teasy.
Good luck.
On 5 May 2017 at 23:49, Richard Frovarp wrote:
> I'm wondering if there is a straightforward way to secure
> tapestry-resteasy with Shiro. We're already using tapestry-security. I have
> a student doing some work to do this, and it doesn't seem like t
I'm wondering if there is a straightforward way to secure
tapestry-resteasy with Shiro. We're already using tapestry-security. I
have a student doing some work to do this, and it doesn't seem like the
two work together. We can protect the URL path from the AppModule using
the
It's been a while but I think you are correct about how Shiro works. I
would use a role to solve this. You can make a role like "maintainer" and
assign that role to anyone that can maintain objects. Then you can protect
any pages after the url /maintain
On Wednesday, April
ntain appear on the list of objects, and when they try
to POST a change, shiro ensure they have rights to the object. All
works, no problems.
This new feature is functionality that not all users have access to, so
on the front page I want to add a link that only appears for users who
have a
ation
(possibly configurable with a symbol), people would be able to enable it if
they like. Ultimately, the call is yours, I just wanted to point out this
possible problem.
On Mon, Mar 10, 2014 at 9:41 PM, Kalle Korhonen
wrote:
> Perhaps there's no reason to wait for a fix in Shiro. I could jus
Perhaps there's no reason to wait for a fix in Shiro. I could just
implement this as a new default CookieRememberMeManager in
tapestry-security. Dusko, you mind if I use your SimplePrincipalSerializer?
Kalle
On Thu, Mar 6, 2014 at 3:21 AM, Dusko Jovanovski wrote:
> Thanks for point
Cookie size is 2K. Works like a charm, thank you :).
Regards,
Lidija
On Thu, Mar 6, 2014 at 12:21 PM, Dusko Jovanovski wrote:
> Thanks for pointing that out, I wasn't finishing the GZIP stream properly,
> already fixed in the updated gist.
> https://gist.github.com/duskote/0f8cce8d1b0d1cc56844
t
>
> si.najdi.web.util.SimplePrincipalSerializer2.deserialize(SimplePrincipalSerializer2.java:17)
> ~[classes/:na]
> at
>
> org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:514)
> ~[shiro-core-1.2.0.jar:1.2.0]
> at
>
eserialize(AbstractRememberMeManager.java:514)
~[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:431)
~[shiro-core-1.2.0.jar:1.2.0]
at
org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManage
gt;
> > On Wed, Mar 5, 2014 at 5:54 PM, Kalle Korhonen <
> kalle.o.korho...@gmail.com
> > > wrote:
> >
> >> Ah yes, the size of the default remember me cookie can grow outrageously
> >> big because it uses Java serialization. That's long running issue
>
On Wed, Mar 5, 2014 at 5:54 PM, Kalle Korhonen > wrote:
>
>> Ah yes, the size of the default remember me cookie can grow outrageously
>> big because it uses Java serialization. That's long running issue against
>> Shiro web (https://issues.apache.org/jira/browse/SHIR
5:54 PM, Kalle Korhonen
wrote:
> Ah yes, the size of the default remember me cookie can grow outrageously
> big because it uses Java serialization. That's long running issue against
> Shiro web (https://issues.apache.org/jira/browse/SHIRO-226). It's simply
> to
&g
Ah yes, the size of the default remember me cookie can grow outrageously
big because it uses Java serialization. That's long running issue against
Shiro web (https://issues.apache.org/jira/browse/SHIRO-226). It's simply to
override with your own implementation - you could use the one att
Sorry for talking to myself :-).
We managed to resolve the issue - the cookie was bigger than 4K. I had to
debug shiro-web since there was no warning whatsoever and browser obviously
just ignored the cookie.
This issue is nicely explained here:
http://shiro-user.582556.n2.nabble.com/Remember-me
I pasted shiro's debug logs below.
As far as I can see two rememberMe cookies are created: one with value
"deleteMe" that gets deleted immediately since Max-Age=0 and another
rememberMe cookie that has expiration date 1 year from now. So why don't I
see this cookie in a browser?
There's a debug m
Lenny and Kalle, thank you for your responses.
On Tue, Feb 25, 2014 at 10:26 PM, Kalle Korhonen wrote:
>
>
> Shiro makes a strong separation between remembered and authenticated use
> cases. It depends on your security settings whether you want to allow
> remembered only users
cookie "rememberMe"
> is created. After I close the browser and reopen it again I'm not logged
> in. Am I missing something here?
