Re: Authentication Tapestry 5

Wed, 21 Nov 2007 00:28:52 -0800 

Hi Gabriel
I have a similar setup using a JDBC realm as well as multiple applications running on the domain so the best solution for me was to look for the authorization header in the browser and use this info to authenticate 


Chris posted a great wiki article on how to implement a Dispatcher or 
RequestFilter to handle the authentication, I don't know if anyone has a 
better solution than this but I get to the servlet context by adding 
constructor arguments to the wiki example:


public AccessController(
               ApplicationStateManager asm,
               RequestGlobals requestGlobals){
               this.request_ = requestGlobals.getHTTPServletRequest();
               this.response_ = requestGlobals.getHTTPServletResponse();
               this.asm_ = asm;
       }

seems to work,

Peter

Gabriel Landais wrote:

Peter Stavrinides a écrit :

Hi all


My question is more of a best practice related question, I want to 
use a filter to extract my authentication code from the rest of the 
application logic, [...]


Thanks in advance,
Peter


Hi,
First, I'm a real Tapestry newbie, and I believe that Tapestry has a
quite steep learning curve (at last for T5 with current documentation).
 I wish to use JAAS inside my webapp, and I didn't achieve to use a
Tapestry login form. So I'm using a basic html page with Tomcat out of
box security login config. Magically, I'm able to retrieve my principal
in the JBoss EJB3 context. I use those EJBs for authorizations, Tapestry
just not knows if users have rights on data, as I delegate only the "V"
of MVC to Tapestry. If a user doesn't have right on something, a
security exception is thrown by the model and displayed back to him.
 A better solution would be having one namespace dedicated to login
users, not protected by servlet container. A Tapestry component would be
able to login user, and redirect him to a component in another
namespace, this one protected by a security-constraint. I'm just more
confident in servlet container security filtering than in a home made
filter.

So, how can I login my user inside my component and be able to retrieve

my principal with 
RequestGlobals.getHTTPServletRequest().getUserPrincipal()?


Thanks,
Gabriel


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
























					Reply via email to