolean dispatchedToLoginPage(String pageName) throws IOException { // line 57
> if (authService.isLoggedIn()) {
> return false;
> }
>
> Component page = componentSource.getPage(pageName);
>
> if (!page.getClass().isAnnotationPresent(RequiresLogin.class)) {
> return false;
> }
>
> Link link = renderLinkSource.createPageRenderLink("Login");
>
> response.sendRedirect(link);
>
> return true;
> }
> }
>
>
>
> public class AuthenticatorImp implements AuthenticatorInterface{
>
> public static final String AUTH_TOKEN = "authToken";
> /**
> *
> */
> public AuthenticatorImp() {
> super();
> // TODO Auto-generated constructor stub
> }
>
> /**
> * @param request
> */
> public AuthenticatorImp(Request request) {
> super();
> this.request = request;
> }
>
>
>
>
> @Inject
> private Request request;
> public Mitarbeiter getLoggedUser() {
>
> Mitarbeiter user = null;
>
> if (isLoggedIn())
> user = (Mitarbeiter) request.getSession(true).getAttribute(AUTH_TOKEN);
>
> else
> throw new IllegalStateException("The user is not logged ! ");
>
> return user;
> }
>
> public boolean isLoggedIn() {
> org.apache.tapestry5.services.Session session = request.getSession(true);
> if (session != null) { return session.getAttribute(AUTH_TOKEN) != null; }
> return false;
>
> }
>
> @SuppressWarnings("unchecked")
> public void login(String nickName, String password, org.hibernate.Session session)
> throws NoSuchAlgorithmException, UnsupportedEncodingException {
> MitarbeiterDaoImpl mitarbeiterDao = new MitarbeiterDaoImpl( Mitarbeiter.class, session);
> Mitarbeiter authUser = mitarbeiterDao.authenticate(nickName, Encrypt.MD5(password));
>
> try{
> request.getSession(true).setAttribute(AUTH_TOKEN, authUser);
> }
> catch(NullPointerException e){
> System.out.println("Beim Einlogen ist ein fehler aufgetreten");
> }
>
>
> }
>
> public void logout() {
> org.apache.tapestry5.services.Session session = request.getSession(false);
> if (session != null)
> {
> session.setAttribute(AUTH_TOKEN, null);
> session.invalidate();
> }
> }
>
>
> }
>
> ________________________________
> De : Taha Hafeez Siddiqi <ta...@gmail.com>
> À : Tapestry users <us...@tapestry.apache.org>
> Envoyé le : Mardi 6 août 2013 14h41
> Objet : Re: Securing page with Tapestry
>
>
> Are you defining your own ComponentRequestFilter interface? As you have included the code for that I am assuming you have.
>
> You have to implement Tapestry's ComponentRequestFilter, not your own as you can't contribute to the RequestHandler any other implementation.
>
> regards
> Taha
>
> On 06-Aug-2013, at 5:53 PM, Will N. <ll...@yahoo.fr> wrote:
>
>> Am 06.08.2013 14:13, schrieb Thiago H de Paula Figueiredo:
>>> I'm sorry, I should have asked for your ComponentRequestFilter implementation source too. ;)
>>>
>>> On Tue, 06 Aug 2013 08:31:15 -0300, Will N. <ll...@yahoo.fr> wrote:
>>>
>>>> Am 06.08.2013 13:25, schrieb Thiago H de Paula Figueiredo:
>>>>> On Tue, 06 Aug 2013 05:10:37 -0300, Will N. <ll...@yahoo.fr> wrote:
>>>>>
>>>>>> Hi,
>>>>> Hi!
>>>>>
>>>>>> I am trying secure some pages of my application as shown in this tutorial. http://tapestryjava.blogspot.co.uk/search/label/security
>>>>>> But I am having following error message when I start the application.
>>>>>> Since the RequiresLoginFilte class implements the ComponentRequestFilter interface, I am confused about the coertion error!
>>>>> The error is weird. Could you post your PmsModule.contributeComponentRequestHandler() method
>>>> /**
>>>> * This module is automatically included as part of the Tapestry IoC Registry,
>>>> * it's a good place to configure and extend Tapestry, or to place your own
>>>> * service definitions. spring
>>>> */
>>>> public class PmsModule {
>>>> // public static void bind(ServiceBinder binder) {
>>>> // // binder.bind(MyServiceInterface.class, MyServiceImpl.class);
>>>> //
>>>> // // Make bind() calls on the binder object to define most IoC services.
>>>> // // Use service builder methods (example below) when the implementation
>>>> // // is provided inline, or requires more initialization than simply
>>>> // // invoking the constructor.
>>>> // binder.bind(ArbeitspaketDao.class, ArbeitspaketDaoImpl.class);
>>>> // binder.bind(AufgabeDao.class, AufgabeDaoImpl.class);
>>>> // binder.bind(BasicDao.class, BasicDaoImpl.class);
>>>> // binder.bind(FunktionDao.class, FunktionDaoImpl.class);
>>>> //// binder.bind(GrantedAuthorityBeanDao.class,
>>>> //// GrantedAuthorityBeanDaoImpl.class);
>>>> // binder.bind(MitarbeiterDao.class, MitarbeiterDaoImpl.class);
>>>> // binder.bind(MitarbeiterProjektDao.class,
>>>> // MitarbeiterProjektDaoImpl.class);
>>>> // binder.bind(ModulDao.class, ModulDaoImpl.class);
>>>> // binder.bind(PersonMonatDao.class, PersonMonatDaoImpl.class);
>>>> // binder.bind(UserDataDao.class, UserDataDaoImpl.class);
>>>> // binder.bind(ProjektDao.class, ProjektDaoImpl.class);
>>>> // binder.bind(UnteraufgabeDao.class, UnteraufgabeDaoImpl.class);
>>>> // binder.bind(UnterunteraufgabeDao.class, UnterunteraufgabeDaoImpl.class);
>>>> //
>>>> // }
>>>>
>>>> public static void contributeFactoryDefaults(
>>>> MappedConfiguration<String, Object> configuration) {
>>>> // The application version number is incorprated into URLs for some
>>>> // assets. Web browsers will cache assets because of the far future
>>>> // expires
>>>> // header. If existing assets are changed, the version number should
>>>> // also
>>>> // change, to force the browser to download new versions. This overrides
>>>> // Tapesty's default
>>>> // (a random hexadecimal number), but may be further overriden by
>>>> // DevelopmentModule or
>>>> // QaModule.
>>>> configuration.override(SymbolConstants.APPLICATION_VERSION,
>>>> "1.0-SNAPSHOT");
>>>> }
>>>>
>>>> public static void contributeApplicationDefaults(
>>>> MappedConfiguration<String, Object> configuration) {
>>>> // Contributions to ApplicationDefaults will override any contributions
>>>> // to
>>>> // FactoryDefaults (with the same key). Here we're restricting the
>>>> // supported
>>>> // locales to just "en" (English). As you add localised message catalogs
>>>> // and other assets,
>>>> // you can extend this list of locales (it's a comma separated series of
>>>> // locale names;
>>>> // the first locale name is the default when there's no reasonable
>>>> // match).
>>>> // configuration.add(SymbolConstants.SUPPORTED_LOCALES, "en");
>>>> configuration.add(SymbolConstants.SUPPORTED_LOCALES, "de");
>>>> configuration.add(SymbolConstants.COMPRESS_WHITESPACE, "true");
>>>>
>>>> }
>>>>
>>>> /**
>>>> * This is a service definition, the service will be named "TimingFilter".
>>>> * The interface, RequestFilter, is used within the RequestHandler service
>>>> * pipeline, which is built from the RequestHandler service configuration.
>>>> * Tapestry IoC is responsible for passing in an appropriate Logger
>>>> * instance. Requests for static resources are handled at a higher level, so
>>>> * this filter will only be invoked for Tapestry related requests.
>>>> * <p/>
>>>> * <p/>
>>>> * Service builder methods are useful when the implementation is inline as
>>>> * an inner class (as here) or require some other kind of special
>>>> * initialization. In most cases, use the static bind() method instead.
>>>> * <p/>
>>>> * <p/>
>>>> * If this method was named "build", then the service id would be taken from
>>>> * the service interface and would be "RequestFilter". Since Tapestry
>>>> * already defines a service named "RequestFilter" we use an explicit
>>>> * service id that we can reference inside the contribution method.
>>>> */
>>>> public RequestFilter buildTimingFilter(final Logger log) {
>>>> return new RequestFilter() {
>>>> public boolean service(Request request, Response response,
>>>> RequestHandler handler) throws IOException {
>>>> long startTime = System.currentTimeMillis();
>>>>
>>>> try {
>>>> // The responsibility of a filter is to invoke the
>>>> // corresponding method
>>>> // in the handler. When you chain multiple filters together,
>>>> // each filter
>>>> // received a handler that is a bridge to the next filter.
>>>>
>>>> return handler.service(request, response);
>>>> } finally {
>>>> long elapsed = System.currentTimeMillis() - startTime;
>>>>
>>>> log.info(String.format("Request time: %d ms", elapsed));
>>>> }
>>>> }
>>>> };
>>>> }
>>>>
>>>> /**
>>>> * This is a contribution to the RequestHandler service configuration. This
>>>> * is how we extend Tapestry using the timing filter. A common use for this
>>>> * kind of filter is transaction management or security. The @Local
>>>> * annotation selects the desired service by type, but only from the same
>>>> * module. Without @Local, there would be an error due to the other
>>>> * service(s) that implement RequestFilter (defined in other modules).
>>>> */
>>>> public void contributeRequestHandler(OrderedConfiguration<RequestFilter> configuration, @Local RequestFilter filter) {
>>>> // Each contribution to an ordered configuration has a name, When
>>>> // necessary, you may
>>>> // set constraints to precisely control the invocation order of the
>>>> // contributed filter
>>>> // within the pipeline.
>>>>
>>>> configuration.add("Timing", filter);
>>>> }
>>>>
>>>>
>>>> @SuppressWarnings("unchecked")
>>>> public static void contributeComponentRequestHandler(OrderedConfiguration configuration) {
>>>> configuration.addInstance("RequiresLogin", RequiresLoginFilter.class);
>>>>
>>>> }
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> }
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>>
>>>
>>
>>
>> import java.io.IOException;
>>
>> import org.apache.tapestry5.services.ComponentEventRequestParameters;
>> import org.apache.tapestry5.services.ComponentRequestHandler;
>> import org.apache.tapestry5.services.PageRenderRequestParameters;
>>
>>
>> /**
>> * Filter interface for {@link org.apache.tapestry5.services.ComponentRequestHandler}.
>> */
>> /**
>> * Our implementation of this filter will check the page referenced in the request to see if it has the annotation.
>> * If the annotation is present and the user has not yet logged in, we'll redirect to the Login page.
>> * When a redirect is not necessary, we delegate to the next handler in the pipeline2:
>> */
>> public interface ComponentRequestFilter
>> {
>> /**
>> * Handler for a component action request which will trigger an event on a component and use the return value to
>> * send a response to the client (typically, a redirect to a page render URL).
>> *
>> * @param parameters defining the request
>> * @param handler next handler in the pipeline
>> */
>> void handleComponentEvent(ComponentEventRequestParameters parameters, ComponentRequestHandler handler)
>> throws IOException;
>>
>> /**
>> * Invoked to activate and render a page. In certain cases, based on values returned when activating the page, a
>> * {@link org.apache.tapestry5.services.ComponentEventResultProcessor} may be used to send an alternate response
>> * (typically, a redirect).
>> *
>> * @param parameters defines the page name and activation context
>> * @param handler next handler in the pipeline
>> */
>> void handlePageRender(PageRenderRequestParameters parameters, ComponentRequestHandler handler) throws IOException;
>> }
>>
>>
>>
>>
>>
>>
>> import java.io.IOException;
>>
>> import org.apache.tapestry5.Link;
>> import org.apache.tapestry5.runtime.Component;
>> import org.apache.tapestry5.services.ComponentEventRequestParameters;
>> import org.apache.tapestry5.services.ComponentRequestHandler;
>> import org.apache.tapestry5.services.ComponentSource;
>> import org.apache.tapestry5.services.PageRenderLinkSource;
>> import org.apache.tapestry5.services.PageRenderRequestParameters;
>> import org.apache.tapestry5.services.Response;
>>
>>
>> import com.example.pms.annotations.*;
>>
>>
>> public class RequiresLoginFilter implements ComponentRequestFilter {
>>
>> private PageRenderLinkSource renderLinkSource;
>>
>> private ComponentSource componentSource;
>>
>> private Response response;
>>
>> // private final AuthenticationService authService;
>> private AuthenticatorImp authService;
>>
>>
>> public void PageAccessFilter(PageRenderLinkSource renderLinkSource, ComponentSource componentSource,
>> Response response, AuthenticatorImp authService) {
>>
>> this.renderLinkSource = renderLinkSource;
>> this.componentSource = componentSource;
>> this.response = response;
>> this.authService = authService;
>>
>> }
>>
>> public void handleComponentEvent(
>> ComponentEventRequestParameters parameters,
>> ComponentRequestHandler handler) throws IOException {
>>
>> if (dispatchedToLoginPage(parameters.getActivePageName())) {
>> return;
>> }
>>
>> handler.handleComponentEvent(parameters);
>>
>> }
>>
>> public void handlePageRender(PageRenderRequestParameters parameters,
>> ComponentRequestHandler handler) throws IOException {
>>
>> if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
>> return;
>> }
>>
>> handler.handlePageRender(parameters);
>> }
>>
>> private boolean dispatchedToLoginPage(String pageName) throws IOException {
>>
>> if (authService.isLoggedIn()) {
>> return false;
>> }
>>
>> Component page = componentSource.getPage(pageName);
>>
>> if (! page.getClass().isAnnotationPresent(RequiresLogin.class)) {
>> return false;
>> }
>>
>> Link link = renderLinkSource.createPageRenderLink("Index");
>>
>> response.sendRedirect(link);
>>
>> return true;
>> }
>> }
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Securing page with Tapestry
Posted by Willy Browne <ll...@yahoo.fr>.
