It won't matter. That's why you use the @Secured("ROLE_ADMIN") annotation.
At best, an unauthenticated user will have ROLE_ANONYMOUS if the
AnonymousAuthenticationProvider is used. They will get an AccessDenied
exception.
I'm playing with a little older code that coughs up a hairball when it hits
one of those exceptions, but I think the newer tapestry5-acegi does the
appropriate redirection to whatever access-denied page you want. That could
be the login page.
Jonathan
> -----Original Message-----
> From: Mahen Perera [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, April 01, 2008 10:11 AM
> To: Tapestry users
> Subject: RE: T5: Problem with login form with Acegi
>
> Quick Question:
> How can we avoid the situation where a user tries to directly access the
> URL corresponding to the page named "Secure" in this case. I mean
> without going thru the login form.
>
> Thanks
>
>
>
> -----Original Message-----
> From: Jacob Bergoo [mailto:[EMAIL PROTECTED]
> Sent: 28 March 2008 23:28
> To: [email protected]
> Subject: T5: Problem with login form with Acegi
>
>
> Hi All,
> In my project I use the Tapestry5-Acegi project and made that work
> following
> the example and with some help from the forum, thanks...
> Now I'm trying to make a more realistic version of a login where I can
> control the validation on the login form and also based on user roles
> redirect the user to the right page.
> I have created a page like this:
> public class LoginPage {
>
> /* PRIVATE MEMBERS */
> @Persist
> private String userName;
> private String password;
> @Component
> private Form form;
>
> /* INJECTED COMPONENTS, SERVICES ETC. */
> @Component(id = "password")
> private PasswordField passwordField;
>
> @Inject
> private AuthenticationManager authenticationManager;
>
> /* GETTERS AND SETTERS */
> public String getPassword() {
> return password;
> }
>
> public void setPassword(String password) {
> this.password = password;
> }
>
> public String getUserName() {
> return userName;
> }
>
> public void setUserName(String userName) {
> this.userName = userName;
> }
>
> /* ACTION METHODS */
> protected String onSuccess() {
> UsernamePasswordAuthenticationToken authRequest = new
> UsernamePasswordAuthenticationToken(userName, password);
> Authentication authResult;
>
> try {
> authResult =
> authenticationManager.authenticate(authRequest);
> if (!authResult.isAuthenticated()) {
> form.recordError(passwordField,
> "Invalid user name or
> password.");
> return null;
> }
> GrantedAuthority[] gratedAuthorityArray =
> authResult.getAuthorities();
> Set<GrantedAuthority> grantedAuthoritySet = new
> HashSet<GrantedAuthority>();
> for (int i = 0; i < gratedAuthorityArray.length;
> i++) {
>
> grantedAuthoritySet.add(gratedAuthorityArray[i]);
> System.out.println("Adding " +
> gratedAuthorityArray[i] + " to set");
> }
>
> // DEBUGGING....
> System.out.println("successful login for: " +
> userName);
> System.out.println("authResult.getCredentials()
> = " +
> authResult.getCredentials());
> System.out.println("authResult.getPrincipal() =
> " +
> authResult.getPrincipal());
> System.out.println("authResult.getAuthorities():
> ");
> for (int i = 0; i < gratedAuthorityArray.length;
> i++) {
> System.out.println("Auth no " + (i + 1)
> + " = '" +
> gratedAuthorityArray[i] + "'");
> }
> // END DEBUGGING...
