You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Boyd Ebsworthy <be...@entreview.com> on 2003/09/23 11:22:42 UTC
Authentication, J2EE & Tapestry
Hi,
I've been looking around but i couldn't find an example of how to use
J2EE Authentication mecanisms in Tapestry. All i could find was a note
in the wiki proposing that the developer's guide be updated with a
security chapter and a post in the mailing list archive giving an
example of do-it-yourself authentication using the
IPage.validate(IRequestCycle) method.
Which isn't bad but i'd like to move the login/authentication
responsability out of my way.
So if anyone could point me to a tutorial or some demo code (working or
snippet) i would greatly appreciate.
Thanks
Boyd,
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Authentication, J2EE & Tapestry
Posted by Michael Kolmodin <Mi...@kolmodin.net>.
Boyd Ebsworthy wrote:
> Hi,
>
> I've been looking around but i couldn't find an example of how to use
> J2EE Authentication mecanisms in Tapestry. All i could find was a note
> in the wiki proposing that the developer's guide be updated with a
> security chapter and a post in the mailing list archive giving an
> example of do-it-yourself authentication using the
> IPage.validate(IRequestCycle) method.
> Which isn't bad but i'd like to move the login/authentication
> responsability out of my way.
>
Somewhere I found an example in the archives a time ago.I have tried to
find it again, but failed. Enclosed you will find the LoginPage I made
based on this. It's newbie code, it might suck, but it works for me :-)
Hope this helps, I havn't really time to take away the irrelevant parts...
--michael
---------------------------------------------------------------------------
package whatever;
import java.util.*;
import java.io.*;
import java.security.*;
import javax.security.auth.*;
import javax.security.auth.login.*;
import javax.security.auth.callback.*;
import org.apache.log4j.*;
import org.apache.tapestry.*;
import org.apache.tapestry.html.*;
import org.apache.tapestry.engine.*;
import org.apache.tapestry.event.*;
import org.apache.tapestry.callback.*;
/**
*
* Presents and handles a login form, routes call to proper page.
* A fixed page is called on login failures.
* Client should invoke setCallback() before activating page.
*
* @author mk
*/
public class LoginPage extends BasePage implements CallbackHandler
{
private Logger log = Logger.getLogger( "Login" );
private static char[] emptyPw = { ' ' };
protected ICallback callback;
/**
*
* Default security realm, used as argument to LoginContext
* constructor.
* Overridden by system parameter "security-realm". Defined by
* the EJB
* container, in jboss in the login-config.xml file.
*
*/
public static String DEFAULT_REALM = "YALT";
/** The key for the security realm. */
public static String REALM_KEY = "net.kolmodin.yalt.security-realm";
public LoginPage()
{
super();
}
/** Define where to go on succesful login. */
public void setCallback( ICallback cb )
{
callback = cb;
fireObservedChange( "callback", cb );
}
/**
*
* Called from the LoginContext, hands username and password
* from user to the loginContext.
*
*/
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException
{
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
// Return username.
NameCallback nc = (NameCallback) callbacks[i];
nc.setName( username == null ? "" : username );
}
else if (callbacks[i] instanceof PasswordCallback) {
// Return password.
PasswordCallback pc = (PasswordCallback) callbacks[i];
pc.setPassword(
password == null ? emptyPw : password.toCharArray()
);
}
else {
throw new UnsupportedCallbackException(
callbacks[i], "Unrecognized Callback" );
}
}
}
/** Username entered by user. */
protected String username = null;
/** Set the username property. */
public void setUsername( String s )
{
username = s;
fireObservedChange("username", s);
}
/** Returns the username entered by user. */
public String getUsername()
{
return username;
}
/** Password entered by user. */
protected String password = null;
/** Define password entered by user. No checks, those are
supposed to be done in presentation layer. */
public void setPassword( String s )
{
password = s;
fireObservedChange("password", s);
}
/** Return password entered by user. */
public String getPassword()
{
return password;
}
protected String realm = DEFAULT_REALM;
/** Reset page properties after use. */
public void detach()
{
username = null;
password = null;
realm = null;
super.detach();
}
/** Handle users request to login. SetCallback() must be invoked
before calling this. */
public void submitLogin(IRequestCycle cycle)
{
Visit visit = (Visit) getPage().getVisit();
assert visit != null : "Null visit?!";
try{
visit.setPrincipal( null );
IPropertySource props =
cycle.getEngine().getPropertySource();
String tmpRealm = props.getPropertyValue( REALM_KEY );
if( tmpRealm != null )
realm = tmpRealm;
LoginContext loginContext = new LoginContext( realm, this );
loginContext.login();
Subject subject = loginContext.getSubject();
assert subject != null :
"Null subject after successful login?!";
visit.doSomethingWithSubject(...)
}
catch( LoginException le ){
visit.clearAllLoginData(...)
log.warn( "Login exception: " + le.getMessage() );
IPage page = Whatever.getLoginFailurPage(...);
throw new PageRedirectException( page );
}
if( callback == null )
throw new IllegalStateException(
"No callback defined for successful login ");
callback.performCallback( cycle );
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org