thanks for the help. I removed my Interface and now i get a NullPointerException
* RequiresLoginFilter.dispatchedToLoginPage(RequiresLoginFilter.java:66)
* services.RequiresLoginFilter.handlePageRender(RequiresLoginFilter.java:57)
* org.apache.tapestry5.services.InitializeActivePageName.handlePageRender(InitializeActivePageName.java:47)
* org.apache.tapestry5.internal.services.RootPathDispatcher.dispatch(RootPathDispatcher.java:66)
* org.apache.tapestry5.services.TapestryModule$RequestHandlerTerminator.service(TapestryModule.java:302)
* .services.PmsModule$1.service(PmsModule.java:115)
* org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:26)
* org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:902)
* org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:892)
* org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:90)
* org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:105)
* org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:95)
* org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85)
* org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:119)
* org.apache.tapestry5.services.TapestryModule$HttpServletRequestHandlerTerminator.service(TapestryModule.java:253)
* org.apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java:53)
* org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
* org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
* org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
public class RequiresLoginFilter implements ComponentRequestFilter {
private PageRenderLinkSource renderLinkSource;
private ComponentSource componentSource;
private Response response;
private AuthenticatorImp authService;
public void PageAccessFilter(PageRenderLinkSource renderLinkSource,
ComponentSource componentSource, Response response,
AuthenticatorImp authService) {
this.renderLinkSource = renderLinkSource;
this.componentSource = componentSource;
this.response = response;
this.authService = authService;
}
public void handleComponentEvent(
ComponentEventRequestParameters parameters,
ComponentRequestHandler handler) throws IOException {
if (dispatchedToLoginPage(parameters.getActivePageName())) {
return;
}
handler.handleComponentEvent(parameters);
}
public void handlePageRender(PageRenderRequestParameters parameters,
ComponentRequestHandler handler) throws IOException {
if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
return;
}
handler.handlePageRender(parameters);
}
private boolean dispatchedToLoginPage(String pageName) throws IOException {
if (authService.isLoggedIn()) { // line 66
return false;
}
Component page = componentSource.getPage(pageName);
if (!page.getClass().isAnnotationPresent(RequiresLogin.class)) {
return false;
}
Link link = renderLinkSource.createPageRenderLink("Login");
response.sendRedirect(link);
return true;
}
}
public class RequiresLoginFilter implements ComponentRequestFilter {
private PageRenderLinkSource renderLinkSource;
private ComponentSource componentSource;
private Response response;
private AuthenticatorImp authService;
public void PageAccessFilter(PageRenderLinkSource renderLinkSource,
ComponentSource componentSource, Response response,
AuthenticatorImp authService) {
this.renderLinkSource = renderLinkSource;
this.componentSource = componentSource;
this.response = response;
this.authService = authService;
}
public void handleComponentEvent(
ComponentEventRequestParameters parameters,
ComponentRequestHandler handler) throws IOException {
if (dispatchedToLoginPage(parameters.getActivePageName())) {
return;
}
handler.handleComponentEvent(parameters);
}
public void handlePageRender(PageRenderRequestParameters parameters,
ComponentRequestHandler handler) throws IOException {
if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
return;
}
handler.handlePageRender(parameters);
}
private boolean dispatchedToLoginPage(String pageName) throws IOException { // line 57
if (authService.isLoggedIn()) {
return false;
}
Component page = componentSource.getPage(pageName);
if (!page.getClass().isAnnotationPresent(RequiresLogin.class)) {
return false;
}
Link link = renderLinkSource.createPageRenderLink("Login");
response.sendRedirect(link);
return true;
}
}
public class AuthenticatorImp implements AuthenticatorInterface{
public static final String AUTH_TOKEN = "authToken";
/**
*
*/
public AuthenticatorImp() {
super();
// TODO Auto-generated constructor stub
}
/**
* @param request
*/
public AuthenticatorImp(Request request) {
super();
this.request = request;
}
@Inject
private Request request;
public Mitarbeiter getLoggedUser() {
Mitarbeiter user = null;
if (isLoggedIn())
user = (Mitarbeiter) request.getSession(true).getAttribute(AUTH_TOKEN);
else
throw new IllegalStateException("The user is not logged ! ");
return user;
}
public boolean isLoggedIn() {
org.apache.tapestry5.services.Session session = request.getSession(true);
if (session != null) { return session.getAttribute(AUTH_TOKEN) != null; }
return false;
}
@SuppressWarnings("unchecked")
public void login(String nickName, String password, org.hibernate.Session session)
throws NoSuchAlgorithmException, UnsupportedEncodingException {
MitarbeiterDaoImpl mitarbeiterDao = new MitarbeiterDaoImpl( Mitarbeiter.class, session);
Mitarbeiter authUser = mitarbeiterDao.authenticate(nickName, Encrypt.MD5(password));
try{
request.getSession(true).setAttribute(AUTH_TOKEN, authUser);
}
catch(NullPointerException e){
System.out.println("Beim Einlogen ist ein fehler aufgetreten");
}
}
public void logout() {
org.apache.tapestry5.services.Session session = request.getSession(false);
if (session != null)
{
session.setAttribute(AUTH_TOKEN, null);
session.invalidate();
}
}
}
________________________________
De : Taha Hafeez Siddiqi <ta...@gmail.com>
À : Tapestry users <us...@tapestry.apache.org>
Envoyé le : Mardi 6 août 2013 14h41
Objet : Re: Securing page with Tapestry
Are you defining your own ComponentRequestFilter interface? As you have included the code for that I am assuming you have.
You have to implement Tapestry's ComponentRequestFilter, not your own as you can't contribute to the RequestHandler any other implementation.
regards
Taha
On 06-Aug-2013, at 5:53 PM, Will N. <ll...@yahoo.fr> wrote:
> Am 06.08.2013 14:13, schrieb Thiago H de Paula Figueiredo:
>> I'm sorry, I should have asked for your ComponentRequestFilter implementation source too. ;)
>>
>> On Tue, 06 Aug 2013 08:31:15 -0300, Will N. <ll...@yahoo.fr> wrote:
>>
>>> Am 06.08.2013 13:25, schrieb Thiago H de Paula Figueiredo:
>>>> On Tue, 06 Aug 2013 05:10:37 -0300, Will N. <ll...@yahoo.fr> wrote:
>>>>
>>>>> Hi,
>>>>
>>>> Hi!
>>>>
>>>>> I am trying secure some pages of my application as shown in this tutorial. http://tapestryjava.blogspot.co.uk/search/label/security
>>>>> But I am having following error message when I start the application.
>>>>> Since the RequiresLoginFilte class implements the ComponentRequestFilter interface, I am confused about the coertion error!
>>>>
>>>> The error is weird. Could you post your PmsModule.contributeComponentRequestHandler() method
>>> /**
>>> * This module is automatically included as part of the Tapestry IoC Registry,
>>> * it's a good place to configure and extend Tapestry, or to place your own
>>> * service definitions. spring
>>> */
>>> public class PmsModule {
>>> // public static void bind(ServiceBinder binder) {
>>> // // binder.bind(MyServiceInterface.class, MyServiceImpl.class);
>>> //
>>> // // Make bind() calls on the binder object to define most IoC services.
>>> // // Use service builder methods (example below) when the implementation
>>> // // is provided inline, or requires more initialization than simply
>>> // // invoking the constructor.
>>> // binder.bind(ArbeitspaketDao.class, ArbeitspaketDaoImpl.class);
>>> // binder.bind(AufgabeDao.class, AufgabeDaoImpl.class);
>>> // binder.bind(BasicDao.class, BasicDaoImpl.class);
>>> // binder.bind(FunktionDao.class, FunktionDaoImpl.class);
>>> //// binder.bind(GrantedAuthorityBeanDao.class,
>>> //// GrantedAuthorityBeanDaoImpl.class);
>>> // binder.bind(MitarbeiterDao.class, MitarbeiterDaoImpl.class);
>>> // binder.bind(MitarbeiterProjektDao.class,
>>> // MitarbeiterProjektDaoImpl.class);
>>> // binder.bind(ModulDao.class, ModulDaoImpl.class);
>>> // binder.bind(PersonMonatDao.class, PersonMonatDaoImpl.class);
>>> // binder.bind(UserDataDao.class, UserDataDaoImpl.class);
>>> // binder.bind(ProjektDao.class, ProjektDaoImpl.class);
>>> // binder.bind(UnteraufgabeDao.class, UnteraufgabeDaoImpl.class);
>>> // binder.bind(UnterunteraufgabeDao.class, UnterunteraufgabeDaoImpl.class);
>>> //
>>> // }
>>>
>>> public static void contributeFactoryDefaults(
>>> MappedConfiguration<String, Object> configuration) {
>>> // The application version number is incorprated into URLs for some
>>> // assets. Web browsers will cache assets because of the far future
>>> // expires
>>> // header. If existing assets are changed, the version number should
>>> // also
>>> // change, to force the browser to download new versions. This overrides
>>> // Tapesty's default
>>> // (a random hexadecimal number), but may be further overriden by
>>> // DevelopmentModule or
>>> // QaModule.
>>> configuration.override(SymbolConstants.APPLICATION_VERSION,
>>> "1.0-SNAPSHOT");
>>> }
>>>
>>> public static void contributeApplicationDefaults(
>>> MappedConfiguration<String, Object> configuration) {
>>> // Contributions to ApplicationDefaults will override any contributions
>>> // to
>>> // FactoryDefaults (with the same key). Here we're restricting the
>>> // supported
>>> // locales to just "en" (English). As you add localised message catalogs
>>> // and other assets,
>>> // you can extend this list of locales (it's a comma separated series of
>>> // locale names;
>>> // the first locale name is the default when there's no reasonable
>>> // match).
>>> // configuration.add(SymbolConstants.SUPPORTED_LOCALES, "en");
>>> configuration.add(SymbolConstants.SUPPORTED_LOCALES, "de");
>>> configuration.add(SymbolConstants.COMPRESS_WHITESPACE, "true");
>>>
>>> }
>>>
>>> /**
>>> * This is a service definition, the service will be named "TimingFilter".
>>> * The interface, RequestFilter, is used within the RequestHandler service
>>> * pipeline, which is built from the RequestHandler service configuration.
>>> * Tapestry IoC is responsible for passing in an appropriate Logger
>>> * instance. Requests for static resources are handled at a higher level, so
>>> * this filter will only be invoked for Tapestry related requests.
>>> * <p/>
>>> * <p/>
>>> * Service builder methods are useful when the implementation is inline as
>>> * an inner class (as here) or require some other kind of special
>>> * initialization. In most cases, use the static bind() method instead.
>>> * <p/>
>>> * <p/>
>>> * If this method was named "build", then the service id would be taken from
>>> * the service interface and would be "RequestFilter". Since Tapestry
>>> * already defines a service named "RequestFilter" we use an explicit
>>> * service id that we can reference inside the contribution method.
>>> */
>>> public RequestFilter buildTimingFilter(final Logger log) {
>>> return new RequestFilter() {
>>> public boolean service(Request request, Response response,
>>> RequestHandler handler) throws IOException {
>>> long startTime = System.currentTimeMillis();
>>>
>>> try {
>>> // The responsibility of a filter is to invoke the
>>> // corresponding method
>>> // in the handler. When you chain multiple filters together,
>>> // each filter
>>> // received a handler that is a bridge to the next filter.
>>>
>>> return handler.service(request, response);
>>> } finally {
>>> long elapsed = System.currentTimeMillis() - startTime;
>>>
>>> log.info(String.format("Request time: %d ms", elapsed));
>>> }
>>> }
>>> };
>>> }
>>>
>>> /**
>>> * This is a contribution to the RequestHandler service configuration. This
>>> * is how we extend Tapestry using the timing filter. A common use for this
>>> * kind of filter is transaction management or security. The @Local
>>> * annotation selects the desired service by type, but only from the same
>>> * module. Without @Local, there would be an error due to the other
>>> * service(s) that implement RequestFilter (defined in other modules).
>>> */
>>> public void contributeRequestHandler(OrderedConfiguration<RequestFilter> configuration, @Local RequestFilter filter) {
>>> // Each contribution to an ordered configuration has a name, When
>>> // necessary, you may
>>> // set constraints to precisely control the invocation order of the
>>> // contributed filter
>>> // within the pipeline.
>>>
>>> configuration.add("Timing", filter);
>>> }
>>>
>>>
>>> @SuppressWarnings("unchecked")
>>> public static void contributeComponentRequestHandler(OrderedConfiguration configuration) {
>>> configuration.addInstance("RequiresLogin", RequiresLoginFilter.class);
>>>
>>> }
>>>
>>>
>>>
>>>
>>>
>>>
>>> }
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>
>>
>
>
>
> import java.io.IOException;
>
> import org.apache.tapestry5.services.ComponentEventRequestParameters;
> import org.apache.tapestry5.services.ComponentRequestHandler;
> import org.apache.tapestry5.services.PageRenderRequestParameters;
>
>
> /**
> * Filter interface for {@link org.apache.tapestry5.services.ComponentRequestHandler}.
> */
> /**
> * Our implementation of this filter will check the page referenced in the request to see if it has the annotation.
> * If the annotation is present and the user has not yet logged in, we'll redirect to the Login page.
> * When a redirect is not necessary, we delegate to the next handler in the pipeline2:
> */
> public interface ComponentRequestFilter
> {
> /**
> * Handler for a component action request which will trigger an event on a component and use the return value to
> * send a response to the client (typically, a redirect to a page render URL).
> *
> * @param parameters defining the request
> * @param handler next handler in the pipeline
> */
> void handleComponentEvent(ComponentEventRequestParameters parameters, ComponentRequestHandler handler)
> throws IOException;
>
> /**
> * Invoked to activate and render a page. In certain cases, based on values returned when activating the page, a
> * {@link org.apache.tapestry5.services.ComponentEventResultProcessor} may be used to send an alternate response
> * (typically, a redirect).
> *
> * @param parameters defines the page name and activation context
> * @param handler next handler in the pipeline
> */
> void handlePageRender(PageRenderRequestParameters parameters, ComponentRequestHandler handler) throws IOException;
> }
>
>
>
>
>
>
> import java.io.IOException;
>
> import org.apache.tapestry5.Link;
> import org.apache.tapestry5.runtime.Component;
> import org.apache.tapestry5.services.ComponentEventRequestParameters;
> import org.apache.tapestry5.services.ComponentRequestHandler;
> import org.apache.tapestry5.services.ComponentSource;
> import org.apache.tapestry5.services.PageRenderLinkSource;
> import org.apache.tapestry5.services.PageRenderRequestParameters;
> import org.apache.tapestry5.services.Response;
>
>
> import com.example.pms.annotations.*;
>
>
> public class RequiresLoginFilter implements ComponentRequestFilter {
>
> private PageRenderLinkSource renderLinkSource;
>
> private ComponentSource componentSource;
>
> private Response response;
>
> // private final AuthenticationService authService;
> private AuthenticatorImp authService;
>
>
> public void PageAccessFilter(PageRenderLinkSource renderLinkSource, ComponentSource componentSource,
> Response response, AuthenticatorImp authService) {
>
> this.renderLinkSource = renderLinkSource;
> this.componentSource = componentSource;
> this.response = response;
> this.authService = authService;
>
> }
>
> public void handleComponentEvent(
> ComponentEventRequestParameters parameters,
> ComponentRequestHandler handler) throws IOException {
>
> if (dispatchedToLoginPage(parameters.getActivePageName())) {
> return;
> }
>
> handler.handleComponentEvent(parameters);
>
> }
>
> public void handlePageRender(PageRenderRequestParameters parameters,
> ComponentRequestHandler handler) throws IOException {
>
> if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
> return;
> }
>
> handler.handlePageRender(parameters);
> }
>
> private boolean dispatchedToLoginPage(String pageName) throws IOException {
>
> if (authService.isLoggedIn()) {
> return false;
> }
>
> Component page = componentSource.getPage(pageName);
>
> if (! page.getClass().isAnnotationPresent(RequiresLogin.class)) {
> return false;
> }
>
> Link link = renderLinkSource.createPageRenderLink("Index");
>
> response.sendRedirect(link);
>
> return true;
> }
> }
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Securing page with Tapestry
Posted by Taha Hafeez Siddiqi <ta...@gmail.com>.
Are you defining your own ComponentRequestFilter interface? As you have included the code for that I am assuming you have.
