Whoohoo! It's working :-). I already made sure that my filter got
contributed before the AuthenticationProcessingFilter but I didn't force
it to be after the HttpSessionContextIntegrationFilter which seems to make
the Authentication stick in the SecurityContext. After fixing this it's
now working. Thanks a lot.

Uli

Am Mi, 8.10.2008, 06:50, schrieb Michael Gerzabek:
> Jonathan Barker schrieb:
>> Actually, there are two problems.  In the configuration for
>> tapestry5-acegi
>> and presumably spring security, there is an
>> AnonymousAuthenticationProvider.
>>
> The AnonymousAuthenticationProvider only assures that there is an
> Authentication at any time. So don't take it away or all you security
> leaks and you have to check for null all the time.
>
> Did you read the Spring/ Acegi Security Reference? I've no time right
> now but think to remember that the order of the filters is crucial. So
> take a look at it and be sure to contribute the your filter at the right
> position.
>>
>> I think that should be omitted by default, but right now it will fill in
>> the
>> Authentication object if your regular authentication fails.  Either omit
>> it,
>> or change the test to fail for the AnonymousAuthnticationToken.
>>
>>
>>
>>
>>> -----Original Message-----
>>> From: Ulrich Stärk [mailto:[EMAIL PROTECTED]
>>> Sent: Tuesday, October 07, 2008 17:14
>>> To: Tapestry users
>>> Subject: Re: tapestry-spring-security and openid
>>>
>>> Thanks Jonathan, but this not the root cause. The Authentication object
>>> stored in the
>>> SecurityContext is an AnonymousAuthenticationToken instead of an
>>> OpenIDAuthenticationToken. That
>>> tells me that somehow the Authentication doesn't get stored...
>>>
>>> Uli
>>>
>>> Jonathan Barker schrieb:
>>>
>>>> I'm assuming this hasn't changed since tapestry5-acegi.  The
>>>> IfLoggedIn
>>>> component uses the following test:
>>>>
>>>>     private boolean test() {
>>>>         Principal principal =
>>>> requestGlobals.getHTTPServletRequest().getUserPrincipal();
>>>>         return principal != null && principal.getName() != "";
>>>>     }
>>>>
>>>> Unfortunately, you really need to have a test based on the
>>>>
>>> SecurityContext:
>>>
>>>>         Authentication currentAuth = null;
>>>>         currentAuth =
>>>> SecurityContextHolder.getContext().getAuthentication();
>>>>         return (currentAuth !=null)
>>>>
>>>>
>>>> Either that, or you need to populate the UserPrincipal in the
>>>>
>>> HttpSession.
>>>
>>>> Jonathan
>>>>
>>>>
>>>>
>>>>
>>>>> -----Original Message-----
>>>>> From: Ulrich Stärk [mailto:[EMAIL PROTECTED]
>>>>> Sent: Tuesday, October 07, 2008 16:38
>>>>> To: Tapestry users
>>>>> Subject: tapestry-spring-security and openid
>>>>>
>>>>> Hi,
>>>>>
>>>>> I'm trying to authenticate my users against an openid provider.
>>>>> Spring
>>>>> security provides an
>>>>> OpenIDAuthenticationProcessingFilter and an
>>>>>
>>> OpenIDAuthenticationProvider
>>>
>>>>> for this purpose. I set up
>>>>> the filter and the provider and contributed them to the
>>>>> HttpServletRequestHandler service and the
>>>>> ProviderManager service. Additionally I've got an UserDetailsService,
>>>>>
>>> that
>>>
>>>>> queries a database for
>>>>> the user's role (or throws an exception if the user is not allowed to
>>>>>
>>> log
>>>
>>>>> in).
>>>>>
>>>>> Logging in works fine and I get redirected to ${spring-
>>>>> security.target.url} afterwards and not to
>>>>> the ${spring-security.failure.url} which tells me that everything is
>>>>> working. But when I place the
>>>>> security/ifloggedin component on a page, the else block gets
>>>>> rendered,
>>>>> telling me that I'm not
>>>>> logged in. I also can't access pages secured with the @Secured
>>>>>
>>> annotation.
