Whoohoo! It's working :-). I already made sure that my filter got contributed before the AuthenticationProcessingFilter but I didn't force it to be after the HttpSessionContextIntegrationFilter which seems to make the Authentication stick in the SecurityContext. After fixing this it's now working. Thanks a lot.
Uli Am Mi, 8.10.2008, 06:50, schrieb Michael Gerzabek: > Jonathan Barker schrieb: >> Actually, there are two problems. In the configuration for >> tapestry5-acegi >> and presumably spring security, there is an >> AnonymousAuthenticationProvider. >> > The AnonymousAuthenticationProvider only assures that there is an > Authentication at any time. So don't take it away or all you security > leaks and you have to check for null all the time. > > Did you read the Spring/ Acegi Security Reference? I've no time right > now but think to remember that the order of the filters is crucial. So > take a look at it and be sure to contribute the your filter at the right > position. >> >> I think that should be omitted by default, but right now it will fill in >> the >> Authentication object if your regular authentication fails. Either omit >> it, >> or change the test to fail for the AnonymousAuthnticationToken. >> >> >> >> >>> -----Original Message----- >>> From: Ulrich Stärk [mailto:[EMAIL PROTECTED] >>> Sent: Tuesday, October 07, 2008 17:14 >>> To: Tapestry users >>> Subject: Re: tapestry-spring-security and openid >>> >>> Thanks Jonathan, but this not the root cause. The Authentication object >>> stored in the >>> SecurityContext is an AnonymousAuthenticationToken instead of an >>> OpenIDAuthenticationToken. That >>> tells me that somehow the Authentication doesn't get stored... >>> >>> Uli >>> >>> Jonathan Barker schrieb: >>> >>>> I'm assuming this hasn't changed since tapestry5-acegi. The >>>> IfLoggedIn >>>> component uses the following test: >>>> >>>> private boolean test() { >>>> Principal principal = >>>> requestGlobals.getHTTPServletRequest().getUserPrincipal(); >>>> return principal != null && principal.getName() != ""; >>>> } >>>> >>>> Unfortunately, you really need to have a test based on the >>>> >>> SecurityContext: >>> >>>> Authentication currentAuth = null; >>>> currentAuth = >>>> SecurityContextHolder.getContext().getAuthentication(); >>>> return (currentAuth !=null) >>>> >>>> >>>> Either that, or you need to populate the UserPrincipal in the >>>> >>> HttpSession. >>> >>>> Jonathan >>>> >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: Ulrich Stärk [mailto:[EMAIL PROTECTED] >>>>> Sent: Tuesday, October 07, 2008 16:38 >>>>> To: Tapestry users >>>>> Subject: tapestry-spring-security and openid >>>>> >>>>> Hi, >>>>> >>>>> I'm trying to authenticate my users against an openid provider. >>>>> Spring >>>>> security provides an >>>>> OpenIDAuthenticationProcessingFilter and an >>>>> >>> OpenIDAuthenticationProvider >>> >>>>> for this purpose. I set up >>>>> the filter and the provider and contributed them to the >>>>> HttpServletRequestHandler service and the >>>>> ProviderManager service. Additionally I've got an UserDetailsService, >>>>> >>> that >>> >>>>> queries a database for >>>>> the user's role (or throws an exception if the user is not allowed to >>>>> >>> log >>> >>>>> in). >>>>> >>>>> Logging in works fine and I get redirected to ${spring- >>>>> security.target.url} afterwards and not to >>>>> the ${spring-security.failure.url} which tells me that everything is >>>>> working. But when I place the >>>>> security/ifloggedin component on a page, the else block gets >>>>> rendered, >>>>> telling me that I'm not >>>>> logged in. I also can't access pages secured with the @Secured >>>>> >>> annotation. >>> >>>>> When I try, I see an >>>>> AccessDeniedException and are redirected to the login page. >>>>> >>>>> Here are the relevant parts of my AppModule: >>>>> >>>>> public static void contributeHttpServletRequestHandler( >>>>> OrderedConfiguration<HttpServletRequestFilter> >>>>> configuration, >>>>> @InjectService("OpenIDAuthenticationProcessingFilter") >>>>> HttpServletRequestFilter >>>>> openIDAuthenticationProcessingFilter) >>>>> { >>>>> configuration.add( >>>>> "openIDAuthenticationProcessingFilter", >>>>> openIDAuthenticationProcessingFilter, >>>>> "before:springSecurityAuthenticationProcessingFilter"); >>>>> } >>>>> >>>>> public static OpenIDAuthenticationProcessingFilter >>>>> buildRealOpenIDAuthenticationProcessingFilter( >>>>> @SpringSecurityServices final AuthenticationManager manager, >>>>> @SpringSecurityServices final RememberMeServices >>>>> rememberMeServices, >>>>> @Inject @Value("${spring-security.check.url}") final String >>>>> authUrl, >>>>> @Inject @Value("${spring-security.target.url}") final String >>>>> targetUrl, >>>>> @Inject @Value("${spring-security.failure.url}") final >>>>> String >>>>> failureUrl) throws Exception >>>>> { >>>>> OpenIDAuthenticationProcessingFilter filter = new >>>>> OpenIDAuthenticationProcessingFilter(); >>>>> >>>>> filter.setAuthenticationManager(manager); >>>>> >>>>> filter.setAuthenticationFailureUrl(failureUrl); >>>>> >>>>> filter.setDefaultTargetUrl(targetUrl); >>>>> >>>>> filter.setFilterProcessesUrl(authUrl); >>>>> >>>>> filter.setRememberMeServices(rememberMeServices); >>>>> >>>>> filter.afterPropertiesSet(); >>>>> >>>>> return filter; >>>>> } >>>>> >>>>> public static HttpServletRequestFilter >>>>> buildOpenIDAuthenticationProcessingFilter( >>>>> final OpenIDAuthenticationProcessingFilter filter) >>>>> { >>>>> return new HttpServletRequestFilterWrapper(filter); >>>>> } >>>>> >>>>> public static OpenIDAuthenticationProvider >>>>> buildOpenIDAuthenticationProvider( >>>>> @InjectService("UserDetailsService") >>>>> UserDetailsService userDetailsService) throws Exception >>>>> { >>>>> OpenIDAuthenticationProvider provider = new >>>>> OpenIDAuthenticationProvider(); >>>>> >>>>> provider.setUserDetailsService(userDetailsService); >>>>> >>>>> provider.afterPropertiesSet(); >>>>> >>>>> return provider; >>>>> } >>>>> >>>>> public static void contributeProviderManager( >>>>> OrderedConfiguration<AuthenticationProvider> configuration, >>>>> @InjectService("OpenIDAuthenticationProvider") >>>>> AuthenticationProvider openIdAuthenticationProvider) >>>>> { >>>>> configuration.add("openIDAuthenticationProvider", >>>>> openIdAuthenticationProvider); >>>>> } >>>>> >>>>> public static UserDetailsService buildUserDetailsService(Logger >>>>> logger, >>>>> @InjectService("HibernateSessionManager") >>>>> HibernateSessionManager sessionManager) >>>>> { >>>>> return new UserDetailsServiceImpl(sessionManager, logger); >>>>> } >>>>> >>>>> Thanks for any help. >>>>> >>>>> Uli >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]