>
> if (grantedAuthoritySet.contains("ROLE_ADMIN"))
> {
> System.out.println("Redirecting to
> Secure page...");
> return "Secure";
> } else if
> (grantedAuthoritySet.contains("ROLE_SOME_OTHER_ROLE")) {
> System.out.println("redirecting to some
> other page");
> return "SOME_OTHER_PAGE";
> }
>
> } catch (AuthenticationException
> authenticationException) {
> System.out.println("user with username = " +
> userName
> + "couldn't be authenticated
> with Acegi");
> }
>
> return null;
> }
>
> }
>
> In my Jetty Console I can see that I get the Authetication:
>
> Adding ROLE_ADMIN to set
> Adding ROLE_MANAGER to set
> Adding ROLE_USER to set
> successful login for: jacob
> authResult.getCredentials() = jacob
> authResult.getPrincipal() = UserDetailsBean {
> username = jacob
> password = jacob
> accountNonExpired = true
> passwordaccountNonLocked = true
> credentialsNonExpired = true
> enabled = true
> grantedAuthorities {
> 'ROLE_ADMIN'
> 'ROLE_MANAGER'
> 'ROLE_USER'
> }
> }
>
> authResult.getAuthorities():
> Auth no 1 = 'ROLE_ADMIN'
> Auth no 2 = 'ROLE_MANAGER'
> Auth no 3 = 'ROLE_USER'
> [INFO] TimingFilter Request time: 26 ms
> [INFO] TimingFilter Request time: 18 ms
> [INFO] TimingFilter Request time: 2 ms
>
> but the redirection to the pages doesn't work... and if I change the
> last
> return null; to return "Secure"; then I get this exception instead:
>
> [ERROR] Secure Render queue error in BeginRender[Secure]: Access is
> denied
> org.apache.tapestry.ioc.internal.util.TapestryException: Access is
> denied
> at
> org.apache.tapestry.internal.structure.ComponentPageElementImpl.invoke(C
> omponentPageElementImpl.java:884)
> at
> org.apache.tapestry.internal.structure.ComponentPageElementImpl.access$1
> 00(ComponentPageElementImpl.java:54)
> at
> org.apache.tapestry.internal.structure.ComponentPageElementImpl$11.rende
> r(ComponentPageElementImpl.java:342)
> at
> org.apache.tapestry.internal.services.RenderQueueImpl.run(RenderQueueImp
> l.java:63)
> at
> org.apache.tapestry.internal.services.PageRenderQueueImpl.render(PageRen
> derQueueImpl.java:84)
> at
> $PageRenderQueue_118f7af20ee.render($PageRenderQueue_118f7af20ee.java)
> at
> $PageRenderQueue_118f7af20e7.render($PageRenderQueue_118f7af20e7.java)
> at
> org.apache.tapestry.services.TapestryModule$19.renderMarkup(TapestryModu
> le.java:1293)
> at
> org.apache.tapestry.services.TapestryModule$23.renderMarkup(TapestryModu
> le.java:1402)
> at
> $MarkupRenderer_118f7af20f2.renderMarkup($MarkupRenderer_118f7af20f2.jav
> a)
> at
> org.apache.tapestry.services.TapestryModule$22.renderMarkup(TapestryModu
> le.java:1383)
> at
> $MarkupRenderer_118f7af20f2.renderMarkup($MarkupRenderer_118f7af20f2.jav
> a)
> at
> org.apache.tapestry.services.TapestryModule$21.renderMarkup(TapestryModu
> le.java:1365)
> at
> $MarkupRenderer_118f7af20f2.renderMarkup($MarkupRenderer_118f7af20f2.jav
> a)
> at
> org.apache.tapestry.services.TapestryModule$20.renderMarkup(TapestryModu
> le.java:1347)
> at
> $MarkupRenderer_118f7af20f2.renderMarkup($MarkupRenderer_118f7af20f2.jav
> a)
> at
> $MarkupRenderer_118f7af20ec.renderMarkup($MarkupRenderer_118f7af20ec.jav
> a)
> at
> org.apache.tapestry.internal.services.PageMarkupRendererImpl.renderPageM
> arkup(PageMarkupRendererImpl.java:55)
> at
> $PageMarkupRenderer_118f7af20ea.renderPageMarkup($PageMarkupRenderer_118
> f7af20ea.java)
> at
> org.apache.tapestry.internal.services.PageResponseRendererImpl.renderPag
> eResponse(PageResponseRendererImpl.java:57)
> at
> $PageResponseRenderer_118f7af20bb.renderPageResponse($PageResponseRender
> er_118f7af20bb.java)
> at
> org.apache.tapestry.internal.services.PageRenderRequestHandlerImpl.handl
> e(PageRenderRequestHandlerImpl.java:59)
> at
> org.apache.tapestry.services.TapestryModule$29.handle(TapestryModule.jav
> a:1607)
> at
> $PageRenderRequestHandler_118f7af20bc.handle($PageRenderRequestHandler_1
> 18f7af20bc.java)
> at
> $PageRenderRequestHandler_118f7af20b1.handle($PageRenderRequestHandler_1
> 18f7af20b1.java)
> at
> org.apache.tapestry.internal.services.PageRenderDispatcher.process(PageR
> enderDispatcher.java:97)
> at
> org.apache.tapestry.internal.services.PageRenderDispatcher.dispatch(Page
> RenderDispatcher.java:73)
> at
> $Dispatcher_118f7af20b8.dispatch($Dispatcher_118f7af20b8.java)