>>>
>>>>> When I try, I see an
>>>>> AccessDeniedException and are redirected to the login page.
>>>>>
>>>>> Here are the relevant parts of my AppModule:
>>>>>
>>>>> public static void contributeHttpServletRequestHandler(
>>>>>          OrderedConfiguration<HttpServletRequestFilter>
>>>>> configuration,
>>>>>          @InjectService("OpenIDAuthenticationProcessingFilter")
>>>>>          HttpServletRequestFilter
>>>>> openIDAuthenticationProcessingFilter)
>>>>> {
>>>>>      configuration.add(
>>>>>              "openIDAuthenticationProcessingFilter",
>>>>>              openIDAuthenticationProcessingFilter,
>>>>>              "before:springSecurityAuthenticationProcessingFilter");
>>>>> }
>>>>>
>>>>> public static OpenIDAuthenticationProcessingFilter
>>>>> buildRealOpenIDAuthenticationProcessingFilter(
>>>>>          @SpringSecurityServices final AuthenticationManager manager,
>>>>>          @SpringSecurityServices final RememberMeServices
>>>>> rememberMeServices,
>>>>>          @Inject @Value("${spring-security.check.url}") final String
>>>>> authUrl,
>>>>>          @Inject @Value("${spring-security.target.url}") final String
>>>>> targetUrl,
>>>>>          @Inject @Value("${spring-security.failure.url}") final
>>>>> String
>>>>> failureUrl) throws Exception
>>>>> {
>>>>>      OpenIDAuthenticationProcessingFilter filter = new
>>>>> OpenIDAuthenticationProcessingFilter();
>>>>>
>>>>>      filter.setAuthenticationManager(manager);
>>>>>
>>>>>      filter.setAuthenticationFailureUrl(failureUrl);
>>>>>
>>>>>      filter.setDefaultTargetUrl(targetUrl);
>>>>>
>>>>>      filter.setFilterProcessesUrl(authUrl);
>>>>>
>>>>>      filter.setRememberMeServices(rememberMeServices);
>>>>>
>>>>>      filter.afterPropertiesSet();
>>>>>
>>>>>      return filter;
>>>>> }
>>>>>
>>>>> public static HttpServletRequestFilter
>>>>> buildOpenIDAuthenticationProcessingFilter(
>>>>>          final OpenIDAuthenticationProcessingFilter filter)
>>>>> {
>>>>>      return new HttpServletRequestFilterWrapper(filter);
>>>>> }
>>>>>
>>>>> public static OpenIDAuthenticationProvider
>>>>> buildOpenIDAuthenticationProvider(
>>>>>          @InjectService("UserDetailsService")
>>>>>          UserDetailsService userDetailsService) throws Exception
>>>>> {
>>>>>      OpenIDAuthenticationProvider provider = new
>>>>> OpenIDAuthenticationProvider();
>>>>>
>>>>>      provider.setUserDetailsService(userDetailsService);
>>>>>
>>>>>      provider.afterPropertiesSet();
>>>>>
>>>>>      return provider;
>>>>> }
>>>>>
>>>>> public static void contributeProviderManager(
>>>>>          OrderedConfiguration<AuthenticationProvider> configuration,
>>>>>          @InjectService("OpenIDAuthenticationProvider")
>>>>>          AuthenticationProvider openIdAuthenticationProvider)
>>>>> {
>>>>>      configuration.add("openIDAuthenticationProvider",
>>>>> openIdAuthenticationProvider);
>>>>> }
>>>>>
>>>>> public static UserDetailsService buildUserDetailsService(Logger
>>>>> logger,
>>>>>          @InjectService("HibernateSessionManager")
>>>>>          HibernateSessionManager sessionManager)
>>>>> {
>>>>>      return new UserDetailsServiceImpl(sessionManager, logger);
>>>>> }
>>>>>
>>>>> Thanks for any help.
>>>>>
>>>>> Uli
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to