You have to implement Tapestry's ComponentRequestFilter, not your own as you can't contribute to the RequestHandler any other implementation.
regards
Taha
On 06-Aug-2013, at 5:53 PM, Will N. <ll...@yahoo.fr> wrote:
> Am 06.08.2013 14:13, schrieb Thiago H de Paula Figueiredo:
>> I'm sorry, I should have asked for your ComponentRequestFilter implementation source too. ;)
>>
>> On Tue, 06 Aug 2013 08:31:15 -0300, Will N. <ll...@yahoo.fr> wrote:
>>
>>> Am 06.08.2013 13:25, schrieb Thiago H de Paula Figueiredo:
>>>> On Tue, 06 Aug 2013 05:10:37 -0300, Will N. <ll...@yahoo.fr> wrote:
>>>>
>>>>> Hi,
>>>>
>>>> Hi!
>>>>
>>>>> I am trying secure some pages of my application as shown in this tutorial. http://tapestryjava.blogspot.co.uk/search/label/security
>>>>> But I am having following error message when I start the application.
>>>>> Since the RequiresLoginFilte class implements the ComponentRequestFilter interface, I am confused about the coertion error!
>>>>
>>>> The error is weird. Could you post your PmsModule.contributeComponentRequestHandler() method
>>> /**
>>> * This module is automatically included as part of the Tapestry IoC Registry,
>>> * it's a good place to configure and extend Tapestry, or to place your own
>>> * service definitions. spring
>>> */
>>> public class PmsModule {
>>> // public static void bind(ServiceBinder binder) {
>>> // // binder.bind(MyServiceInterface.class, MyServiceImpl.class);
>>> //
>>> // // Make bind() calls on the binder object to define most IoC services.
>>> // // Use service builder methods (example below) when the implementation
>>> // // is provided inline, or requires more initialization than simply
>>> // // invoking the constructor.
>>> // binder.bind(ArbeitspaketDao.class, ArbeitspaketDaoImpl.class);
>>> // binder.bind(AufgabeDao.class, AufgabeDaoImpl.class);
>>> // binder.bind(BasicDao.class, BasicDaoImpl.class);
>>> // binder.bind(FunktionDao.class, FunktionDaoImpl.class);
>>> //// binder.bind(GrantedAuthorityBeanDao.class,
>>> //// GrantedAuthorityBeanDaoImpl.class);
>>> // binder.bind(MitarbeiterDao.class, MitarbeiterDaoImpl.class);
>>> // binder.bind(MitarbeiterProjektDao.class,
>>> // MitarbeiterProjektDaoImpl.class);
>>> // binder.bind(ModulDao.class, ModulDaoImpl.class);
>>> // binder.bind(PersonMonatDao.class, PersonMonatDaoImpl.class);
>>> // binder.bind(UserDataDao.class, UserDataDaoImpl.class);
>>> // binder.bind(ProjektDao.class, ProjektDaoImpl.class);
>>> // binder.bind(UnteraufgabeDao.class, UnteraufgabeDaoImpl.class);
>>> // binder.bind(UnterunteraufgabeDao.class, UnterunteraufgabeDaoImpl.class);
>>> //
>>> // }
>>>
>>> public static void contributeFactoryDefaults(
>>> MappedConfiguration<String, Object> configuration) {
>>> // The application version number is incorprated into URLs for some
>>> // assets. Web browsers will cache assets because of the far future
>>> // expires
>>> // header. If existing assets are changed, the version number should
>>> // also
>>> // change, to force the browser to download new versions. This overrides
>>> // Tapesty's default
>>> // (a random hexadecimal number), but may be further overriden by
>>> // DevelopmentModule or
>>> // QaModule.
>>> configuration.override(SymbolConstants.APPLICATION_VERSION,
>>> "1.0-SNAPSHOT");
>>> }
>>>
>>> public static void contributeApplicationDefaults(
>>> MappedConfiguration<String, Object> configuration) {
>>> // Contributions to ApplicationDefaults will override any contributions
>>> // to
>>> // FactoryDefaults (with the same key). Here we're restricting the
>>> // supported
>>> // locales to just "en" (English). As you add localised message catalogs
>>> // and other assets,
>>> // you can extend this list of locales (it's a comma separated series of
>>> // locale names;
>>> // the first locale name is the default when there's no reasonable
>>> // match).
>>> // configuration.add(SymbolConstants.SUPPORTED_LOCALES, "en");
>>> configuration.add(SymbolConstants.SUPPORTED_LOCALES, "de");
>>> configuration.add(SymbolConstants.COMPRESS_WHITESPACE, "true");
>>>
>>> }
>>>
>>> /**
>>> * This is a service definition, the service will be named "TimingFilter".
>>> * The interface, RequestFilter, is used within the RequestHandler service
>>> * pipeline, which is built from the RequestHandler service configuration.
>>> * Tapestry IoC is responsible for passing in an appropriate Logger
>>> * instance. Requests for static resources are handled at a higher level, so
>>> * this filter will only be invoked for Tapestry related requests.
>>> * <p/>
>>> * <p/>
>>> * Service builder methods are useful when the implementation is inline as
>>> * an inner class (as here) or require some other kind of special
>>> * initialization. In most cases, use the static bind() method instead.
>>> * <p/>
>>> * <p/>
>>> * If this method was named "build", then the service id would be taken from
>>> * the service interface and would be "RequestFilter". Since Tapestry
>>> * already defines a service named "RequestFilter" we use an explicit
>>> * service id that we can reference inside the contribution method.
>>> */
>>> public RequestFilter buildTimingFilter(final Logger log) {
>>> return new RequestFilter() {
>>> public boolean service(Request request, Response response,
>>> RequestHandler handler) throws IOException {
>>> long startTime = System.currentTimeMillis();
>>>
>>> try {
>>> // The responsibility of a filter is to invoke the
>>> // corresponding method
>>> // in the handler. When you chain multiple filters together,
>>> // each filter
>>> // received a handler that is a bridge to the next filter.
>>>
>>> return handler.service(request, response);
>>> } finally {
>>> long elapsed = System.currentTimeMillis() - startTime;
>>>
>>> log.info(String.format("Request time: %d ms", elapsed));
>>> }
>>> }
>>> };
>>> }
>>>
>>> /**
>>> * This is a contribution to the RequestHandler service configuration. This
>>> * is how we extend Tapestry using the timing filter. A common use for this
>>> * kind of filter is transaction management or security. The @Local
>>> * annotation selects the desired service by type, but only from the same
>>> * module. Without @Local, there would be an error due to the other
>>> * service(s) that implement RequestFilter (defined in other modules).
>>> */
>>> public void contributeRequestHandler(OrderedConfiguration<RequestFilter> configuration, @Local RequestFilter filter) {
>>> // Each contribution to an ordered configuration has a name, When
>>> // necessary, you may
>>> // set constraints to precisely control the invocation order of the
>>> // contributed filter
>>> // within the pipeline.
>>>
>>> configuration.add("Timing", filter);
>>> }
>>>
>>>
>>> @SuppressWarnings("unchecked")
>>> public static void contributeComponentRequestHandler(OrderedConfiguration configuration) {
>>> configuration.addInstance("RequiresLogin", RequiresLoginFilter.class);
>>>
>>> }
>>>
>>>
>>>
>>>
>>>
>>>
>>> }
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>
>>
>>
>
>
>
> import java.io.IOException;
>
> import org.apache.tapestry5.services.ComponentEventRequestParameters;
> import org.apache.tapestry5.services.ComponentRequestHandler;
> import org.apache.tapestry5.services.PageRenderRequestParameters;
>
>
> /**
> * Filter interface for {@link org.apache.tapestry5.services.ComponentRequestHandler}.
> */
> /**
> * Our implementation of this filter will check the page referenced in the request to see if it has the annotation.
> * If the annotation is present and the user has not yet logged in, we'll redirect to the Login page.
> * When a redirect is not necessary, we delegate to the next handler in the pipeline2:
> */
> public interface ComponentRequestFilter
> {
> /**
> * Handler for a component action request which will trigger an event on a component and use the return value to
> * send a response to the client (typically, a redirect to a page render URL).
> *
> * @param parameters defining the request
> * @param handler next handler in the pipeline
> */
> void handleComponentEvent(ComponentEventRequestParameters parameters, ComponentRequestHandler handler)
> throws IOException;
>
> /**
> * Invoked to activate and render a page. In certain cases, based on values returned when activating the page, a
> * {@link org.apache.tapestry5.services.ComponentEventResultProcessor} may be used to send an alternate response
> * (typically, a redirect).
> *
> * @param parameters defines the page name and activation context
> * @param handler next handler in the pipeline
> */
> void handlePageRender(PageRenderRequestParameters parameters, ComponentRequestHandler handler) throws IOException;
> }
>
>
>
>
>
>
> import java.io.IOException;
>
> import org.apache.tapestry5.Link;
> import org.apache.tapestry5.runtime.Component;
> import org.apache.tapestry5.services.ComponentEventRequestParameters;
> import org.apache.tapestry5.services.ComponentRequestHandler;
> import org.apache.tapestry5.services.ComponentSource;
> import org.apache.tapestry5.services.PageRenderLinkSource;
> import org.apache.tapestry5.services.PageRenderRequestParameters;
> import org.apache.tapestry5.services.Response;
>
>
> import com.example.pms.annotations.*;
>
>
> public class RequiresLoginFilter implements ComponentRequestFilter {
>
> private PageRenderLinkSource renderLinkSource;
>
> private ComponentSource componentSource;
>
> private Response response;
>
> // private final AuthenticationService authService;
> private AuthenticatorImp authService;
>
>
> public void PageAccessFilter(PageRenderLinkSource renderLinkSource, ComponentSource componentSource,
> Response response, AuthenticatorImp authService) {
>
> this.renderLinkSource = renderLinkSource;
> this.componentSource = componentSource;
> this.response = response;
> this.authService = authService;
>
> }
>
> public void handleComponentEvent(
> ComponentEventRequestParameters parameters,
> ComponentRequestHandler handler) throws IOException {
>
> if (dispatchedToLoginPage(parameters.getActivePageName())) {
> return;
> }
>
> handler.handleComponentEvent(parameters);
>
> }
>
> public void handlePageRender(PageRenderRequestParameters parameters,
> ComponentRequestHandler handler) throws IOException {
>
> if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
> return;
> }
>
> handler.handlePageRender(parameters);
> }
>
> private boolean dispatchedToLoginPage(String pageName) throws IOException {
>
> if (authService.isLoggedIn()) {
> return false;
> }
>
> Component page = componentSource.getPage(pageName);
>
> if (! page.getClass().isAnnotationPresent(RequiresLogin.class)) {
> return false;
> }
>
> Link link = renderLinkSource.createPageRenderLink("Index");
>
> response.sendRedirect(link);
>
> return true;
> }
> }
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Securing page with Tapestry
Posted by "Will N." <ll...@yahoo.fr>.
Am 06.08.2013 14:13, schrieb Thiago H de Paula Figueiredo:
> I'm sorry, I should have asked for your ComponentRequestFilter
> implementation source too. ;)
>
> On Tue, 06 Aug 2013 08:31:15 -0300, Will N. <ll...@yahoo.fr>
> wrote:
>
>> Am 06.08.2013 13:25, schrieb Thiago H de Paula Figueiredo:
>>> On Tue, 06 Aug 2013 05:10:37 -0300, Will N. <ll...@yahoo.fr>
>>> wrote:
>>>
>>>> Hi,
>>>
>>> Hi!
>>>
>>>> I am trying secure some pages of my application as shown in this
>>>> tutorial. http://tapestryjava.blogspot.co.uk/search/label/security
>>>> But I am having following error message when I start the application.
>>>> Since the RequiresLoginFilte class implements the
>>>> ComponentRequestFilter interface, I am confused about the coertion
>>>> error!
>>>
>>> The error is weird. Could you post your
>>> PmsModule.contributeComponentRequestHandler() method
>> /**
>> * This module is automatically included as part of the Tapestry IoC
>> Registry,
>> * it's a good place to configure and extend Tapestry, or to place
>> your own
>> * service definitions. spring
>> */
>> public class PmsModule {
>> // public static void bind(ServiceBinder binder) {
>> // // binder.bind(MyServiceInterface.class, MyServiceImpl.class);
>> //
>> // // Make bind() calls on the binder object to define most
>> IoC services.
>> // // Use service builder methods (example below) when the
>> implementation
>> // // is provided inline, or requires more initialization than
>> simply
>> // // invoking the constructor.
>> // binder.bind(ArbeitspaketDao.class, ArbeitspaketDaoImpl.class);
>> // binder.bind(AufgabeDao.class, AufgabeDaoImpl.class);
>> // binder.bind(BasicDao.class, BasicDaoImpl.class);
>> // binder.bind(FunktionDao.class, FunktionDaoImpl.class);
>> //// binder.bind(GrantedAuthorityBeanDao.class,
>> //// GrantedAuthorityBeanDaoImpl.class);
>> // binder.bind(MitarbeiterDao.class, MitarbeiterDaoImpl.class);
>> // binder.bind(MitarbeiterProjektDao.class,
>> // MitarbeiterProjektDaoImpl.class);
>> // binder.bind(ModulDao.class, ModulDaoImpl.class);
>> // binder.bind(PersonMonatDao.class, PersonMonatDaoImpl.class);
>> // binder.bind(UserDataDao.class, UserDataDaoImpl.class);
>> // binder.bind(ProjektDao.class, ProjektDaoImpl.class);
>> // binder.bind(UnteraufgabeDao.class, UnteraufgabeDaoImpl.class);
>> // binder.bind(UnterunteraufgabeDao.class,
>> UnterunteraufgabeDaoImpl.class);
>> //
>> // }
>>
>> public static void contributeFactoryDefaults(
>> MappedConfiguration<String, Object> configuration) {
>> // The application version number is incorprated into URLs
>> for some
>> // assets. Web browsers will cache assets because of the far
>> future
>> // expires
>> // header. If existing assets are changed, the version
>> number should
>> // also
>> // change, to force the browser to download new versions.
>> This overrides
>> // Tapesty's default
>> // (a random hexadecimal number), but may be further
>> overriden by
>> // DevelopmentModule or
>> // QaModule.
>> configuration.override(SymbolConstants.APPLICATION_VERSION,
>> "1.0-SNAPSHOT");
>> }
>>
>> public static void contributeApplicationDefaults(
>> MappedConfiguration<String, Object> configuration) {
>> // Contributions to ApplicationDefaults will override any
>> contributions
>> // to
>> // FactoryDefaults (with the same key). Here we're
>> restricting the
>> // supported
>> // locales to just "en" (English). As you add localised
>> message catalogs
>> // and other assets,
>> // you can extend this list of locales (it's a comma
>> separated series of
>> // locale names;
>> // the first locale name is the default when there's no
>> reasonable
>> // match).
>> // configuration.add(SymbolConstants.SUPPORTED_LOCALES, "en");
>> configuration.add(SymbolConstants.SUPPORTED_LOCALES, "de");
>> configuration.add(SymbolConstants.COMPRESS_WHITESPACE, "true");
>>
>> }
>>
>> /**
>> * This is a service definition, the service will be named
>> "TimingFilter".
>> * The interface, RequestFilter, is used within the
>> RequestHandler service
>> * pipeline, which is built from the RequestHandler service
>> configuration.