>
Shiro makes a strong separation between remembered and authenticated use
cases. It depends on your security settings whether you want to allo
gt;
> UsernamePasswordToken token = new UsernamePasswordToken(jsecLogin,
> jsecPassword);
>token.setRememberMe(true);
>
>try {
> currentUser.login(token);
>}
>...
> }
>
>
> This is taken from shiro documentation (
> https://shiro.apach
throw new IllegalStateException("Subject can`t be null");
}
UsernamePasswordToken token = new UsernamePasswordToken(jsecLogin,
jsecPassword);
token.setRememberMe(true);
try {
currentUser.login(token);
}
...
}
This is taken from shiro documentation (
https://sh
.
>
> This is supposed to be accomplished with the following setting in
> shiro.ini:
> [main]
> securityManager.sessionManager.sessionIdCookie.domain=
>
> But as I understand, I cannot configure shiro in Tapestry through
> shiro.ini file.
>
> How else can I configure this?
>
> Any help would be highly appreciated.
>
> Regards,
> Lidija
>
>
as I understand, I cannot configure shiro in Tapestry through shiro.ini
file.
How else can I configure this?
Any help would be highly appreciated.
Regards,
Lidija
FlowLogix library also has a couple of solutions to deal with this:
@AJAX annotation
http://code.google.com/p/flowlogix/wiki/TLAJAXAnnotation
that will redirect to the login screen if session has expired (among other
things)
and the SessionMonitor component
http://code.google.com/p/flowlogix/wi
Hi Jens
On Oct 28, 2013, at 19:44 , Lenny Primak wrote:
...
>> The statement above would make me think that Tapestry-Security does work for
>> AJAX requests too, as onActivate() is invoked for every request for the
>> page, render or action.
>
> The way Tapestry-Securitiy filter is set up is
;> Also, in Tapestry 5.4, this should be handled properly by way T5.4 handles
>> JavaScript.
>
> I'm not following you.
Tapestry 5.4 handles JavaScript errors better, so this issue doesn't exist in
T5.4
>
>> onActivate isn't getting called because Tapestry-Sec
r a page that's not authorized?
Also, in Tapestry 5.4, this should be handled properly by way T5.4
handles JavaScript.
I'm not following you.
onActivate isn't getting called because Tapestry-Security / Shiro
intercepts it (and denies it's permission)
before onActivate ever
> Nevertheless its still possible to enter such a link URL directly in the
> browser, but luckily in this case everything works as expected (redirect to
> "unauthorized" page and onActivate from the unauthorized page gets called)
>
> As the only difference is "zone/
; page and onActivate from the unauthorized page gets called)
As the only difference is "zone/ajax" related, I guess shiro does not handle
XHR requests correctly when rendering/redirecting, but this just an assumption.
I have to dig deeper in the shiro source
Jens
Von meinem iPhone gesendet
pt.
onActivate isn't getting called because Tapestry-Security / Shiro intercepts it
(and denies it's permission)
before onActivate ever gets called.
On Oct 27, 2013, at 8:55 AM, Jens Breitenstein wrote:
> Hi all!
>
> I have a strange problem and maybe one of you can give me a hin
y") on the
event-callback method to limit access. In case an user does not have the
required permissions Shiro correctly identfies it and throws an
OperationException("Subject does not have permission"), perfect too.
Unfortunately there is no redirect to the "Unauthorized&
laugh. I know how this works with tapestry and also
> would like to do/know how to do this with shiro, without using the userExists
> property if there is a way.
>
> Gesendet über Yahoo! Mail für Android
>
>
I am glad i made you laugh. I know how this works with tapestry and also would
like to do/know how to do this with shiro, without using the userExists
property if there is a way.
Gesendet über Yahoo! Mail für Android
Haha, man, you made me so laugh!! :))I am not sure whether or not are you
trolling, but you made my day bumping with this Q. on my Q. :D Hahahaha :))
I am not acquinted well enough with tapestry shiro, but as for the tapestry
itself, there is a great shortcut including
@Property
Hi,
i have some issues using shiro in my tapestry application. So far login
and logout work almost perfect. I have a custom logout link which is an
image but one logout text is still i guess automatically generated, so i
have my image and the "logout" text(link). how can i avoid
Well its strange
I see in debugger two invocations of the method
and two increments of my counter.
but only one lands in the database.
very strange
even after logout and shutdown...
hitcount == 1
Folks,
i am operating shiro on tapestry.
but my doGetAuthenticationInfo(...) is called twice for every
currentSubject.login(...) call
I cannot even implement a hit counter without the count being doubled at
increment within the realm.
is there a workaorund for this? or do i have to live
ropriate UserAccount, you probably
don't have the right CredentialsMatcher configured. Perhaps you need
to [set a HashedCredentialsMatcher to your realm][4].