> at
> $Dispatcher_118f7af20a9.dispatch($Dispatcher_118f7af20a9.java)
> at
> org.apache.tapestry.services.TapestryModule$13.service(TapestryModule.ja
> va:944)
> at
> com.bergoo.webshop.services.AppModule$1.service(AppModule.java:94)
> at
> $RequestFilter_118f7af20a8.service($RequestFilter_118f7af20a8.java)
> at
> $RequestHandler_118f7af20aa.service($RequestHandler_118f7af20aa.java)
> at
> org.apache.tapestry.internal.services.LocalizationFilter.service(Localiz
> ationFilter.java:42)
> at
> $RequestHandler_118f7af20aa.service($RequestHandler_118f7af20aa.java)
> at
> org.apache.tapestry.services.TapestryModule$3.service(TapestryModule.jav
> a:553)
> at
> $RequestHandler_118f7af20aa.service($RequestHandler_118f7af20aa.java)
> at
> org.apache.tapestry.internal.services.StaticFilesFilter.service(StaticFi
> lesFilter.java:79)
> at
> $RequestHandler_118f7af20aa.service($RequestHandler_118f7af20aa.java)
> at
> nu.localhost.tapestry.acegi.services.internal.RequestFilterWrapper$1.doF
> ilter(RequestFilterWrapper.java:60)
> at
> nu.localhost.tapestry.acegi.services.internal.AcegiExceptionTranslationF
> ilter.doFilter(AcegiExceptionTranslationFilter.java:67)
> at
> nu.localhost.tapestry.acegi.services.internal.RequestFilterWrapper.servi
> ce(RequestFilterWrapper.java:54)
> at
> $RequestFilter_118f7af20a4.service($RequestFilter_118f7af20a4.java)
> at
> $RequestHandler_118f7af20aa.service($RequestHandler_118f7af20aa.java)
> at
> org.apache.tapestry.services.TapestryModule$2.service(TapestryModule.jav
> a:520)
> at
> $RequestHandler_118f7af20aa.service($RequestHandler_118f7af20aa.java)
> at
> org.apache.tapestry.internal.services.CheckForUpdatesFilter$2.invoke(Che
> ckForUpdatesFilter.java:93)
> at
> org.apache.tapestry.internal.services.CheckForUpdatesFilter$2.invoke(Che
> ckForUpdatesFilter.java:84)
> at
> org.apache.tapestry.ioc.internal.util.ConcurrentBarrier.withRead(Concurr
> entBarrier.java:77)
> at
> org.apache.tapestry.internal.services.CheckForUpdatesFilter.service(Chec
> kForUpdatesFilter.java:106)
> at
> $RequestHandler_118f7af20aa.service($RequestHandler_118f7af20aa.java)
> at
> $RequestHandler_118f7af209e.service($RequestHandler_118f7af209e.java)
> at
> org.apache.tapestry.services.TapestryModule$12.service(TapestryModule.ja
> va:924)
> at
> org.apache.tapestry.internal.services.IgnoredPathsFilter.service(Ignored
> PathsFilter.java:62)
> at
> $HttpServletRequestFilter_118f7af209d.service($HttpServletRequestFilter_
> 118f7af209d.java)
> at
> $HttpServletRequestHandler_118f7af209f.service($HttpServletRequestHandle
> r_118f7af209f.java)
> at
> nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper$1.doFilter(HttpServletRequestFilterWrapper.java:57)
> at
> org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter
> (AnonymousProcessingFilter.java:125)
> at
> nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_118f7af209c.service($HttpServletRequestFilter_
> 118f7af209c.java)
> at
> $HttpServletRequestHandler_118f7af209f.service($HttpServletRequestHandle
> r_118f7af209f.java)
> at
> nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper$1.doFilter(HttpServletRequestFilterWrapper.java:57)
> at
> org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilt
> er(SecurityContextHolderAwareRequestFilter.java:81)
> at
> nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_118f7af209b.service($HttpServletRequestFilter_
> 118f7af209b.java)
> at
> $HttpServletRequestHandler_118f7af209f.service($HttpServletRequestHandle
> r_118f7af209f.java)
> at
> nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper$1.doFilter(HttpServletRequestFilterWrapper.java:57)
> at
> org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(Reme
> mberMeProcessingFilter.java:135)
> at
> nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_118f7af209a.service($HttpServletRequestFilter_
> 118f7af209a.java)
> at
> $HttpServletRequestHandler_118f7af209f.service($HttpServletRequestHandle
> r_118f7af209f.java)
> at
> nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper$1.doFilter(HttpServletRequestFilterWrapper.java:57)
> at
> org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessin
> gFilter.java:271)
> at
> nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_118f7af2099.service($HttpServletRequestFilter_