>> * Tapestry IoC is responsible for passing in an appropriate Logger
>> * instance. Requests for static resources are handled at a
>> higher level, so
>> * this filter will only be invoked for Tapestry related requests.
>> * <p/>
>> * <p/>
>> * Service builder methods are useful when the implementation is
>> inline as
>> * an inner class (as here) or require some other kind of special
>> * initialization. In most cases, use the static bind() method
>> instead.
>> * <p/>
>> * <p/>
>> * If this method was named "build", then the service id would
>> be taken from
>> * the service interface and would be "RequestFilter". Since
>> Tapestry
>> * already defines a service named "RequestFilter" we use an
>> explicit
>> * service id that we can reference inside the contribution method.
>> */
>> public RequestFilter buildTimingFilter(final Logger log) {
>> return new RequestFilter() {
>> public boolean service(Request request, Response response,
>> RequestHandler handler) throws IOException {
>> long startTime = System.currentTimeMillis();
>>
>> try {
>> // The responsibility of a filter is to invoke the
>> // corresponding method
>> // in the handler. When you chain multiple
>> filters together,
>> // each filter
>> // received a handler that is a bridge to the
>> next filter.
>>
>> return handler.service(request, response);
>> } finally {
>> long elapsed = System.currentTimeMillis() -
>> startTime;
>>
>> log.info(String.format("Request time: %d ms",
>> elapsed));
>> }
>> }
>> };
>> }
>>
>> /**
>> * This is a contribution to the RequestHandler service
>> configuration. This
>> * is how we extend Tapestry using the timing filter. A common
>> use for this
>> * kind of filter is transaction management or security. The @Local
>> * annotation selects the desired service by type, but only from
>> the same
>> * module. Without @Local, there would be an error due to the other
>> * service(s) that implement RequestFilter (defined in other
>> modules).
>> */
>> public void
>> contributeRequestHandler(OrderedConfiguration<RequestFilter>
>> configuration, @Local RequestFilter filter) {
>> // Each contribution to an ordered configuration has a name,
>> When
>> // necessary, you may
>> // set constraints to precisely control the invocation order
>> of the
>> // contributed filter
>> // within the pipeline.
>>
>> configuration.add("Timing", filter);
>> }
>>
>>
>> @SuppressWarnings("unchecked")
>> public static void
>> contributeComponentRequestHandler(OrderedConfiguration configuration) {
>> configuration.addInstance("RequiresLogin",
>> RequiresLoginFilter.class);
>>
>> }
>>
>>
>>
>>
>>
>>
>> }
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>
>
import java.io.IOException;
import org.apache.tapestry5.services.ComponentEventRequestParameters;
import org.apache.tapestry5.services.ComponentRequestHandler;
import org.apache.tapestry5.services.PageRenderRequestParameters;
/**
* Filter interface for {@link
org.apache.tapestry5.services.ComponentRequestHandler}.
*/
/**
* Our implementation of this filter will check the page referenced in
the request to see if it has the annotation.
* If the annotation is present and the user has not yet logged in,
we'll redirect to the Login page.
* When a redirect is not necessary, we delegate to the next handler in
the pipeline2:
*/
public interface ComponentRequestFilter
{
/**
* Handler for a component action request which will trigger an
event on a component and use the return value to
* send a response to the client (typically, a redirect to a page
render URL).
*
* @param parameters defining the request
* @param handler next handler in the pipeline
*/
void handleComponentEvent(ComponentEventRequestParameters
parameters, ComponentRequestHandler handler)
throws IOException;
/**
* Invoked to activate and render a page. In certain cases, based
on values returned when activating the page, a
* {@link
org.apache.tapestry5.services.ComponentEventResultProcessor} may be used
to send an alternate response
* (typically, a redirect).
*
* @param parameters defines the page name and activation context
* @param handler next handler in the pipeline
*/
void handlePageRender(PageRenderRequestParameters parameters,
ComponentRequestHandler handler) throws IOException;
}
import java.io.IOException;
import org.apache.tapestry5.Link;
import org.apache.tapestry5.runtime.Component;
import org.apache.tapestry5.services.ComponentEventRequestParameters;
import org.apache.tapestry5.services.ComponentRequestHandler;
import org.apache.tapestry5.services.ComponentSource;
import org.apache.tapestry5.services.PageRenderLinkSource;
import org.apache.tapestry5.services.PageRenderRequestParameters;
import org.apache.tapestry5.services.Response;
import com.example.pms.annotations.*;
public class RequiresLoginFilter implements ComponentRequestFilter {
private PageRenderLinkSource renderLinkSource;
private ComponentSource componentSource;
private Response response;
// private final AuthenticationService authService;
private AuthenticatorImp authService;
public void PageAccessFilter(PageRenderLinkSource renderLinkSource,
ComponentSource componentSource,
Response response, AuthenticatorImp
authService) {
this.renderLinkSource = renderLinkSource;
this.componentSource = componentSource;
this.response = response;
this.authService = authService;
}
public void handleComponentEvent(
ComponentEventRequestParameters parameters,
ComponentRequestHandler handler) throws IOException {
if (dispatchedToLoginPage(parameters.getActivePageName())) {
return;
}
handler.handleComponentEvent(parameters);
}
public void handlePageRender(PageRenderRequestParameters parameters,
ComponentRequestHandler handler) throws IOException {
if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
return;
}
handler.handlePageRender(parameters);
}
private boolean dispatchedToLoginPage(String pageName) throws
IOException {
if (authService.isLoggedIn()) {
return false;
}
Component page = componentSource.getPage(pageName);
if (! page.getClass().isAnnotationPresent(RequiresLogin.class)) {
return false;
}
Link link = renderLinkSource.createPageRenderLink("Index");
response.sendRedirect(link);
return true;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Securing page with Tapestry
Posted by Thiago H de Paula Figueiredo <th...@gmail.com>.
I'm sorry, I should have asked for your ComponentRequestFilter
implementation source too. ;)
On Tue, 06 Aug 2013 08:31:15 -0300, Will N. <ll...@yahoo.fr> wrote:
> Am 06.08.2013 13:25, schrieb Thiago H de Paula Figueiredo:
>> On Tue, 06 Aug 2013 05:10:37 -0300, Will N. <ll...@yahoo.fr>
>> wrote:
>>
>>> Hi,
>>
>> Hi!
>>
>>> I am trying secure some pages of my application as shown in this
>>> tutorial. http://tapestryjava.blogspot.co.uk/search/label/security
>>> But I am having following error message when I start the application.
>>> Since the RequiresLoginFilte class implements the
>>> ComponentRequestFilter interface, I am confused about the coertion
>>> error!
>>
>> The error is weird. Could you post your
>> PmsModule.contributeComponentRequestHandler() method
> /**
> * This module is automatically included as part of the Tapestry IoC
> Registry,
> * it's a good place to configure and extend Tapestry, or to place your
> own
> * service definitions. spring
> */
> public class PmsModule {
> // public static void bind(ServiceBinder binder) {
> // // binder.bind(MyServiceInterface.class, MyServiceImpl.class);
> //
> // // Make bind() calls on the binder object to define most IoC
> services.
> // // Use service builder methods (example below) when the
> implementation
> // // is provided inline, or requires more initialization than
> simply
> // // invoking the constructor.
> // binder.bind(ArbeitspaketDao.class, ArbeitspaketDaoImpl.class);
> // binder.bind(AufgabeDao.class, AufgabeDaoImpl.class);
> // binder.bind(BasicDao.class, BasicDaoImpl.class);
> // binder.bind(FunktionDao.class, FunktionDaoImpl.class);
> //// binder.bind(GrantedAuthorityBeanDao.class,
> //// GrantedAuthorityBeanDaoImpl.class);
> // binder.bind(MitarbeiterDao.class, MitarbeiterDaoImpl.class);
> // binder.bind(MitarbeiterProjektDao.class,
> // MitarbeiterProjektDaoImpl.class);
> // binder.bind(ModulDao.class, ModulDaoImpl.class);
> // binder.bind(PersonMonatDao.class, PersonMonatDaoImpl.class);
> // binder.bind(UserDataDao.class, UserDataDaoImpl.class);
> // binder.bind(ProjektDao.class, ProjektDaoImpl.class);
> // binder.bind(UnteraufgabeDao.class, UnteraufgabeDaoImpl.class);
> // binder.bind(UnterunteraufgabeDao.class,
> UnterunteraufgabeDaoImpl.class);
> //
> // }
>
> public static void contributeFactoryDefaults(
> MappedConfiguration<String, Object> configuration) {
> // The application version number is incorprated into URLs for
> some
> // assets. Web browsers will cache assets because of the far
> future
> // expires
> // header. If existing assets are changed, the version number
> should
> // also
> // change, to force the browser to download new versions. This
> overrides
> // Tapesty's default
> // (a random hexadecimal number), but may be further overriden
> by
> // DevelopmentModule or
> // QaModule.
> configuration.override(SymbolConstants.APPLICATION_VERSION,
> "1.0-SNAPSHOT");
> }
>
> public static void contributeApplicationDefaults(
> MappedConfiguration<String, Object> configuration) {
> // Contributions to ApplicationDefaults will override any
> contributions
> // to
> // FactoryDefaults (with the same key). Here we're restricting
> the
> // supported
> // locales to just "en" (English). As you add localised message
> catalogs
> // and other assets,
> // you can extend this list of locales (it's a comma separated
> series of
> // locale names;
> // the first locale name is the default when there's no
> reasonable
> // match).
> // configuration.add(SymbolConstants.SUPPORTED_LOCALES, "en");
> configuration.add(SymbolConstants.SUPPORTED_LOCALES, "de");
> configuration.add(SymbolConstants.COMPRESS_WHITESPACE, "true");
>
> }
>
> /**
> * This is a service definition, the service will be named
> "TimingFilter".
> * The interface, RequestFilter, is used within the RequestHandler
> service
> * pipeline, which is built from the RequestHandler service
> configuration.
> * Tapestry IoC is responsible for passing in an appropriate Logger
> * instance. Requests for static resources are handled at a higher
> level, so
> * this filter will only be invoked for Tapestry related requests.
> * <p/>
> * <p/>
> * Service builder methods are useful when the implementation is
> inline as
> * an inner class (as here) or require some other kind of special
> * initialization. In most cases, use the static bind() method
> instead.
> * <p/>
> * <p/>
> * If this method was named "build", then the service id would be
> taken from
> * the service interface and would be "RequestFilter". Since
> Tapestry
> * already defines a service named "RequestFilter" we use an
> explicit
> * service id that we can reference inside the contribution method.
> */
> public RequestFilter buildTimingFilter(final Logger log) {
> return new RequestFilter() {
> public boolean service(Request request, Response response,
> RequestHandler handler) throws IOException {
> long startTime = System.currentTimeMillis();
>
> try {
> // The responsibility of a filter is to invoke the
> // corresponding method
> // in the handler. When you chain multiple filters
> together,
> // each filter
> // received a handler that is a bridge to the next
> filter.
>
> return handler.service(request, response);
> } finally {
> long elapsed = System.currentTimeMillis() -
> startTime;
>
> log.info(String.format("Request time: %d ms",
> elapsed));
> }
> }
> };
> }
>
> /**
> * This is a contribution to the RequestHandler service
> configuration. This
> * is how we extend Tapestry using the timing filter. A common use
> for this
> * kind of filter is transaction management or security. The @Local
> * annotation selects the desired service by type, but only from
> the same
> * module. Without @Local, there would be an error due to the other
> * service(s) that implement RequestFilter (defined in other
> modules).
> */
> public void
> contributeRequestHandler(OrderedConfiguration<RequestFilter>
> configuration, @Local RequestFilter filter) {
> // Each contribution to an ordered configuration has a name,
> When
> // necessary, you may
> // set constraints to precisely control the invocation order of
> the
> // contributed filter
> // within the pipeline.
>
> configuration.add("Timing", filter);
> }
>
>
> @SuppressWarnings("unchecked")
> public static void
> contributeComponentRequestHandler(OrderedConfiguration configuration) {
> configuration.addInstance("RequiresLogin",
> RequiresLoginFilter.class);
>
> }
>
>
>
>
>
>
> }
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
--
Thiago H. de Paula Figueiredo
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Securing page with Tapestry
Posted by "Will N." <ll...@yahoo.fr>.
Am 06.08.2013 13:25, schrieb Thiago H de Paula Figueiredo:
> On Tue, 06 Aug 2013 05:10:37 -0300, Will N. <ll...@yahoo.fr>
> wrote:
>
>> Hi,
>
> Hi!
>
>> I am trying secure some pages of my application as shown in this
>> tutorial. http://tapestryjava.blogspot.co.uk/search/label/security
>> But I am having following error message when I start the application.
>> Since the RequiresLoginFilte class implements the
>> ComponentRequestFilter interface, I am confused about the coertion
>> error!
>
> The error is weird. Could you post your
> PmsModule.contributeComponentRequestHandler() method
/**
* This module is automatically included as part of the Tapestry IoC
Registry,
* it's a good place to configure and extend Tapestry, or to place your own
* service definitions. spring
*/
public class PmsModule {
// public static void bind(ServiceBinder binder) {
// // binder.bind(MyServiceInterface.class, MyServiceImpl.class);
//
// // Make bind() calls on the binder object to define most IoC
services.
// // Use service builder methods (example below) when the
implementation
// // is provided inline, or requires more initialization than simply
// // invoking the constructor.
// binder.bind(ArbeitspaketDao.class, ArbeitspaketDaoImpl.class);
// binder.bind(AufgabeDao.class, AufgabeDaoImpl.class);
// binder.bind(BasicDao.class, BasicDaoImpl.class);
// binder.bind(FunktionDao.class, FunktionDaoImpl.class);
//// binder.bind(GrantedAuthorityBeanDao.class,
//// GrantedAuthorityBeanDaoImpl.class);
// binder.bind(MitarbeiterDao.class, MitarbeiterDaoImpl.class);
// binder.bind(MitarbeiterProjektDao.class,
// MitarbeiterProjektDaoImpl.class);
// binder.bind(ModulDao.class, ModulDaoImpl.class);
// binder.bind(PersonMonatDao.class, PersonMonatDaoImpl.class);
// binder.bind(UserDataDao.class, UserDataDaoImpl.class);
// binder.bind(ProjektDao.class, ProjektDaoImpl.class);
// binder.bind(UnteraufgabeDao.class, UnteraufgabeDaoImpl.class);
// binder.bind(UnterunteraufgabeDao.class,
UnterunteraufgabeDaoImpl.class);
//
// }
public static void contributeFactoryDefaults(
MappedConfiguration<String, Object> configuration) {
// The application version number is incorprated into URLs for some
// assets. Web browsers will cache assets because of the far future
// expires
// header. If existing assets are changed, the version number
should
// also
// change, to force the browser to download new versions. This
overrides
// Tapesty's default
// (a random hexadecimal number), but may be further overriden by
// DevelopmentModule or
// QaModule.
configuration.override(SymbolConstants.APPLICATION_VERSION,
"1.0-SNAPSHOT");
}
public static void contributeApplicationDefaults(
MappedConfiguration<String, Object> configuration) {
// Contributions to ApplicationDefaults will override any
contributions
// to
// FactoryDefaults (with the same key). Here we're restricting the
// supported
// locales to just "en" (English). As you add localised message
catalogs
// and other assets,
// you can extend this list of locales (it's a comma separated
series of
// locale names;
// the first locale name is the default when there's no reasonable
// match).