[1]:
http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/AuthenticatingRealm.html
[2]:
http://shiro.apach
UserAccount user = findByUsername(username);
return new SimpleAuthenticationInfo(username,
user.getEncodedPassword(),
new SimpleByteSource(user.getPasswordSalt()), getName());
}
}
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/shiro-authenticati
On Tue, Dec 20, 2011 at 3:45 AM, csckid wrote:
> public static void
> contributeSecurityConfiguration(Configuration
> configuration,
> SecurityFilterChainFactory factory) {
>
> configuration.add(factory.createChain("/medicine/create").add(factory.roles(),"employee,
> doctor
d());
}
and
@RequiresRoles(value = {"doctor", "employee"})
None of them worked. :(
I wanted doctor and employee to access the page. But, with these code none
of them were working.
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/shiro-tp5082018p5088642.ht
Chain("/medicine/**").add(factory.roles(),
> "employee").build());
>
> configuration.add(factory.createChain("/prescription/**").add(factory.roles(),
> "doctor").build());
>
> configuration.add(factory.createChain("/medicine/**").add
roles(),
"doctor").build());
configuration.add(factory.createChain("/medicine/**").add(factory.roles(),
"doctor").build());
}
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/shiro-tp5082018p5082018.html
Sent from the Tapestry -
y simple tutorial just for this?
shiro-users.properties is for a properties realm (i.e. that's your
simple "user database"). You want a custom realm for your database
model, something like:
http://svn.codehaus.org/tynamo/trunk/tynamo-federatedaccounts/tynamo-federatedaccounts-core/s
nfiguration.add("signup-anon", new FilterChainDefinition("/signup",
"anon"));
configuration.add("signin-anon", new FilterChainDefinition("/signin",
"anon"));
}
*
shiro-users.properties*
//I really don't know what to write here
user.localus
Damn, I only now find out that I have replies to my question.
Kalle, I have an app that sometimes (depending on some conf init parameter)
should use the typical login "inapp" sequence (tapestry login page and out
of the box tapestry-shiro integration) but at other times the authenticat
en I'm redirected to a / and
> > loose the localization info.
> > I have not been able to solve this yet.
>
> Please open a (Tynamo) issue for it and I get to it.
>
> > 2. shiro.ini or module configuration - I'm confused
> > The tapestry-security documentatio
/ and
> loose the localization info.
> I have not been able to solve this yet.
Please open a (Tynamo) issue for it and I get to it.
> 2. shiro.ini or module configuration - I'm confused
> The tapestry-security documentation say you can configure shiro in either
> shiro.ini o
it's been a
pleasure.
Using:
Tapestry 5.2.4
Tapestry-Security: 0.3.1
Initially I had a custom authentication dispatcher for restricting access,
and a cookie rememberme (also a dispatcher).
With tapestry-security and shiro I get a feature rich authentication and
authorization framework based on
Thanks, Taha, that really helped, I got it working.
Ron
From: Taha Hafeez
To: Tapestry users
Sent: Wed, January 5, 2011 4:21:49 PM
Subject: Re: questions regarding tapestry, shiro, tapestry-security and the
hotel-booking-demo
The configuration is in the
On Wed, 05 Jan 2011 06:16:43 -0200, Ronald Luke
wrote:
Hello, guys,
Hi!
Now I'm looking at the wonderful T5 hotel-booking-demo(using tynamo's
tapestry-security) code. If a visitor is not logged in , when she goes
to the search page, she will be redirected to the signin page. Looking
a
uot;), "after:signin");
configuration.add("secured", new FilterChainDefinition("/**",
"authc"), "after:signup");
}
regards
Taha
On Wed, Jan 5, 2011 at 1:46 PM, Ronald Luke wrote:
> Hello, guys,
>
> I am having a very hard
Hello, guys,
I am having a very hard time trying to figure out how to use shiro in tapestry.
