J2EE login using j_security_check and template search path

[Thomas Ordrup Huusom Christensen <tc...@nordija.com>]

Hi

I am having trouble figuring out how to add J2EE security to my tapestry
application. I want to use form based login where you submit
"j_username" and "j_password" to the url j_security_check, because this
is the standardized way to achieve authorization on all J2EE
appserveres. How can I do this?

I have configured my web.xml so that everything under "/secure" requires
the user to be logged in. However I don't know how to configure tapestry so
it will look for templates here. My first question is: How do you make
tapestry search for templates in subdirectories? Is it not common
practise? Looking at Vlib and Workbench I see that every page is in root
of the webapp. Is that a restriction?

When doing the form based login form I can't seem to be able to use
@Form since it requires me to implement a formSubmit method on the page
class instead of sending the info to the j_secure_check url. So my next
question is: Is it possible to use j_secure_check or do I have to code
the login (which isn't standardized between appserveres)?

Alternative solutions, hints, tips etc are all welcome

Cheers

Thomas Christensen




---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org

Re: J2EE login using j_security_check and template search path

[Erik Hatcher <er...@ehatchersolutions.com>]

On Jan 20, 2004, at 3:31 AM, Thomas Ordrup Huusom Christensen wrote:
> I am having trouble figuring out how to add J2EE security to my 
> tapestry
> application. I want to use form based login where you submit
> "j_username" and "j_password" to the url j_security_check, because this
> is the standardized way to achieve authorization on all J2EE
> appserveres. How can I do this?

There are a few tricks that can be played, but it all depends on how 
fine grained you need to be.  For the apps I'm building, the entire 
application is secured, so web.xml locks down /app to a specific role.  
I created a login.application which only has a LoginPage which submits 
to j_security_check, this login.application is registered in web.xml as 
/login and is not secured.  This separate login.application trick is 
working quite well for our scenario.

To get more fine grained with pages requiring different levels of 
access, the best trick I've seen mentioned is to use the .page 
<property> metadata to specify role(s) and create a base class that 
does the checking and all your other pages subclass from it.

> I have configured my web.xml so that everything under "/secure" 
> requires
> the user to be logged in. However I don't know how to configure 
> tapestry so
> it will look for templates here. My first question is: How do you make
> tapestry search for templates in subdirectories? Is it not common
> practise? Looking at Vlib and Workbench I see that every page is in 
> root
> of the webapp. Is that a restriction?

You can specify pages in the .application file to be in subdirectories. 
  This is not a clean or optimal solution for my tastes though, but this 
is how we currently do it.  If you really want to roll up your sleeves, 
you can override the template loading mechanism if you like - but it is 
not for the faint of heart.

> When doing the form based login form I can't seem to be able to use
> @Form since it requires me to implement a formSubmit method on the page
> class instead of sending the info to the j_secure_check url. So my next
> question is: Is it possible to use j_secure_check or do I have to code
> the login (which isn't standardized between appserveres)?

My LoginPage does not use @Form, it just uses pure HTML for a login 
form.  No need to Tapestry-ize this particular form, not to mention you 
can't :)

Hope this helps.

	Erik


---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org