// configuration.add(SymbolConstants.SUPPORTED_LOCALES, "en");
configuration.add(SymbolConstants.SUPPORTED_LOCALES, "de");
configuration.add(SymbolConstants.COMPRESS_WHITESPACE, "true");
}
/**
* This is a service definition, the service will be named
"TimingFilter".
* The interface, RequestFilter, is used within the RequestHandler
service
* pipeline, which is built from the RequestHandler service
configuration.
* Tapestry IoC is responsible for passing in an appropriate Logger
* instance. Requests for static resources are handled at a higher
level, so
* this filter will only be invoked for Tapestry related requests.
* <p/>
* <p/>
* Service builder methods are useful when the implementation is
inline as
* an inner class (as here) or require some other kind of special
* initialization. In most cases, use the static bind() method instead.
* <p/>
* <p/>
* If this method was named "build", then the service id would be
taken from
* the service interface and would be "RequestFilter". Since Tapestry
* already defines a service named "RequestFilter" we use an explicit
* service id that we can reference inside the contribution method.
*/
public RequestFilter buildTimingFilter(final Logger log) {
return new RequestFilter() {
public boolean service(Request request, Response response,
RequestHandler handler) throws IOException {
long startTime = System.currentTimeMillis();
try {
// The responsibility of a filter is to invoke the
// corresponding method
// in the handler. When you chain multiple filters
together,
// each filter
// received a handler that is a bridge to the next
filter.
return handler.service(request, response);
} finally {
long elapsed = System.currentTimeMillis() - startTime;
log.info(String.format("Request time: %d ms",
elapsed));
}
}
};
}
/**
* This is a contribution to the RequestHandler service
configuration. This
* is how we extend Tapestry using the timing filter. A common use
for this
* kind of filter is transaction management or security. The @Local
* annotation selects the desired service by type, but only from
the same
* module. Without @Local, there would be an error due to the other
* service(s) that implement RequestFilter (defined in other modules).
*/
public void
contributeRequestHandler(OrderedConfiguration<RequestFilter>
configuration, @Local RequestFilter filter) {
// Each contribution to an ordered configuration has a name, When
// necessary, you may
// set constraints to precisely control the invocation order of the
// contributed filter
// within the pipeline.
configuration.add("Timing", filter);
}
@SuppressWarnings("unchecked")
public static void
contributeComponentRequestHandler(OrderedConfiguration configuration) {
configuration.addInstance("RequiresLogin",
RequiresLoginFilter.class);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Securing page with Tapestry
Posted by Thiago H de Paula Figueiredo <th...@gmail.com>.
On Tue, 06 Aug 2013 05:10:37 -0300, Will N. <ll...@yahoo.fr> wrote:
> Hi,
Hi!
> I am trying secure some pages of my application as shown in this
> tutorial. http://tapestryjava.blogspot.co.uk/search/label/security
> But I am having following error message when I start the application.
> Since the RequiresLoginFilte class implements the ComponentRequestFilter
> interface, I am confused about the coertion error!
The error is weird. Could you post your
PmsModule.contributeComponentRequestHandler() method please?
--
Thiago H. de Paula Figueiredo
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Securing page with Tapestry
Posted by "D.R." <d....@googlemail.com>.
Hi Will,
seems that the tapestry-security is not in your classpath.
Make sure that you see:
...
ProjectClassLoader:
entry=/home/ASDF/.m2/repository/org/tynamo/tapestry-security/0.5.1/tapestry-security-0.5.1.jar
...
and:
...
[INFO] ioc.RegistryBuilder Adding module definition for class
org.tynamo.security.services.SecurityModule
...
With kind regards
David
Am 09.08.2013 15:02, schrieb Will N.:
> Hi David,
> actually, i do not come so far because the error occurs while the
> application is starting. So It does not get to the point where the
> services are printed.
>
>
> [INFO] ioc.RegistryBuilder Adding module definition for class
> org.apache.tapestry5.ioc.services.TapestryIOCModule
> [INFO] ioc.RegistryBuilder Adding module definition for class
> org.apache.tapestry5.hibernate.HibernateCoreModule
> [INFO] ioc.RegistryBuilder Adding module definition for class
> org.apache.tapestry5.json.services.JSONModule
> [INFO] ioc.RegistryBuilder Adding module definition for class
> org.apache.tapestry5.yuicompressor.services.YuiCompressorModule
> [INFO] ioc.RegistryBuilder Adding module definition for class
> org.apache.tapestry5.services.TapestryModule
> [INFO] ioc.RegistryBuilder Adding module definition for class
> org.apache.tapestry5.internal.services.InternalModule
> [INFO] ioc.RegistryBuilder Adding module definition for class
> org.apache.tapestry5.services.assets.AssetsModule
> [INFO] ioc.RegistryBuilder Adding module definition for class
> org.apache.tapestry5.services.pageload.PageLoadModule
> [INFO] ioc.RegistryBuilder Adding module definition for class
> com.example.pms.services.PmsModule
> [INFO] ioc.RegistryBuilder Adding module definition for class
> com.example.pms.services.DevelopmentModule
> 2013-08-09 15:00:08.583:WARN::failed pms:
> java.lang.IllegalArgumentException: Contribution
> com.example.pms.services.PmsModule.contributeWebSecurityManager(Configuration,
> Session) (at PmsModule.java:195) is for service 'WebSecurityManager',
> which does not exist.
> 2013-08-09 15:00:08.583:WARN::Failed startup of context
> org.mortbay.jetty.webapp.WebAppContext@9a0d40{/pms,C:\Users\xxx\tapestry\pms\src\main\webapp}
> java.lang.IllegalArgumentException: Contribution
> com.example.pms.services.PmsModule.contributeWebSecurityManager(Configuration,
> Session) (at PmsModule.java:195) is for service 'WebSecurityManager',
> which does not exist.
> at
> org.apache.tapestry5.ioc.internal.RegistryImpl.validateContributeDefs(RegistryImpl.java:241)
> at
> org.apache.tapestry5.ioc.internal.RegistryImpl.<init>(RegistryImpl.java:205)
> at
> org.apache.tapestry5.ioc.RegistryBuilder.build(RegistryBuilder.java:177)
> at
> org.apache.tapestry5.internal.TapestryAppInitializer.createRegistry(TapestryAppInitializer.java:200)
> at org.apache.tapestry5.TapestryFilter.init(TapestryFilter.java:109)
> at
> org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> at
> org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:713)
> at org.mortbay.jetty.servlet.Context.startContext(Context.java:140)
> at
> org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1282)
> at
> org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:518)
> at
> org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:499)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> at
> org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130)
> at org.mortbay.jetty.Server.doStart(Server.java:224)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> at runjettyrun.Bootstrap.main(Bootstrap.java:97)
> 2013-08-09 15:00:08.614:INFO::Started SelectChannelConnector@0.0.0.0:8080
> Am 09.08.2013 13:56, schrieb D.R.:
>
>
> public class PmsModule {
>
> public static void bind(ServiceBinder binder) {
> // // binder.bind(MyServiceInterface.class, MyServiceImpl.class);
> //
> // // Make bind() calls on the binder object to define most IoC
> // services.
> // // Use service builder methods (example below) when the
> // implementation
> // // is provided inline, or requires more initialization than
> simply
> // // invoking the constructor.
> binder.bind(ArbeitspaketDao.class, ArbeitspaketDaoImpl.class);
> binder.bind(AufgabeDao.class, AufgabeDaoImpl.class);
> binder.bind(BasicDao.class, BasicDaoImpl.class);
> binder.bind(FunktionDao.class, FunktionDaoImpl.class);
> // binder.bind(GrantedAuthorityBeanDao.class,
> // GrantedAuthorityBeanDaoImpl.class);
> binder.bind(MitarbeiterDao.class, MitarbeiterDaoImpl.class);
> binder.bind(MitarbeiterProjektDao.class,
> MitarbeiterProjektDaoImpl.class);
> binder.bind(ModulDao.class, ModulDaoImpl.class);
> binder.bind(PersonMonatDao.class, PersonMonatDaoImpl.class);
> binder.bind(UserDataDao.class, UserDataDaoImpl.class);
> binder.bind(ProjektDao.class, ProjektDaoImpl.class);
> binder.bind(UnteraufgabeDao.class, UnteraufgabeDaoImpl.class);
> binder.bind(UnterunteraufgabeDao.class,
> UnterunteraufgabeDaoImpl.class);
> binder.bind(PrivillegesDao.class, PrivillegesDaoImpl.class);
> binder.bind(AuthenticatorInterface.class,
> AuthenticatorImp.class);
> //
> }
>
> public static void contributeFactoryDefaults(
> MappedConfiguration<String, Object> configuration) {
> // The application version number is incorprated into URLs for
> some
> // assets. Web browsers will cache assets because of the far
> future
> // expires
> // header. If existing assets are changed, the version number
> should
> // also
> // change, to force the browser to download new versions. This
> overrides
> // Tapesty's default
> // (a random hexadecimal number), but may be further overriden by
> // DevelopmentModule or
> // QaModule.
> configuration.override(SymbolConstants.APPLICATION_VERSION,
> "1.0-SNAPSHOT");
> }
>
> public static void contributeApplicationDefaults(
> MappedConfiguration<String, Object> configuration) {
> // Contributions to ApplicationDefaults will override any
> contributions
> // to
> // FactoryDefaults (with the same key). Here we're restricting
> the
> // supported
> // locales to just "en" (English). As you add localised
> message catalogs
> // and other assets,
> // you can extend this list of locales (it's a comma separated
> series of
> // locale names;
> // the first locale name is the default when there's no
> reasonable
> // match).
> // configuration.add(SymbolConstants.SUPPORTED_LOCALES, "en");
> configuration.add(SymbolConstants.SUPPORTED_LOCALES, "de");
> configuration.add(SymbolConstants.COMPRESS_WHITESPACE, "true");
>
> }
>
> /**
> * This is a service definition, the service will be named
> "TimingFilter".
> * The interface, RequestFilter, is used within the RequestHandler
> service
> * pipeline, which is built from the RequestHandler service
> configuration.
> * Tapestry IoC is responsible for passing in an appropriate Logger
> * instance. Requests for static resources are handled at a higher
> level, so
> * this filter will only be invoked for Tapestry related requests.
> * <p/>
> * <p/>
> * Service builder methods are useful when the implementation is
> inline as
> * an inner class (as here) or require some other kind of special
> * initialization. In most cases, use the static bind() method
> instead.
> * <p/>
> * <p/>
> * If this method was named "build", then the service id would be
> taken from
> * the service interface and would be "RequestFilter". Since Tapestry
> * already defines a service named "RequestFilter" we use an explicit
> * service id that we can reference inside the contribution method.
> */
> public RequestFilter buildTimingFilter(final Logger log) {
> return new RequestFilter() {
> public boolean service(Request request, Response response,
> RequestHandler handler) throws IOException {
> long startTime = System.currentTimeMillis();
>
> try {
> // The responsibility of a filter is to invoke the
> // corresponding method
> // in the handler. When you chain multiple filters
> together,
> // each filter
> // received a handler that is a bridge to the next
> filter.
>
> return handler.service(request, response);
> } finally {
> long elapsed = System.currentTimeMillis() -
> startTime;
>
> log.info(String.format("Request time: %d ms",
> elapsed));
> }
> }
> };
> }
>
> /**
> * This is a contribution to the RequestHandler service
> configuration. This
> * is how we extend Tapestry using the timing filter. A common use
> for this
> * kind of filter is transaction management or security. The @Local
> * annotation selects the desired service by type, but only from
> the same
> * module. Without @Local, there would be an error due to the other
> * service(s) that implement RequestFilter (defined in other
> modules).
> */
>
>
> public void contributeRequestHandler(
> OrderedConfiguration<RequestFilter> configuration,
> @Local RequestFilter filter) {
> // Each contribution to an ordered configuration has a name, When
> // necessary, you may
> // set constraints to precisely control the invocation order
> of the
> // contributed filter
> // within the pipeline.
