Uli, could you post your final module config somewhere ? Pretty soon I was planning to do open id in a small app, it would be great to get a running start if possible.
Cheers, Alex Kotchnev On Wed, Oct 8, 2008 at 3:19 AM, Ulrich Stärk <[EMAIL PROTECTED]> wrote: > Whoohoo! It's working :-). I already made sure that my filter got > contributed before the AuthenticationProcessingFilter but I didn't force > it to be after the HttpSessionContextIntegrationFilter which seems to make > the Authentication stick in the SecurityContext. After fixing this it's > now working. Thanks a lot. > > Uli > > Am Mi, 8.10.2008, 06:50, schrieb Michael Gerzabek: > > Jonathan Barker schrieb: > >> Actually, there are two problems. In the configuration for > >> tapestry5-acegi > >> and presumably spring security, there is an > >> AnonymousAuthenticationProvider. > >> > > The AnonymousAuthenticationProvider only assures that there is an > > Authentication at any time. So don't take it away or all you security > > leaks and you have to check for null all the time. > > > > Did you read the Spring/ Acegi Security Reference? I've no time right > > now but think to remember that the order of the filters is crucial. So > > take a look at it and be sure to contribute the your filter at the right > > position. > >> > >> I think that should be omitted by default, but right now it will fill in > >> the > >> Authentication object if your regular authentication fails. Either omit > >> it, > >> or change the test to fail for the AnonymousAuthnticationToken. > >> > >> > >> > >> > >>> -----Original Message----- > >>> From: Ulrich Stärk [mailto:[EMAIL PROTECTED] > >>> Sent: Tuesday, October 07, 2008 17:14 > >>> To: Tapestry users > >>> Subject: Re: tapestry-spring-security and openid > >>> > >>> Thanks Jonathan, but this not the root cause. The Authentication object > >>> stored in the > >>> SecurityContext is an AnonymousAuthenticationToken instead of an > >>> OpenIDAuthenticationToken. That > >>> tells me that somehow the Authentication doesn't get stored... > >>> > >>> Uli > >>> > >>> Jonathan Barker schrieb: > >>> > >>>> I'm assuming this hasn't changed since tapestry5-acegi. The > >>>> IfLoggedIn > >>>> component uses the following test: > >>>> > >>>> private boolean test() { > >>>> Principal principal = > >>>> requestGlobals.getHTTPServletRequest().getUserPrincipal(); > >>>> return principal != null && principal.getName() != ""; > >>>> } > >>>> > >>>> Unfortunately, you really need to have a test based on the > >>>> > >>> SecurityContext: > >>> > >>>> Authentication currentAuth = null; > >>>> currentAuth = > >>>> SecurityContextHolder.getContext().getAuthentication(); > >>>> return (currentAuth !=null) > >>>> > >>>> > >>>> Either that, or you need to populate the UserPrincipal in the > >>>> > >>> HttpSession. > >>> > >>>> Jonathan > >>>> > >>>> > >>>> > >>>> > >>>>> -----Original Message----- > >>>>> From: Ulrich Stärk [mailto:[EMAIL PROTECTED] > >>>>> Sent: Tuesday, October 07, 2008 16:38 > >>>>> To: Tapestry users > >>>>> Subject: tapestry-spring-security and openid > >>>>> > >>>>> Hi, > >>>>> > >>>>> I'm trying to authenticate my users against an openid provider. > >>>>> Spring > >>>>> security provides an > >>>>> OpenIDAuthenticationProcessingFilter and an > >>>>> > >>> OpenIDAuthenticationProvider > >>> > >>>>> for this purpose. I set up > >>>>> the filter and the provider and contributed them to the > >>>>> HttpServletRequestHandler service and the > >>>>> ProviderManager service. Additionally I've got an UserDetailsService, > >>>>> > >>> that > >>> > >>>>> queries a database for > >>>>> the user's role (or throws an exception if the user is not allowed to > >>>>> > >>> log > >>> > >>>>> in). > >>>>> > >>>>> Logging in works fine and I get redirected to ${spring- > >>>>> security.target.url} afterwards and not to > >>>>> the ${spring-security.failure.url} which