One of my problems is that I don't know enough about the OpenId authentication with Spring Security.
For a test, start with an unsecured page with a simple login form. Inject the AuthenticationManager and manually authenticate. If that succeeds, then it's definitely an issue of storing the Authentication object into the HttpSession. That could be as "simple" as how you've contributed your filter. Unfortunately I don't have the brainspace right now to dig in. Jonathan > -----Original Message----- > From: Ulrich Stärk [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 07, 2008 17:29 > To: Tapestry users > Subject: Re: tapestry-spring-security and openid > > I already did this but this still doesn't solve the problem that there is > no openid Authentication > token in the SecurityContext. And I don't know why since the login seems > to work just fine. > > Uli > > Jonathan Barker schrieb: > > Actually, there are two problems. In the configuration for tapestry5- > acegi > > and presumably spring security, there is an > AnonymousAuthenticationProvider. > > > > > > I think that should be omitted by default, but right now it will fill in > the > > Authentication object if your regular authentication fails. Either omit > it, > > or change the test to fail for the AnonymousAuthnticationToken. > > > > > > > >> -----Original Message----- > >> From: Ulrich Stärk [mailto:[EMAIL PROTECTED] > >> Sent: Tuesday, October 07, 2008 17:14 > >> To: Tapestry users > >> Subject: Re: tapestry-spring-security and openid > >> > >> Thanks Jonathan, but this not the root cause. The Authentication object > >> stored in the > >> SecurityContext is an AnonymousAuthenticationToken instead of an > >> OpenIDAuthenticationToken. That > >> tells me that somehow the Authentication doesn't get stored... > >> > >> Uli > >> > >> Jonathan Barker schrieb: > >>> I'm assuming this hasn't changed since tapestry5-acegi. The > IfLoggedIn > >>> component uses the following test: > >>> > >>> private boolean test() { > >>> Principal principal = > >>> requestGlobals.getHTTPServletRequest().getUserPrincipal(); > >>> return principal != null && principal.getName() != ""; > >>> } > >>> > >>> Unfortunately, you really need to have a test based on the > >> SecurityContext: > >>> Authentication currentAuth = null; > >>> currentAuth = > >>> SecurityContextHolder.getContext().getAuthentication(); > >>> return (currentAuth !=null) > >>> > >>> > >>> Either that, or you need to populate the UserPrincipal in the > >> HttpSession. > >>> Jonathan > >>> > >>> > >>> > >>>> -----Original Message----- > >>>> From: Ulrich Stärk [mailto:[EMAIL PROTECTED] > >>>> Sent: Tuesday, October 07, 2008 16:38 > >>>> To: Tapestry users > >>>> Subject: tapestry-spring-security and openid > >>>> > >>>> Hi, > >>>> > >>>> I'm trying to authenticate my users against an openid provider. > Spring > >>>> security provides an > >>>> OpenIDAuthenticationProcessingFilter and an > >> OpenIDAuthenticationProvider > >>>> for this purpose. I set up > >>>> the filter and the provider and contributed them to the > >>>> HttpServletRequestHandler service and the > >>>> ProviderManager service. Additionally I've got an UserDetailsService, > >> that > >>>> queries a database for > >>>> the user's role (or throws an exception if the user is not allowed to > >> log > >>>> in). > >>>> > >>>> Logging in works fine and I get redirected to ${spring- > >>>> security.target.url} afterwards and not to > >>>> the ${spring-security.failure.url} which tells me that everything is > >>>> working. But when I place the > >>>> security/ifloggedin component on a page, the else block gets > rendered, > >>>> telling me that I'm not > >>>> logged in. I also can't access pages secured with the @Secured > >> annotation. > >>>> When I try, I see an > >>>> AccessDeniedException and are redirected to the login page. > >>>> > >>>> Here are the relevant parts of my AppModule: > >>>> > >>>> public static void contributeHttpServletRequestHandler( > >>>> OrderedConfiguration<HttpServletRequestFilter> > configuration, > >>>> @InjectService("OpenIDAuthenticationProcessingFilter") > >>>> HttpServletRequestFilter > openIDAuthenticationProcessingFilter) > >>>> { > >>>> configuration.add( > >>>> "openIDAuthenticationProcessingFilter", > >>>> openIDAuthenticationProcessingFilter, > >>>> "before:springSecurityAuthenticationProcessingFilter"); > >>>> } > >>>> > >>>> public static OpenIDAuthenticationProcessingFilter > >>>> buildRealOpenIDAuthenticationProcessingFilter( > >>>> @SpringSecurityServices final AuthenticationManager manager, > >>>> @SpringSecurityServices final RememberMeServices > >>>> rememberMeServices, > >>>> @Inject @Value("${spring-security.check.url}") final String > >>>> authUrl, > >>>> @Inject @Value("${spring-security.target.url}") final String > >>>> targetUrl, > >>>> @Inject @Value("${spring-security.failure.url}") final > String > >>>> failureUrl) throws Exception > >>>> { > >>>> OpenIDAuthenticationProcessingFilter filter = new > >>>> OpenIDAuthenticationProcessingFilter(); > >>>> > >>>> filter.setAuthenticationManager(manager); > >>>> > >>>> filter.setAuthenticationFailureUrl(failureUrl); > >>>> > >>>> filter.setDefaultTargetUrl(targetUrl); > >>>> > >>>> filter.setFilterProcessesUrl(authUrl); > >>>> > >>>> filter.setRememberMeServices(rememberMeServices); > >>>> > >>>> filter.afterPropertiesSet(); > >>>> > >>>> return filter; > >>>> } > >>>> > >>>> public static HttpServletRequestFilter > >>>> buildOpenIDAuthenticationProcessingFilter( > >>>> final OpenIDAuthenticationProcessingFilter filter) > >>>> { > >>>> return new HttpServletRequestFilterWrapper(filter); > >>>> } > >>>> > >>>> public static OpenIDAuthenticationProvider > >>>> buildOpenIDAuthenticationProvider( > >>>> @InjectService("UserDetailsService") > >>>> UserDetailsService userDetailsService) throws Exception > >>>> { > >>>> OpenIDAuthenticationProvider provider = new > >>>> OpenIDAuthenticationProvider(); > >>>> > >>>> provider.setUserDetailsService(userDetailsService); > >>>> > >>>> provider.afterPropertiesSet(); > >>>> > >>>> return provider; > >>>> } > >>>> > >>>> public static void contributeProviderManager( > >>>> OrderedConfiguration<AuthenticationProvider> configuration, > >>>> @InjectService("OpenIDAuthenticationProvider") > >>>> AuthenticationProvider openIdAuthenticationProvider) > >>>> { > >>>> configuration.add("openIDAuthenticationProvider", > >>>> openIdAuthenticationProvider); > >>>> } > >>>> > >>>> public static UserDetailsService buildUserDetailsService(Logger > logger, > >>>> @InjectService("HibernateSessionManager") > >>>> HibernateSessionManager sessionManager) > >>>> { > >>>> return new UserDetailsServiceImpl(sessionManager, logger); > >>>> } > >>>> > >>>> Thanks for any help. > >>>> > >>>> Uli > >>>> > >>>> --------------------------------------------------------------------- > >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>> For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