> 118f7af2099.java)
> at
> $HttpServletRequestHandler_118f7af209f.service($HttpServletRequestHandle
> r_118f7af209f.java)
> at
> nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper$1.doFilter(HttpServletRequestFilterWrapper.java:57)
> at
> org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(H
> ttpSessionContextIntegrationFilter.java:249)
> at
> nu.localhost.tapestry.acegi.services.internal.HttpServletRequestFilterWr
> apper.service(HttpServletRequestFilterWrapper.java:52)
> at
> $HttpServletRequestFilter_118f7af2098.service($HttpServletRequestFilter_
> 118f7af2098.java)
> at
> $HttpServletRequestHandler_118f7af209f.service($HttpServletRequestHandle
> r_118f7af209f.java)
> at
> $HttpServletRequestHandler_118f7af2097.service($HttpServletRequestHandle
> r_118f7af2097.java)
> at
> org.apache.tapestry.TapestryFilter.doFilter(TapestryFilter.java:168)
> at
> org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(Web
> ApplicationHandler.java:821)
> at
> org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFil
> terInternal(OpenSessionInViewFilter.java:198)
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequ
> estFilter.java:75)
> at
> org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(Web
> ApplicationHandler.java:821)
> at
> org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationH
> andler.java:471)
> at
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:568)
> at org.mortbay.http.HttpContext.handle(HttpContext.java:1530)
> at
> org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationCon
> text.java:633)
> at org.mortbay.http.HttpContext.handle(HttpContext.java:1482)
> at org.mortbay.http.HttpServer.service(HttpServer.java:909)
> at
> org.mortbay.http.HttpConnection.service(HttpConnection.java:820)
> at
> org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:986)
> at
> org.mortbay.http.HttpConnection.handle(HttpConnection.java:837)
> at
> org.mortbay.http.SocketListener.handleConnection(SocketListener.java:245
> )
> at
> org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)
> at
> org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)
> Caused by: org.acegisecurity.AccessDeniedException: Access is denied
> at
> org.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:68)
> at
> $AccessDecisionManager_118f7af2115.decide($AccessDecisionManager_118f7af
> 2115.java)
> at
> org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation
> (AbstractSecurityInterceptor.java:323)
> at
> nu.localhost.tapestry.acegi.services.internal.StaticSecurityChecker.chec
> kBefore(StaticSecurityChecker.java:43)
> at
> $SecurityChecker_118f7af20ce.checkBefore($SecurityChecker_118f7af20ce.ja
> va)
> at com.bergoo.webshop.pages.Secure.beginRender(Secure.java)
> at
> org.apache.tapestry.internal.structure.ComponentPageElementImpl$11$1.run
> (ComponentPageElementImpl.java:338)
> at
> org.apache.tapestry.internal.structure.ComponentPageElementImpl.invoke(C
> omponentPageElementImpl.java:874)
> ... 98 more
>
> The Secure.java has a @Secured("ROLE_ADMIN") annotation and therefor I
> should be granted access to this page.
>
> Anyone have any Idears?
>
> Thanks in advance,
> Jacob
> --
> View this message in context:
> http://www.nabble.com/T5%3A-Problem-with-login-form-with-Acegi-tp1636429
> 5p16364295.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
> The information contained in this email is strictly confidential and for
> the use of the addressee only, unless otherwise indicated. If you are not
> the intended recipient, please do not read, copy, use or disclose to
> others this message or any attachment. Please also notify the sender by
> replying to this email or by telephone (+44 (0)20 7896 0011) and then
> delete the email and any copies of it. Opinions, conclusions (etc.) that
> do not relate to the official business of this company shall be understood
> as neither given nor endorsed by it. IG Index plc is a company registered
> in England and Wales under number 01190902. VAT registration number 761
> 2978 07. Registered Office: Friars House, 157-168 Blackfriars Road, London
> SE1 8EZ. Authorised and regulated by the Financial Services Authority. FSA
> Register number 114059.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