Now I'm looking at the wonderful T5 hotel-booking-demo(using tynamo's
tapestry-security) code. If a visitor is not logged in , when she goes to the
search page, she will be redirected to
Follow http://jira.codehaus.org/browse/TYNAMO-67. In the one
application I needed this, I'm still using tapestry-security 0.1.0
which allowed these type of contributions and was a separate and my
original effort at integrating jsecurity/shiro. There were a few other
interesting features and
ko
wrote:
>
> Hello!
>
> I need to override Shiro authc filter. I can do that via shiro.ini file:
> [main]
> authc=com.programeter.web.security.RemoteUserAuhtenticationFilter
>
> But I am wondering if there's way to achieve the same via XxxModule and
&g
Hello!
I need to override Shiro authc filter. I can do that via shiro.ini file:
[main]
authc=com.programeter.web.security.RemoteUserAuhtenticationFilter
But I am wondering if there's way to achieve the same via XxxModule and
configure Shiro via Tynamo Security. Tynamo
Alejandro,
Would you mind posting your Realm implementation?
I tried just providing a CacheManager to the constructor for
AuthorizingRealm but there must be something else missing as i still
have 2 problems:
1. The SimpleAccount is not being cached after the credentials have been
checked (i
Hi Paul
The AuthorizingRealm constructor can take a CacheManager as a parameter.
In our case we use the EhCacheManager.
That's all you need!
Cheers.
Alejandro
On Fri, Nov 19, 2010 at 12:58 AM, Paul Stanton wrote:
> Kalle,
>
> I'm think I'm making progress however I haven't found a good guide
Kalle,
I'm think I'm making progress however I haven't found a good guide to
confirm I'm on the right track.
I have a persistent User entity (db+hibernate). The user has multiple
roles. I only really want to use the RequiresRoles annotation on pages
(and some methods) at this point.
So wha
(new Runnable() {
public void run() {
SecurityUtils.getSubject().login(new
UsernamePasswordToken(username, password));
}
});
Assert.assertEquals(subject.getPrincipal(), username);
but i have no idea , how to test salt.
--
View this messag
tends HashedCredentialsMatcher {
3) Are you using T5.1.0.5? If so, use the brand new, yet unannounced
tapestry-security 0.2.1 (that depends on Shiro 1.1.0).
Agree this is important enough to have a decent example for it. I'm
waiting to have T5.2.3 release available before making the
corresponding tapestr
So this is in my pom.xml
I have 0.2.0 version of tynamo security excluding apache shiro
1.0.0.incubating and instead using 1.1.0 of apache shiro.
my save user looks like this..
// begin save user
RandomNumberGenerator rng = new SecureRandomNumberGenerator
5 Anton Mezerny
> > >
> > > > Hi all,
> > > > I am playing with hotel booking application and trying to use some
> > > examples
> > > > from it in my project. Now I have a problem in login page - when I
> try
> > to
> > > >
om it in my project. Now I have a problem in login page - when I try
> to
> > > login, I got
> > > shiro's cipher exception, like here:
> > > https://issues.apache.org/jira/browse/SHIRO-183
> > > Is it fixed now? How can I upgrade to fixed ver
/10/25 Anton Mezerny
>
> > Hi all,
> > I am playing with hotel booking application and trying to use some
> examples
> > from it in my project. Now I have a problem in login page - when I try to
> > login, I got
> > shiro's cipher exception, like here:
> >
> shiro's cipher exception, like here:
> https://issues.apache.org/jira/browse/SHIRO-183
> Is it fixed now? How can I upgrade to fixed version of
> shiro/tynamo-security?
> Thanks in advance.
> Anton
>
--
Regards,
Christophe Cordenier.
Committer on Apache Tapestry 5
Co-creator of wooki @wookicentral.com
gt; login, I got
> shiro's cipher exception, like here:
> https://issues.apache.org/jira/browse/SHIRO-183
> Is it fixed now? How can I upgrade to fixed version of
> shiro/tynamo-security?
> Thanks in advance.
> Anton
>
Hi all,
I am playing with hotel booking application and trying to use some examples
from it in my project. Now I have a problem in login page - when I try to
login, I got
shiro's cipher exception, like here:
https://issues.apache.org/jira/browse/SHIRO-183
Is it fixed now? How can I upgra
66 matches
Mail list logo