>
> configuration.add("Timing", filter);
> }
>
> @SuppressWarnings("unchecked")
> public static void contributeComponentRequestHandler(
> OrderedConfiguration configuration) {
>
> configuration.addInstance("RequiresLogin",
> RequiresLoginFilter.class);
> configuration.addInstance("RequiresRole",
> RequiresRolesFilter.class);
>
> }
>
>
> public static void
> contributeWebSecurityManager(Configuration<Realm> configuration,
> Session session) {
>
> EntityRealm realm = new EntityRealm(session);
> HashedCredentialsMatcher hcm = new
> HashedCredentialsMatcher("SHA-256");
> hcm.setHashIterations(1024);
> hcm.setStoredCredentialsHexEncoded(false);
> realm.setCredentialsMatcher(hcm);
> configuration.add((Realm) realm);
> }
>
>
> package com.example.pms.entities;
>
> import java.util.HashSet;
> import java.util.Iterator;
> import java.util.Set;
>
> import javax.persistence.CascadeType;
> import javax.persistence.Column;
> import javax.persistence.Entity;
> import javax.persistence.FetchType;
> import javax.persistence.GeneratedValue;
> import javax.persistence.GenerationType;
> import javax.persistence.Id;
> import javax.persistence.JoinColumn;
> import javax.persistence.JoinTable;
> import javax.persistence.ManyToMany;
> import javax.persistence.OneToMany;
> import javax.persistence.Table;
> import javax.persistence.Transient;
>
> import org.apache.shiro.crypto.RandomNumberGenerator;
> import org.apache.shiro.crypto.SecureRandomNumberGenerator;
> import org.apache.shiro.crypto.hash.Sha256Hash;
> import org.apache.shiro.util.ByteSource;
> import org.apache.tapestry5.beaneditor.DataType;
> import org.apache.tapestry5.beaneditor.NonVisual;
> import org.apache.tapestry5.beaneditor.Validate;
> import org.hibernate.Session;
>
> import com.example.pms.Dao.impl.AufgabeDaoImpl;
> import com.example.pms.Dao.impl.MitarbeiterDaoImpl;
> import com.example.pms.Dao.impl.UnteraufgabeDaoImpl;
> import com.example.pms.data.Systemrole;
> import com.example.pms.data.Titel;
>
> @Entity
> @Table(name = "MITARBEITER")
> public class Mitarbeiter {
>
> @Id
> @GeneratedValue(strategy = GenerationType.IDENTITY)
> @NonVisual
> @Column(name = "ID")
> public int id;
>
> @Column(name = "titel")
> public Titel titel;
>
> @Column(name = "mitarbeitername", nullable = false)
> @Validate("required")
> public String name;
>
> @Column(name = "vorname", nullable = false)
> @Validate("Required")
> public String vorname;
>
> @NonVisual
> @Column(name = "systemrole", nullable = false)
> @Validate("Required")
> public Systemrole role;
>
> private boolean enabled = true;
>
> @Transient
> @DataType("password")
> private String password;
>
> @NonVisual
> private String passwordSalt;
>
> @NonVisual
> private String passwordHash;
>
> private String username;
>
> @Column(name = "email", nullable = false)
> @Validate("Required, regexp")
> public String email;
>
> @Column(name = "initialen", nullable = false, unique = true)
> @Validate("Required")
> public String initialen;
>
> @OneToMany(mappedBy = "projektleiter")
> private Set<Projekt> projektListe;
>
> // Beziehung zur Funktion
> @OneToMany(mappedBy = "verantwortlicher", cascade = {
> CascadeType.REMOVE })
> private Set<Funktion> funktion;
>
> // Beziehung zur Funktion
> @OneToMany(mappedBy = "verantwortlicher", cascade = {
> CascadeType.REMOVE })
> private Set<Arbeitspaket> arbeitspaket;
>
> // Beziehung zum Projekt
> @OneToMany(mappedBy = "mitarbeiter")
> private Set<Mitarbeiterprojekt> mitarbeiterprojekt;
>
> @ManyToMany(cascade = { CascadeType.ALL }, fetch = FetchType.EAGER)
> @JoinTable(name = "MITARBEITER_AUFGABE", joinColumns = {
> @JoinColumn(name = "MITARBEITER_ID") }, inverseJoinColumns = {
> @JoinColumn(name = "AUFGABE_ID") })
> private Set<Aufgabe> aufgabenListe;
>
> @ManyToMany(cascade = { CascadeType.ALL }, fetch = FetchType.EAGER)
> @JoinTable(name = "MITARBEITER_UNTERAUFGABE", joinColumns = {
> @JoinColumn(name = "MITARBEITER_ID") }, inverseJoinColumns = {
> @JoinColumn(name = "UNTERAUFGABE_ID") })
> private Set<Unteraufgabe> unteraufgabenListe;
>
> @OneToMany(mappedBy = "verantwortlicher", cascade = {
> CascadeType.REMOVE }, fetch = FetchType.EAGER)
> // fetch=FetchType.EAGER
> private Set<Unterunteraufgabe> unterunteraufgabenListe;
>
> /**
> * @return the enabled
> */
> public boolean isEnabled() {
> return enabled;
> }
>
> /**
> * @param enabled
> * the enabled to set
> */
> public void setEnabled(boolean enabled) {
> this.enabled = enabled;
> }
>
> /**
> * @param id
> * UnteraufgabeID
> * @param session
> * @param unteraufgabeDao
> * @param mitarbeiterDao
> */
> public void removeUnteraufgabe(int id, Session session,
> UnteraufgabeDaoImpl<Unteraufgabe> unteraufgabeDao,
> MitarbeiterDaoImpl<Mitarbeiter> mitarbeiterDao) {
> System.out.println(unteraufgabeDao
> .countUnterunteraufgabenByMitarbeiterID(id,
> this.getId()));
>
> if (unteraufgabeDao.countUnterunteraufgabenByMitarbeiterID(id,
> this
> .getId()) == 1
> ||
> unteraufgabeDao.findById(id).getUnterunteraufgabenListe()
> .size() == 0) {
> Iterator<Unteraufgabe> iterator =
> this.getUnteraufgabenListe()
> .iterator();
> while (iterator.hasNext()) {
> Unteraufgabe unteraufgabe = iterator.next();
> if (unteraufgabe.getId() == id) {
> System.out.println(this.getUnteraufgabenListe().remove(
> unteraufgabe));
> }
> }
> mitarbeiterDao.save(this);
> }
>
> }
>
> /**
> * @param unteraufgabe
> * @param session
> * @param mitarbeiterDao
> */
> public void addUnteraufgabe(Unteraufgabe unteraufgabe, Session
> session,
> MitarbeiterDaoImpl<Mitarbeiter> mitarbeiterDao) {
> // Unteraufgabe u = unteraufgabeDao.findById(id);
> this.getUnteraufgabenListe().add(unteraufgabe);
> mitarbeiterDao.save(this);
>
> }
>
> /**
> * @param id
> * AufgabeID
> * @param session
> * @param aufgabeDao
> * @param mitarbeiterDao
> */
> public void removeAufgabe(int id, Session session,
> AufgabeDaoImpl<Aufgabe> aufgabeDao,
> MitarbeiterDaoImpl<Mitarbeiter> mitarbeiterDao) {
> System.out.println("aufgabe ");
> System.out.println(aufgabeDao.countUnteraufgabenByMitarbeiterID(id,
> this.getId()));
> boolean found = false;
> Aufgabe aufgabe;
> if (aufgabeDao.countUnteraufgabenByMitarbeiterID(id,
> this.getId()) == 0
> ||
> aufgabeDao.findById(id).getUnteraufgabenListe().size() == 0) {
> Iterator<Aufgabe> iterator =
> this.getAufgabenListe().iterator();
> while (iterator.hasNext() && !found) {
> aufgabe = iterator.next();
> if (aufgabe.getId() == id) {
> found = this.getAufgabenListe().remove(aufgabe);
>
> }
> }
> mitarbeiterDao.save(this);
> }
>
> }
>
> /**
> * @param unteraufgabe
> * @param session
> * @param mitarbeiterDao
> */
> public void addAufgabe(Aufgabe aufgabe, Session session,
> MitarbeiterDaoImpl<Mitarbeiter> mitarbeiterDao) {
> // Unteraufgabe u = unteraufgabeDao.findById(id);
> this.getAufgabenListe().add(aufgabe);
> mitarbeiterDao.save(this);
>
> }
>
> public Set<Projekt> getProjekte(Set<Projekt> projekte) {
>
> Set<Projekt> liste = new HashSet<Projekt>();
> for (Projekt pro : projekte) {
>
> Set<Mitarbeiter> projektMitarbeiter =
> pro.getMitarbeiterListe();
> for (Mitarbeiter mit : projektMitarbeiter) {
> if (mit.getId() == this.getId())
> liste.add(pro);
> }
> }
>
> return liste;
>
> }
>
> /**
> * @return the id
> */
>
> public int getId() {
> return id;
> }
>
> /**
> * @param id
> * the id to set
> */
> public void setId(int id) {
> this.id = id;
> }
>
> /**
> * @return the titel
> */
> public Titel getTitel() {
> return titel;
> }
>
> /**
> * @param titel
> * the titel to set
> */
> public void setTitel(Titel titel) {
> this.titel = titel;
> }
>
> /**
> * @return the name
> */
> public String getName() {
> return name;
> }
>
> /**
> * @param name
> * the name to set
> */
> public void setName(String name) {
> this.name = name;
> }
>
> /**
> * @return the vorname
> */
> public String getVorname() {
> return vorname;
> }
>
> /**
> * @param vorname
> * the vorname to set
> */
> public void setVorname(String vorname) {
> this.vorname = vorname;
> }
>
> /**
> * @return the initialen
> */
> public String getInitialen() {
> return initialen;
> }
>
> /**
> * @param initialen
> * the initialen to set
> */
> public void setInitialen(String initialen) {
> this.initialen = initialen;
> }
>
> /**
> * @return the email
> */
> public String getEmail() {
> return email;
> }
>
> /**
> * @param email
> * the email to set
> */
> public void setEmail(String email) {
> this.email = email;
> }
>
> /**
> * @return the projekt
> */
> public Set<Projekt> getProjektListe() {
> return projektListe;
> }
>
> /**
> * @param projekt
> * the projekt to set
> */
> public void setProjektListe(Set<Projekt> projektListe) {
> this.projektListe = projektListe;
> }
>
> /**
> * @return the funktion
> */
> public Set<Funktion> getFunktion() {
> return funktion;
> }
>
> /**
> * @param funktion
> * the funktion to set
> */
> public void setFunktion(Set<Funktion> funktion) {
> this.funktion = funktion;
> }
>
> /**
> * @return the arbeitspaket
> */
> public Set<Arbeitspaket> getArbeitspaket() {
> return arbeitspaket;
> }
>
> /**
> * @param arbeitspaket
> * the arbeitspaket to set
> */
> public void setArbeitspaket(Set<Arbeitspaket> arbeitspaket) {
> this.arbeitspaket = arbeitspaket;
> }
>
> /**
> * @return the mitarbeiterprojekt
> */
> public Set<Mitarbeiterprojekt> getMitarbeiterprojekt() {
> return mitarbeiterprojekt;
> }
>
> /**
> * @param mitarbeiterprojekt
> * the mitarbeiterprojekt to set
> */
> public void setMitarbeiterprojekt(Set<Mitarbeiterprojekt>
> mitarbeiterprojekt) {
> this.mitarbeiterprojekt = mitarbeiterprojekt;
> }
>
> /**
> * @return the rolle
> */
> public Systemrole getSystemrole() {
> return role;
> }
>
> /**
> * @param role
> * the role to set
> */
> public void setSystemole(Systemrole role) {
> this.role = role;
> }
>
> /**
> * @return the unterunteraufgabe
> */
> public Set<Unterunteraufgabe> getUnterunteraufgabenListe() {
> return unterunteraufgabenListe;
> }
>
> /**
> * @param unterunteraufgabe
> * the unterunteraufgabe to set
> */
> public void setUnterunteraufgabenListe(
> Set<Unterunteraufgabe> unterunteraufgabe) {
> this.unterunteraufgabenListe = unterunteraufgabe;
> }
>
> /**
> * @return the aufgabenListe
> */
> public Set<Aufgabe> getAufgabenListe() {
> return aufgabenListe;
> }
>
> /**
> * @param aufgabenListe
> * the aufgabenListe to set
> */
> public void setAufgabenListe(Set<Aufgabe> aufgabenListe) {
> this.aufgabenListe = aufgabenListe;
> }
>
> /**
> * @return the unteraufgabenListe
> */
> public Set<Unteraufgabe> getUnteraufgabenListe() {
> return unteraufgabenListe;
> }
>
> /**
> * @param unteraufgabenListe
> * the unteraufgabenListe to set
> */
> public void setUnteraufgabenListe(Set<Unteraufgabe>
> unteraufgabenListe) {
> this.unteraufgabenListe = unteraufgabenListe;
> }
>
> public String getPassword() {
> return password;
> }
>
> /**
> * @param password
> * the password to set
> */
> public void setPassword(String password) {
>
> // Create a random salt value
> RandomNumberGenerator rng = new SecureRandomNumberGenerator();
> ByteSource salt = rng.nextBytes(128);
> // Set passwordSalt as a string to store in the DB
> setPasswordSalt(salt.toBase64());
> // Create the salted hashed password
> Sha256Hash sha256Hash = new Sha256Hash(password, salt, 1024);
> // Convert to a string for storing in DB
> String hashedPasswordBase64 = sha256Hash.toBase64();
> setPasswordHash(hashedPasswordBase64);
> // Set the password to the text version so it can be used
> // for Shiro authentication
> this.password = password;
>
> // try {
> // this.password = Encrypt.MD5(password);
> // } catch (NoSuchAlgorithmException e) {
> // e.printStackTrace();
> // this.password = password;
> // } catch (UnsupportedEncodingException e) {
> // e.printStackTrace();
> // this.password = password;
> // }
> }
>
> /**
> * @param username
> * the username to set
> */
> public void setUsername(String username) {
> this.username = username;
> }
>
> public String getUsername() {
> return username;
> }
>
> /**
> * @return the role
> */
> public Systemrole getRole() {
> return role;
> }
>
> /**
> * @param role
> * the role to set
> */
> public void setRole(Systemrole role) {
> this.role = role;
> }
>
> /**
> * @return the passwordSalt
> */
> public String getPasswordSalt() {
> return passwordSalt;
> }
>
> /**
> * @param passwordSalt
> * the passwordSalt to set
> */
> public void setPasswordSalt(String passwordSalt) {
> this.passwordSalt = passwordSalt;
> }
>
> /**
> * @return the passwordHash
> */
> public String getPasswordHash() {
> return passwordHash;
> }
>
> /**
> * @param passwordHash
> * the passwordHash to set
> */
> public void setPasswordHash(String passwordHash) {
> this.passwordHash = passwordHash;
> }
>
> }
>
>
>
>
>> <dependency>
>> <groupId>org.tynamo</groupId>
>> <artifactId>tapestry-security</artifactId>
>> <version>0.5.1</version>
>> <exclusions>
>> <exclusion>
>> <groupId>org.apache.tapestry</groupId>
>> <artifactId>tapestry-ioc</artifactId>
>> </exclusion>
>> </exclusions>
>> </dependency>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Securing page with Tapestry
Posted by "Will N." <ll...@yahoo.fr>.
Hi David,
actually, i do not come so far because the error occurs while the
application is starting. So It does not get to the point where the
services are printed.
[INFO] ioc.RegistryBuilder Adding module definition for class
org.apache.tapestry5.ioc.services.TapestryIOCModule
[INFO] ioc.RegistryBuilder Adding module definition for class
org.apache.tapestry5.hibernate.HibernateCoreModule
[INFO] ioc.RegistryBuilder Adding module definition for class
org.apache.tapestry5.json.services.JSONModule
[INFO] ioc.RegistryBuilder Adding module definition for class
org.apache.tapestry5.yuicompressor.services.YuiCompressorModule
[INFO] ioc.RegistryBuilder Adding module definition for class
org.apache.tapestry5.services.TapestryModule
[INFO] ioc.RegistryBuilder Adding module definition for class
org.apache.tapestry5.internal.services.InternalModule
[INFO] ioc.RegistryBuilder Adding module definition for class
org.apache.tapestry5.services.assets.AssetsModule
[INFO] ioc.RegistryBuilder Adding module definition for class
org.apache.tapestry5.services.pageload.PageLoadModule
[INFO] ioc.RegistryBuilder Adding module definition for class
com.example.pms.services.PmsModule
[INFO] ioc.RegistryBuilder Adding module definition for class
com.example.pms.services.DevelopmentModule
2013-08-09 15:00:08.583:WARN::failed pms:
java.lang.IllegalArgumentException: Contribution
com.example.pms.services.PmsModule.contributeWebSecurityManager(Configuration,
Session) (at PmsModule.java:195) is for service 'WebSecurityManager',
which does not exist.
2013-08-09 15:00:08.583:WARN::Failed startup of context
org.mortbay.jetty.webapp.WebAppContext@9a0d40{/pms,C:\Users\xxx\tapestry\pms\src\main\webapp}
java.lang.IllegalArgumentException: Contribution
com.example.pms.services.PmsModule.contributeWebSecurityManager(Configuration,
Session) (at PmsModule.java:195) is for service 'WebSecurityManager',
which does not exist.
at
org.apache.tapestry5.ioc.internal.RegistryImpl.validateContributeDefs(RegistryImpl.java:241)
at
org.apache.tapestry5.ioc.internal.RegistryImpl.<init>(RegistryImpl.java:205)
at
org.apache.tapestry5.ioc.RegistryBuilder.build(RegistryBuilder.java:177)
at
org.apache.tapestry5.internal.TapestryAppInitializer.createRegistry(TapestryAppInitializer.java:200)
at org.apache.tapestry5.TapestryFilter.init(TapestryFilter.java:109)
at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97)
at
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at
org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:713)
at org.mortbay.jetty.servlet.Context.startContext(Context.java:140)
at
org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1282)
at
org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:518)
at
org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:499)
at
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at
org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130)
at org.mortbay.jetty.Server.doStart(Server.java:224)
at
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at runjettyrun.Bootstrap.main(Bootstrap.java:97)
2013-08-09 15:00:08.614:INFO::Started SelectChannelConnector@0.0.0.0:8080
Am 09.08.2013 13:56, schrieb D.R.:
public class PmsModule {
public static void bind(ServiceBinder binder) {
// // binder.bind(MyServiceInterface.class, MyServiceImpl.class);
//
// // Make bind() calls on the binder object to define most IoC
// services.