tells me that everything is > >>>>> working. But when I place the > >>>>> security/ifloggedin component on a page, the else block gets > >>>>> rendered, > >>>>> telling me that I'm not > >>>>> logged in. I also can't access pages secured with the @Secured > >>>>> > >>> annotation. > >>> > >>>>> When I try, I see an > >>>>> AccessDeniedException and are redirected to the login page. > >>>>> > >>>>> Here are the relevant parts of my AppModule: > >>>>> > >>>>> public static void contributeHttpServletRequestHandler( > >>>>> OrderedConfiguration<HttpServletRequestFilter> > >>>>> configuration, > >>>>> @InjectService("OpenIDAuthenticationProcessingFilter") > >>>>> HttpServletRequestFilter > >>>>> openIDAuthenticationProcessingFilter) > >>>>> { > >>>>> configuration.add( > >>>>> "openIDAuthenticationProcessingFilter", > >>>>> openIDAuthenticationProcessingFilter, > >>>>> "before:springSecurityAuthenticationProcessingFilter"); > >>>>> } > >>>>> > >>>>> public static OpenIDAuthenticationProcessingFilter > >>>>> buildRealOpenIDAuthenticationProcessingFilter( > >>>>> @SpringSecurityServices final AuthenticationManager manager, > >>>>> @SpringSecurityServices final RememberMeServices > >>>>> rememberMeServices, > >>>>> @Inject @Value("${spring-security.check.url}") final String > >>>>> authUrl, > >>>>> @Inject @Value("${spring-security.target.url}") final String > >>>>> targetUrl, > >>>>> @Inject @Value("${spring-security.failure.url}") final > >>>>> String > >>>>> failureUrl) throws Exception > >>>>> { > >>>>> OpenIDAuthenticationProcessingFilter filter = new > >>>>> OpenIDAuthenticationProcessingFilter(); > >>>>> > >>>>> filter.setAuthenticationManager(manager); > >>>>> > >>>>> filter.setAuthenticationFailureUrl(failureUrl); > >>>>> > >>>>> filter.setDefaultTargetUrl(targetUrl); > >>>>> > >>>>> filter.setFilterProcessesUrl(authUrl); > >>>>> > >>>>> filter.setRememberMeServices(rememberMeServices); > >>>>> > >>>>> filter.afterPropertiesSet(); > >>>>> > >>>>> return filter; > >>>>> } > >>>>> > >>>>> public static HttpServletRequestFilter > >>>>> buildOpenIDAuthenticationProcessingFilter( > >>>>> final OpenIDAuthenticationProcessingFilter filter) > >>>>> { > >>>>> return new HttpServletRequestFilterWrapper(filter); > >>>>> } > >>>>> > >>>>> public static OpenIDAuthenticationProvider > >>>>> buildOpenIDAuthenticationProvider( > >>>>> @InjectService("UserDetailsService") > >>>>> UserDetailsService userDetailsService) throws Exception > >>>>> { > >>>>> OpenIDAuthenticationProvider provider = new > >>>>> OpenIDAuthenticationProvider(); > >>>>> > >>>>> provider.setUserDetailsService(userDetailsService); > >>>>> > >>>>> provider.afterPropertiesSet(); > >>>>> > >>>>> return provider; > >>>>> } > >>>>> > >>>>> public static void contributeProviderManager( > >>>>> OrderedConfiguration<AuthenticationProvider> configuration, > >>>>> @InjectService("OpenIDAuthenticationProvider") > >>>>> AuthenticationProvider openIdAuthenticationProvider) > >>>>> { > >>>>> configuration.add("openIDAuthenticationProvider", > >>>>> openIdAuthenticationProvider); > >>>>> } > >>>>> > >>>>> public static UserDetailsService buildUserDetailsService(Logger > >>>>> logger, > >>>>> @InjectService("HibernateSessionManager") > >>>>> HibernateSessionManager sessionManager) > >>>>> { > >>>>> return new UserDetailsServiceImpl(sessionManager, logger); > >>>>> } > >>>>> > >>>>> Thanks for any help. > >>>>> > >>>>> Uli > >>>>> > >>>>> --------------------------------------------------------------------- > >>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>> For additional commands, e-mail: [EMAIL PROTECTED] > >>>>> > >>>> --------------------------------------------------------------------- > >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>> For additional commands, e-mail: [EMAIL PROTECTED] > >>>> > >>>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
