You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Daniel Henze <dh...@googlemail.com> on 2010/06/10 14:04:19 UTC
Re: Authentication error with Tapestry-Spring-Security [SOLVED]
Well, that did help. Somehow, as it left me even more confused at the
beginning. Debugging activated, I came to realize, that the
loadByUsername method in the UserDetailsServiceImpl never even is called
on Login.
So, knowing that I started to mock around in the AppModule and pushed
things around until it finally worked. I had commented out the
daoAuthenticationProvider at some stage. Adding it again solved that
issue for me.
Christophe, thanks for your help and pointing me the right direction.
Very much appreciated.
Best regards
Daniel
just for reference, my AppModule (just the spring TSS related points)
now looks like that:
...
/*
* http://www.localhost.nu/java/tapestry-spring-security/conf.html
*/
public static UserDetailsService buildUserDetailsService(
@Inject UserDAO userDao) {
System.out.println("Building UserDetailService");
return new UserDetailsServiceImpl(userDao);
}
public static void contributeProviderManager(
OrderedConfiguration<AuthenticationProvider> configuration,
@InjectService("DaoAuthenticationProvider")
AuthenticationProvider
daoAuthenticationProvider) {
configuration.add("daoAuthenticationProvider",
daoAuthenticationProvider);
}
public static void contributeAlias(
Configuration<AliasContribution<PasswordEncoder>>
configuration) {
configuration.add(AliasContribution.create(
PasswordEncoder.class,
new ShaPasswordEncoder()));
}
...
Am 10.06.2010 10:56, schrieb Christophe Cordenier:
> My advice is to debug your application to check if the password encoding at
> login time is the same as the one you provided at creation time.
>
> Put a break point in the method that retrieves the user from DB, have a look
> the stack in eclipse debug mode, identifiy the Authentication Spring Filter,
> go into this stackframe and debug step by step to see what's happening after
> user retrieval.
>
> Note that we use spring-security (w/o tapestry-spring-security) at
> http://github.com/robink/wooki
>
> 2010/6/10 Daniel Henze<dh...@googlemail.com>
>
>
>> The way I encode the password is using the following create method in
>> UserServiceImpl:
>> ...
>> public UserServiceImpl(PasswordEncoder encoder, SaltSource salt, UserDAO
>> userDao, Logger logger, IRoleService roleService) {
>> this.encoder = encoder;
>> this.salt = salt;
>> this.userDao = userDao;
>> this.logger = logger;
>> this.roleService = roleService;
>> }
>> ...
>> public long createUser(User user) {
>> String clearTextPassword = user.getPassword();
>> user.setPassword( encoder.encodePassword(clearTextPassword,
>> salt.getSalt(user)));
>> user.addRole(roleService.findByAuthority("USER_ROLE"));
>> this.save(user);
>> return user.getId();
>> }
>>
>> The password is stored as VARCHAR in the DB. I had suspected that as well,
>> but since encoder is configured in appmodule and salt and encoder both
>> injected, I assumed this should be fine. Do I have to implement
>> SaltSourceService myself?
>>
>> Am 10.06.2010 10:39, schrieb Christophe Cordenier:
>>
>> Have you checked that the encoder used by Spring filter is the same you
>>
>>> use
>>> to encode it in your DB ?
>>>
>>> Password Encoding is made of a salt and an algorithm.
>>>
>>>
>>> 2010/6/10 Daniel Henze<dh...@googlemail.com>
>>>
>>>
>>>
>>>
>>>> Thanks for your reply.
>>>>
>>>> Yes, I did check that. And it's ok, lovely long and encrypted passwords.
>>>>
>>>> Daniel
>>>>
>>>> Am 10.06.2010 09:51, schrieb Christophe Cordenier:
>>>>
>>>> Hi
>>>>
>>>>
>>>>
>>>>> I guess you already did it but have you checked if the password is
>>>>> stored
>>>>> in
>>>>> SHA1 ?
>>>>>
>>>>> 2010/6/10 Daniel Henze<dh...@googlemail.com>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Hi there,
>>>>>>
>>>>>> I installed Tapestry-Spring-Security and followed the installation and
>>>>>> configuration advise. But I have no luck as the login does not work for
>>>>>> me
>>>>>> and always returns "Username and/or password was wrong!". There was a
>>>>>> recent
>>>>>> post about the "Bad credentials" and it was the wrong SaltService at
>>>>>> the
>>>>>> end, but I doubt that is the reason here as I'm following standard
>>>>>> installation.
>>>>>>
>>>>>> I tried different approaches (the IUserService extending the
>>>>>> UserDetailsService and all methods implemented in UserServiceImpl) to
>>>>>> not
>>>>>> setting the Password encoder and even switching from MySQL to HSQLDB
>>>>>> and
>>>>>> back. It's probably just a glitch, but I'd appreciate if someone could
>>>>>> enlighten me.
>>>>>>
>>>>>> Cheers
>>>>>> Daniel
>>>>>>
>>>>>> -----------
>>>>>>
>>>>>> My Setup:
>>>>>>
>>>>>> class: User implements UserDetails
>>>>>>
>>>>>> service: UserDetailsServiceImpl implements UserDetailsService
>>>>>> public UserDetails loadUserByUsername(String username) throws
>>>>>> UsernameNotFoundException, DataAccessException {
>>>>>> User u = userDao.findByUsername(username);
>>>>>> if (u != null) {
>>>>>> return u;
>>>>>> }
>>>>>> return null;
>>>>>> }
>>>>>>
>>>>>> service: UserServiceImpl implements IUserService (Domain specific
>>>>>> methods,
>>>>>> e.g. User creation)
>>>>>>
>>>>>> DAO: UserDAOHibernate
>>>>>> public User findByUsername(String username) {
>>>>>> return (User) session.createCriteria(User.class)
>>>>>> .add(Restrictions.eq("username", username))
>>>>>> .uniqueResult();
>>>>>> }
>>>>>>
>>>>>> page: LoginPage and it's template
>>>>>>
>>>>>> AppModule:
>>>>>> public static void bind(ServiceBinder binder) {
>>>>>> ...
>>>>>> binder.bind(IUserService.class, UserServiceImpl.class);
>>>>>> }
>>>>>>
>>>>>> public static void contributeApplicationDefaults(
>>>>>> MappedConfiguration<String, String> configuration) {
>>>>>> ...
>>>>>> configuration.add("spring-security.failure.url",
>>>>>> "/loginpage/failed");
>>>>>> configuration.add("spring-security.accessDenied.url",
>>>>>> "/forbidden");
>>>>>> ...
>>>>>> }
>>>>>>
>>>>>> public static UserDetailsService buildUserDetailsService(
>>>>>> @Inject UserDAO userDao) {
>>>>>> System.out.println("Building UserDetailService");
>>>>>> return new UserDetailsServiceImpl(userDao);
>>>>>> }
>>>>>>
>>>>>> public static void contributeAlias(
>>>>>> Configuration<AliasContribution<PasswordEncoder>>
>>>>>> configuration) {
>>>>>>
>>>>>> configuration.add(AliasContribution.create(
>>>>>> PasswordEncoder.class,
>>>>>> new ShaPasswordEncoder()));
>>>>>> }
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>>>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>>>> For additional commands, e-mail: users-help@tapestry.apache.org
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
>> For additional commands, e-mail: users-help@tapestry.apache.org
>>
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org