// // Use service builder methods (example below) when the
// implementation
// // is provided inline, or requires more initialization than
simply
// // invoking the constructor.
binder.bind(ArbeitspaketDao.class, ArbeitspaketDaoImpl.class);
binder.bind(AufgabeDao.class, AufgabeDaoImpl.class);
binder.bind(BasicDao.class, BasicDaoImpl.class);
binder.bind(FunktionDao.class, FunktionDaoImpl.class);
// binder.bind(GrantedAuthorityBeanDao.class,
// GrantedAuthorityBeanDaoImpl.class);
binder.bind(MitarbeiterDao.class, MitarbeiterDaoImpl.class);
binder.bind(MitarbeiterProjektDao.class,
MitarbeiterProjektDaoImpl.class);
binder.bind(ModulDao.class, ModulDaoImpl.class);
binder.bind(PersonMonatDao.class, PersonMonatDaoImpl.class);
binder.bind(UserDataDao.class, UserDataDaoImpl.class);
binder.bind(ProjektDao.class, ProjektDaoImpl.class);
binder.bind(UnteraufgabeDao.class, UnteraufgabeDaoImpl.class);
binder.bind(UnterunteraufgabeDao.class,
UnterunteraufgabeDaoImpl.class);
binder.bind(PrivillegesDao.class, PrivillegesDaoImpl.class);
binder.bind(AuthenticatorInterface.class, AuthenticatorImp.class);
//
}
public static void contributeFactoryDefaults(
MappedConfiguration<String, Object> configuration) {
// The application version number is incorprated into URLs for some
// assets. Web browsers will cache assets because of the far future
// expires
// header. If existing assets are changed, the version number
should
// also
// change, to force the browser to download new versions. This
overrides
// Tapesty's default
// (a random hexadecimal number), but may be further overriden by
// DevelopmentModule or
// QaModule.
configuration.override(SymbolConstants.APPLICATION_VERSION,
"1.0-SNAPSHOT");
}
public static void contributeApplicationDefaults(
MappedConfiguration<String, Object> configuration) {
// Contributions to ApplicationDefaults will override any
contributions
// to
// FactoryDefaults (with the same key). Here we're restricting the
// supported
// locales to just "en" (English). As you add localised message
catalogs
// and other assets,
// you can extend this list of locales (it's a comma separated
series of
// locale names;
// the first locale name is the default when there's no reasonable
// match).
// configuration.add(SymbolConstants.SUPPORTED_LOCALES, "en");
configuration.add(SymbolConstants.SUPPORTED_LOCALES, "de");
configuration.add(SymbolConstants.COMPRESS_WHITESPACE, "true");
}
/**
* This is a service definition, the service will be named
"TimingFilter".
* The interface, RequestFilter, is used within the RequestHandler
service
* pipeline, which is built from the RequestHandler service
configuration.
* Tapestry IoC is responsible for passing in an appropriate Logger
* instance. Requests for static resources are handled at a higher
level, so
* this filter will only be invoked for Tapestry related requests.
* <p/>
* <p/>
* Service builder methods are useful when the implementation is
inline as
* an inner class (as here) or require some other kind of special
* initialization. In most cases, use the static bind() method instead.
* <p/>
* <p/>
* If this method was named "build", then the service id would be
taken from
* the service interface and would be "RequestFilter". Since Tapestry
* already defines a service named "RequestFilter" we use an explicit
* service id that we can reference inside the contribution method.
*/
public RequestFilter buildTimingFilter(final Logger log) {
return new RequestFilter() {
public boolean service(Request request, Response response,
RequestHandler handler) throws IOException {
long startTime = System.currentTimeMillis();
try {
// The responsibility of a filter is to invoke the
// corresponding method
// in the handler. When you chain multiple filters
together,
// each filter
// received a handler that is a bridge to the next
filter.
return handler.service(request, response);
} finally {
long elapsed = System.currentTimeMillis() - startTime;
log.info(String.format("Request time: %d ms",
elapsed));
}
}
};
}
/**
* This is a contribution to the RequestHandler service
configuration. This
* is how we extend Tapestry using the timing filter. A common use
for this
* kind of filter is transaction management or security. The @Local
* annotation selects the desired service by type, but only from
the same
* module. Without @Local, there would be an error due to the other
* service(s) that implement RequestFilter (defined in other modules).
*/
public void contributeRequestHandler(
OrderedConfiguration<RequestFilter> configuration,
@Local RequestFilter filter) {
// Each contribution to an ordered configuration has a name, When
// necessary, you may
// set constraints to precisely control the invocation order of the
// contributed filter
// within the pipeline.
configuration.add("Timing", filter);
}
@SuppressWarnings("unchecked")
public static void contributeComponentRequestHandler(
OrderedConfiguration configuration) {
configuration.addInstance("RequiresLogin",
RequiresLoginFilter.class);
configuration.addInstance("RequiresRole",
RequiresRolesFilter.class);
}
public static void
contributeWebSecurityManager(Configuration<Realm> configuration, Session
session) {
EntityRealm realm = new EntityRealm(session);
HashedCredentialsMatcher hcm = new
HashedCredentialsMatcher("SHA-256");
hcm.setHashIterations(1024);
hcm.setStoredCredentialsHexEncoded(false);
realm.setCredentialsMatcher(hcm);
configuration.add((Realm) realm);
}
package com.example.pms.entities;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.Transient;
import org.apache.shiro.crypto.RandomNumberGenerator;
import org.apache.shiro.crypto.SecureRandomNumberGenerator;
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.apache.shiro.util.ByteSource;
import org.apache.tapestry5.beaneditor.DataType;
import org.apache.tapestry5.beaneditor.NonVisual;
import org.apache.tapestry5.beaneditor.Validate;
import org.hibernate.Session;
import com.example.pms.Dao.impl.AufgabeDaoImpl;
import com.example.pms.Dao.impl.MitarbeiterDaoImpl;
import com.example.pms.Dao.impl.UnteraufgabeDaoImpl;
import com.example.pms.data.Systemrole;
import com.example.pms.data.Titel;
@Entity
@Table(name = "MITARBEITER")
public class Mitarbeiter {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@NonVisual
@Column(name = "ID")
public int id;
@Column(name = "titel")
public Titel titel;
@Column(name = "mitarbeitername", nullable = false)
@Validate("required")
public String name;
@Column(name = "vorname", nullable = false)
@Validate("Required")
public String vorname;
@NonVisual
@Column(name = "systemrole", nullable = false)
@Validate("Required")
public Systemrole role;
private boolean enabled = true;
@Transient
@DataType("password")
private String password;
@NonVisual
private String passwordSalt;
@NonVisual
private String passwordHash;
private String username;
@Column(name = "email", nullable = false)
@Validate("Required, regexp")
public String email;
@Column(name = "initialen", nullable = false, unique = true)
@Validate("Required")
public String initialen;
@OneToMany(mappedBy = "projektleiter")
private Set<Projekt> projektListe;
// Beziehung zur Funktion
@OneToMany(mappedBy = "verantwortlicher", cascade = {
CascadeType.REMOVE })
private Set<Funktion> funktion;
// Beziehung zur Funktion
@OneToMany(mappedBy = "verantwortlicher", cascade = {
CascadeType.REMOVE })
private Set<Arbeitspaket> arbeitspaket;
// Beziehung zum Projekt
@OneToMany(mappedBy = "mitarbeiter")
private Set<Mitarbeiterprojekt> mitarbeiterprojekt;
@ManyToMany(cascade = { CascadeType.ALL }, fetch = FetchType.EAGER)
@JoinTable(name = "MITARBEITER_AUFGABE", joinColumns = {
@JoinColumn(name = "MITARBEITER_ID") }, inverseJoinColumns = {
@JoinColumn(name = "AUFGABE_ID") })
private Set<Aufgabe> aufgabenListe;
@ManyToMany(cascade = { CascadeType.ALL }, fetch = FetchType.EAGER)
@JoinTable(name = "MITARBEITER_UNTERAUFGABE", joinColumns = {
@JoinColumn(name = "MITARBEITER_ID") }, inverseJoinColumns = {
@JoinColumn(name = "UNTERAUFGABE_ID") })
private Set<Unteraufgabe> unteraufgabenListe;
@OneToMany(mappedBy = "verantwortlicher", cascade = {
CascadeType.REMOVE }, fetch = FetchType.EAGER)
// fetch=FetchType.EAGER
private Set<Unterunteraufgabe> unterunteraufgabenListe;
/**
* @return the enabled
*/
public boolean isEnabled() {
return enabled;
}
/**
* @param enabled
* the enabled to set
*/
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
/**
* @param id
* UnteraufgabeID
* @param session
* @param unteraufgabeDao
* @param mitarbeiterDao
*/
public void removeUnteraufgabe(int id, Session session,
UnteraufgabeDaoImpl<Unteraufgabe> unteraufgabeDao,
MitarbeiterDaoImpl<Mitarbeiter> mitarbeiterDao) {
System.out.println(unteraufgabeDao
.countUnterunteraufgabenByMitarbeiterID(id, this.getId()));
if (unteraufgabeDao.countUnterunteraufgabenByMitarbeiterID(id, this
.getId()) == 1
||
unteraufgabeDao.findById(id).getUnterunteraufgabenListe()
.size() == 0) {
Iterator<Unteraufgabe> iterator = this.getUnteraufgabenListe()
.iterator();
while (iterator.hasNext()) {
Unteraufgabe unteraufgabe = iterator.next();
if (unteraufgabe.getId() == id) {
System.out.println(this.getUnteraufgabenListe().remove(
unteraufgabe));
}
}
mitarbeiterDao.save(this);
}
}
/**
* @param unteraufgabe
* @param session
* @param mitarbeiterDao
*/
public void addUnteraufgabe(Unteraufgabe unteraufgabe, Session session,
MitarbeiterDaoImpl<Mitarbeiter> mitarbeiterDao) {
// Unteraufgabe u = unteraufgabeDao.findById(id);
this.getUnteraufgabenListe().add(unteraufgabe);
mitarbeiterDao.save(this);
}
/**
* @param id
* AufgabeID
* @param session
* @param aufgabeDao
* @param mitarbeiterDao
*/
public void removeAufgabe(int id, Session session,
AufgabeDaoImpl<Aufgabe> aufgabeDao,
MitarbeiterDaoImpl<Mitarbeiter> mitarbeiterDao) {
System.out.println("aufgabe ");
System.out.println(aufgabeDao.countUnteraufgabenByMitarbeiterID(id,
this.getId()));
boolean found = false;
Aufgabe aufgabe;
if (aufgabeDao.countUnteraufgabenByMitarbeiterID(id,
this.getId()) == 0
||
aufgabeDao.findById(id).getUnteraufgabenListe().size() == 0) {
Iterator<Aufgabe> iterator =
this.getAufgabenListe().iterator();
while (iterator.hasNext() && !found) {
aufgabe = iterator.next();
if (aufgabe.getId() == id) {
found = this.getAufgabenListe().remove(aufgabe);
}
}
mitarbeiterDao.save(this);
}
}
/**
* @param unteraufgabe
* @param session
* @param mitarbeiterDao
*/
public void addAufgabe(Aufgabe aufgabe, Session session,
MitarbeiterDaoImpl<Mitarbeiter> mitarbeiterDao) {
// Unteraufgabe u = unteraufgabeDao.findById(id);
this.getAufgabenListe().add(aufgabe);
mitarbeiterDao.save(this);
}
public Set<Projekt> getProjekte(Set<Projekt> projekte) {
Set<Projekt> liste = new HashSet<Projekt>();
for (Projekt pro : projekte) {
Set<Mitarbeiter> projektMitarbeiter =
pro.getMitarbeiterListe();
for (Mitarbeiter mit : projektMitarbeiter) {
if (mit.getId() == this.getId())
liste.add(pro);
}
}
return liste;
}
/**
* @return the id
*/
public int getId() {
return id;
}
/**
* @param id
* the id to set
*/
public void setId(int id) {
this.id = id;
}
/**
* @return the titel
*/
public Titel getTitel() {
return titel;
}
/**
* @param titel
* the titel to set
*/
public void setTitel(Titel titel) {
this.titel = titel;
}
/**
* @return the name
*/
public String getName() {
return name;
}
/**
* @param name
* the name to set
*/
public void setName(String name) {
this.name = name;
}
/**
* @return the vorname
*/
public String getVorname() {
return vorname;
}
/**
* @param vorname
* the vorname to set
*/
public void setVorname(String vorname) {
this.vorname = vorname;
}
/**
* @return the initialen
*/
public String getInitialen() {
return initialen;
}
/**
* @param initialen
* the initialen to set
*/
public void setInitialen(String initialen) {
this.initialen = initialen;
}
/**
* @return the email
*/
public String getEmail() {
return email;
}
/**
* @param email
* the email to set
*/
public void setEmail(String email) {
this.email = email;
}
/**
* @return the projekt
*/
public Set<Projekt> getProjektListe() {
return projektListe;
}
/**
* @param projekt
* the projekt to set
*/
public void setProjektListe(Set<Projekt> projektListe) {
this.projektListe = projektListe;
}
/**
* @return the funktion
*/
public Set<Funktion> getFunktion() {
return funktion;
}
/**
* @param funktion
* the funktion to set
*/
public void setFunktion(Set<Funktion> funktion) {
this.funktion = funktion;
}
/**
* @return the arbeitspaket
*/
public Set<Arbeitspaket> getArbeitspaket() {
return arbeitspaket;
}
/**
* @param arbeitspaket
* the arbeitspaket to set
*/
public void setArbeitspaket(Set<Arbeitspaket> arbeitspaket) {
this.arbeitspaket = arbeitspaket;
}
/**
* @return the mitarbeiterprojekt
*/
public Set<Mitarbeiterprojekt> getMitarbeiterprojekt() {
return mitarbeiterprojekt;
}
/**
* @param mitarbeiterprojekt
* the mitarbeiterprojekt to set
*/
public void setMitarbeiterprojekt(Set<Mitarbeiterprojekt>
mitarbeiterprojekt) {
this.mitarbeiterprojekt = mitarbeiterprojekt;
}
/**
* @return the rolle
*/
public Systemrole getSystemrole() {
return role;
}
/**
* @param role
* the role to set
*/
public void setSystemole(Systemrole role) {
this.role = role;
}
/**
* @return the unterunteraufgabe
*/
public Set<Unterunteraufgabe> getUnterunteraufgabenListe() {
return unterunteraufgabenListe;
}
/**
* @param unterunteraufgabe
* the unterunteraufgabe to set
*/
public void setUnterunteraufgabenListe(
Set<Unterunteraufgabe> unterunteraufgabe) {
this.unterunteraufgabenListe = unterunteraufgabe;
}
/**
* @return the aufgabenListe
*/
public Set<Aufgabe> getAufgabenListe() {
return aufgabenListe;
}
/**
* @param aufgabenListe
* the aufgabenListe to set
*/
public void setAufgabenListe(Set<Aufgabe> aufgabenListe) {
this.aufgabenListe = aufgabenListe;
}
/**
* @return the unteraufgabenListe
*/
public Set<Unteraufgabe> getUnteraufgabenListe() {
return unteraufgabenListe;
}
/**
* @param unteraufgabenListe
* the unteraufgabenListe to set
*/
public void setUnteraufgabenListe(Set<Unteraufgabe>
unteraufgabenListe) {
this.unteraufgabenListe = unteraufgabenListe;
}
public String getPassword() {
return password;
}
/**
* @param password
* the password to set
*/
public void setPassword(String password) {
// Create a random salt value
RandomNumberGenerator rng = new SecureRandomNumberGenerator();
ByteSource salt = rng.nextBytes(128);
// Set passwordSalt as a string to store in the DB
setPasswordSalt(salt.toBase64());
// Create the salted hashed password
Sha256Hash sha256Hash = new Sha256Hash(password, salt, 1024);
// Convert to a string for storing in DB
String hashedPasswordBase64 = sha256Hash.toBase64();
setPasswordHash(hashedPasswordBase64);
// Set the password to the text version so it can be used
// for Shiro authentication
this.password = password;
// try {
// this.password = Encrypt.MD5(password);
// } catch (NoSuchAlgorithmException e) {
// e.printStackTrace();
// this.password = password;
// } catch (UnsupportedEncodingException e) {
// e.printStackTrace();
// this.password = password;
// }
}
/**
* @param username
* the username to set
*/
public void setUsername(String username) {
this.username = username;
}
public String getUsername() {
return username;
}
/**
* @return the role
*/
public Systemrole getRole() {
return role;
}
/**
* @param role
* the role to set
*/
public void setRole(Systemrole role) {
this.role = role;
}
/**
* @return the passwordSalt
*/
public String getPasswordSalt() {
return passwordSalt;
}
/**
* @param passwordSalt
* the passwordSalt to set
*/
public void setPasswordSalt(String passwordSalt) {
this.passwordSalt = passwordSalt;
}
/**
* @return the passwordHash
*/
public String getPasswordHash() {
return passwordHash;
}
/**
* @param passwordHash
* the passwordHash to set
*/
public void setPasswordHash(String passwordHash) {
this.passwordHash = passwordHash;
}
}
> <dependency>
> <groupId>org.tynamo</groupId>
> <artifactId>tapestry-security</artifactId>
> <version>0.5.1</version>
> <exclusions>
> <exclusion>
> <groupId>org.apache.tapestry</groupId>
> <artifactId>tapestry-ioc</artifactId>
> </exclusion>
> </exclusions>
> </dependency>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Securing page with Tapestry
Posted by "D.R." <d....@googlemail.com>.
Hi Will,
provide some code pls. Is this the full stacktrace?
Do you see the service definition in the startup log, like this?
[INFO] tapestry5.TapestryFilter Startup status:
Services:
...
WebSecurityManager: DEFINED
In addition i had to exclude t5-ioc as the versions did not match:
<dependency>
<groupId>org.tynamo</groupId>
<artifactId>tapestry-security</artifactId>
<version>0.5.1</version>
<exclusions>
<exclusion>
<groupId>org.apache.tapestry</groupId>
<artifactId>tapestry-ioc</artifactId>
</exclusion>
</exclusions>
</dependency>
With kind regards
David
Am 09.08.2013 12:07, schrieb Will N.:
> Hi,
> this is what i got when i follow the instructions in the mentioned
> tutorial.
>
> 2013-08-09 11:57:05.504:WARN::failed pms:
> java.lang.IllegalArgumentException: Contribution
> com.example.pms.services.PmsModule.contributeWebSecurityManager(Configuration,
> Session) (at PmsModule.java:193) is for service 'interface
> org.apache.shiro.web.mgt.WebSecurityManager' qualified with marker
> annotations [], which does not exist.
> 2013-08-09 11:57:05.504:WARN::Failed startup of context
> org.mortbay.jetty.webapp.WebAppContext@1b77bbb{/pms,C:\Users\xxx\tapestry\pms\src\main\webapp}
> java.lang.IllegalArgumentException: Contribution
> com.example.pms.services.PmsModule.contributeWebSecurityManager(Configuration,
> Session) (at PmsModule.java:193) is for service 'interface
> org.apache.shiro.web.mgt.WebSecurityManager' qualified with marker
> annotations [], which does not exist.
> at
> org.apache.tapestry5.ioc.internal.RegistryImpl.validateContributeDefs(RegistryImpl.java:246)
> at
> org.apache.tapestry5.ioc.internal.RegistryImpl.<init>(RegistryImpl.java:205)
> at
> org.apache.tapestry5.ioc.RegistryBuilder.build(RegistryBuilder.java:177)
> at
> org.apache.tapestry5.internal.TapestryAppInitializer.createRegistry(TapestryAppInitializer.java:200)
> at org.apache.tapestry5.TapestryFilter.init(TapestryFilter.java:109)
> at
> org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> at
> org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:713)
> at org.mortbay.jetty.servlet.Context.startContext(Context.java:140)
> at
> org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1282)
> at
> org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:518)
> at
> org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:499)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> at
> org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130)
> at org.mortbay.jetty.Server.doStart(Server.java:224)
> at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
> at runjettyrun.Bootstrap.main(Bootstrap.java:97)
> 2013-08-09 11:57:05.534:INFO::Started SelectChannelConnector@0.0.0.0:8080
>
>
>
> Am 07.08.2013 13:20, schrieb D.R.:
>> Hi,
>>
>> i also want to suggest tynamo tapestry-security.
>>
>> As a quickstart is missing, i recommend this post:
>> http://comments.gmane.org/gmane.comp.java.tynamo.user/287
>>
>> With the instructions given there, you can quickly setup
>> tapestry-security and use this as a starting point.
>>
>>
>> With kind regards
>> David
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Securing page with Tapestry
Posted by "Will N." <ll...@yahoo.fr>.
Hi,
this is what i got when i follow the instructions in the mentioned tutorial.
2013-08-09 11:57:05.504:WARN::failed pms:
java.lang.IllegalArgumentException: Contribution
com.example.pms.services.PmsModule.contributeWebSecurityManager(Configuration,
Session) (at PmsModule.java:193) is for service 'interface
org.apache.shiro.web.mgt.WebSecurityManager' qualified with marker
annotations [], which does not exist.
2013-08-09 11:57:05.504:WARN::Failed startup of context
org.mortbay.jetty.webapp.WebAppContext@1b77bbb{/pms,C:\Users\xxx\tapestry\pms\src\main\webapp}
java.lang.IllegalArgumentException: Contribution
com.example.pms.services.PmsModule.contributeWebSecurityManager(Configuration,
Session) (at PmsModule.java:193) is for service 'interface
org.apache.shiro.web.mgt.WebSecurityManager' qualified with marker
annotations [], which does not exist.
at
org.apache.tapestry5.ioc.internal.RegistryImpl.validateContributeDefs(RegistryImpl.java:246)
at
org.apache.tapestry5.ioc.internal.RegistryImpl.<init>(RegistryImpl.java:205)
at
org.apache.tapestry5.ioc.RegistryBuilder.build(RegistryBuilder.java:177)
at
org.apache.tapestry5.internal.TapestryAppInitializer.createRegistry(TapestryAppInitializer.java:200)
at org.apache.tapestry5.TapestryFilter.init(TapestryFilter.java:109)
at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97)
at
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at
org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:713)
at org.mortbay.jetty.servlet.Context.startContext(Context.java:140)
at
org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1282)
at
org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:518)
at
org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:499)
at
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at
org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130)
at org.mortbay.jetty.Server.doStart(Server.java:224)
at
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at runjettyrun.Bootstrap.main(Bootstrap.java:97)
2013-08-09 11:57:05.534:INFO::Started SelectChannelConnector@0.0.0.0:8080
Am 07.08.2013 13:20, schrieb D.R.:
> Hi,
>
> i also want to suggest tynamo tapestry-security.
>
> As a quickstart is missing, i recommend this post:
> http://comments.gmane.org/gmane.comp.java.tynamo.user/287
>
> With the instructions given there, you can quickly setup
> tapestry-security and use this as a starting point.
>
>
> With kind regards
> David
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Securing page with Tapestry
Posted by "D.R." <d....@googlemail.com>.
Hi,
i also want to suggest tynamo tapestry-security.
As a quickstart is missing, i recommend this post:
http://comments.gmane.org/gmane.comp.java.tynamo.user/287
With the instructions given there, you can quickly setup
tapestry-security and use this as a starting point.
With kind regards
David
Am 06.08.2013 16:46, schrieb Lenny Primak:
> Wy don't you use the wonderful tynamo tapestry-security library.
> It works great out of the box and easy to integrate.
>
> On Aug 6, 2013, at 3:10 AM, "Will N." <ll...@yahoo.fr> wrote:
>
>> Hi,
>> I am trying secure some pages of my application as shown in this tutorial. http://tapestryjava.blogspot.co.uk/search/label/security
>> But I am having following error message when I start the application.
>> Since the RequiresLoginFilte class implements the ComponentRequestFilter interface, I am confused about the coertion error!
>>
>>
>> [ERROR] ioc.Registry Error invoking service contribution method com.example.pms.services.PmsModule.contributeComponentRequestHandler(OrderedConfiguration): Could not find a coercion from type com.example.pms.services.RequiresLoginFilter to type org.apache.tapestry5.services.ComponentRequestFilter.
>> [ERROR] ioc.Registry Operations trace:
>> [ERROR] ioc.Registry [ 1] Realizing service ComponentRequestHandler
>> [ERROR] ioc.Registry [ 2] Instantiating service ComponentRequestHandler implementation via org.apache.tapestry5.services.TapestryModule.buildComponentRequestHandler(List, ComponentRequestHandlerTerminator, Logger) (at TapestryModule.java:2690)
>> [ERROR] ioc.Registry [ 3] Creating plan to invoke public org.apache.tapestry5.services.ComponentRequestHandler org.apache.tapestry5.services.TapestryModule.buildComponentRequestHandler(java.util.List,org.apache.tapestry5.internal.services.ComponentRequestHandlerTerminator,org.slf4j.Logger)
>> [ERROR] ioc.Registry [ 4] Determining injection value for parameter #1 (java.util.List)
>> [ERROR] ioc.Registry [ 5] Collecting ordered configuration for service ComponentRequestHandler
>> [ERROR] ioc.Registry [ 6] Invoking com.example.pms.services.PmsModule.contributeComponentRequestHandler(OrderedConfiguration) (at PmsModule.java:146)
>> [ERROR] TapestryModule.ComponentRequestHandler Construction of service ComponentRequestHandler failed: Error invoking service contribution method com.example.pms.services.PmsModule.contributeComponentRequestHandler(OrderedConfiguration): Could not find a coercion from type com.example.pms.services.RequiresLoginFilter to type org.apache.tapestry5.services.ComponentRequestFilter.
>> org.apache.tapestry5.ioc.internal.OperationException: Error invoking service contribution method com.example.pms.services.PmsModule.contributeComponentRequestHandler(OrderedConfiguration): Could not find a coercion from type com.example.pms.services.RequiresLoginFilter to type org.apache.tapestry5.services.ComponentRequestFilter.
>> at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.logAndRethrow(OperationTrackerImpl.java:121)
>> at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:88)
>> at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.run(OperationTrackerImpl.java:47)
>> at org.apache.tapestry5.ioc.internal.PerThreadOperationTracker.run(PerThreadOperationTracker.java:76)
>> at org.apache.tapestry5.ioc.internal.RegistryImpl.addToOrderedConfiguration(RegistryImpl.java:629)
>> at org.apache.tapestry5.ioc.internal.RegistryImpl.getOrderedConfiguration(RegistryImpl.java:483)
>> at org.apache.tapestry5.ioc.internal.ServiceResourcesImpl$2.invoke(ServiceResourcesImpl.java:110)...
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Securing page with Tapestry
Posted by Lenny Primak <lp...@hope.nyc.ny.us>.
Wy don't you use the wonderful tynamo tapestry-security library.
It works great out of the box and easy to integrate.
On Aug 6, 2013, at 3:10 AM, "Will N." <ll...@yahoo.fr> wrote:
> Hi,
> I am trying secure some pages of my application as shown in this tutorial. http://tapestryjava.blogspot.co.uk/search/label/security
> But I am having following error message when I start the application.
> Since the RequiresLoginFilte class implements the ComponentRequestFilter interface, I am confused about the coertion error!
>
>
> [ERROR] ioc.Registry Error invoking service contribution method com.example.pms.services.PmsModule.contributeComponentRequestHandler(OrderedConfiguration): Could not find a coercion from type com.example.pms.services.RequiresLoginFilter to type org.apache.tapestry5.services.ComponentRequestFilter.
> [ERROR] ioc.Registry Operations trace:
> [ERROR] ioc.Registry [ 1] Realizing service ComponentRequestHandler
> [ERROR] ioc.Registry [ 2] Instantiating service ComponentRequestHandler implementation via org.apache.tapestry5.services.TapestryModule.buildComponentRequestHandler(List, ComponentRequestHandlerTerminator, Logger) (at TapestryModule.java:2690)
> [ERROR] ioc.Registry [ 3] Creating plan to invoke public org.apache.tapestry5.services.ComponentRequestHandler org.apache.tapestry5.services.TapestryModule.buildComponentRequestHandler(java.util.List,org.apache.tapestry5.internal.services.ComponentRequestHandlerTerminator,org.slf4j.Logger)
> [ERROR] ioc.Registry [ 4] Determining injection value for parameter #1 (java.util.List)
> [ERROR] ioc.Registry [ 5] Collecting ordered configuration for service ComponentRequestHandler
> [ERROR] ioc.Registry [ 6] Invoking com.example.pms.services.PmsModule.contributeComponentRequestHandler(OrderedConfiguration) (at PmsModule.java:146)
> [ERROR] TapestryModule.ComponentRequestHandler Construction of service ComponentRequestHandler failed: Error invoking service contribution method com.example.pms.services.PmsModule.contributeComponentRequestHandler(OrderedConfiguration): Could not find a coercion from type com.example.pms.services.RequiresLoginFilter to type org.apache.tapestry5.services.ComponentRequestFilter.
> org.apache.tapestry5.ioc.internal.OperationException: Error invoking service contribution method com.example.pms.services.PmsModule.contributeComponentRequestHandler(OrderedConfiguration): Could not find a coercion from type com.example.pms.services.RequiresLoginFilter to type org.apache.tapestry5.services.ComponentRequestFilter.
> at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.logAndRethrow(OperationTrackerImpl.java:121)
> at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.invoke(OperationTrackerImpl.java:88)
> at org.apache.tapestry5.ioc.internal.OperationTrackerImpl.run(OperationTrackerImpl.java:47)
> at org.apache.tapestry5.ioc.internal.PerThreadOperationTracker.run(PerThreadOperationTracker.java:76)
> at org.apache.tapestry5.ioc.internal.RegistryImpl.addToOrderedConfiguration(RegistryImpl.java:629)
> at org.apache.tapestry5.ioc.internal.RegistryImpl.getOrderedConfiguration(RegistryImpl.java:483)
> at org.apache.tapestry5.ioc.internal.ServiceResourcesImpl$2.invoke(ServiceResourcesImpl.java:110)...
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org