I would recommend taking a look at the chenillekit-access project which
allows fine grained security with application server integration.
Kin regards,
Joachim
Craig St. Jean wrote:
Michal,
Yes, it is (and not too difficult). I was working on a tutorial for
building applications using Glassfish with LDAP auth and Tapestry 4, but
stopped when I switched to T5. The Glassfish and LDAP pages are still valid
on http://home.earthlink.net/~valiantsoul/TapestryTutorial .
From there, you just need to add the following to web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>webapp_...</web-resource-name>
<url-pattern>*insert url pattern here*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Protected</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>LdapRealm</realm-name>
<form-login-config>
<form-login-page>/jsp/login.html</form-login-page>
<form-error-page>/jsp/loginError.html</form-error-page>
</form-login-config>
</login-config>
My sun-web.xml looks like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Application
Server 9.0 Servlet 2.5//EN'
'http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd'>
<sun-web-app>
<security-role-mapping>
<role-name>Protected</role-name>
<group-name>*group name from ldap*</group-name>
</security-role-mapping>
</sun-web-app>
Then in your login page, include:
<form method="post" action="j_security_check">
...
<input type="text" id="j_username" name="j_username" />
...
<input type="password" id="j_password" name="j_password" />
...
<input type="submit" value="Login" />
...
</form>
On Tue, Nov 18, 2008 at 6:47 AM, Michal Hlavac <[EMAIL PROTECTED]> wrote:
hello,
it is possible to use form based authentication with tapestry login
template?
I tryied j2ee security with tapestry 5 and basic auth and it works:
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/secured/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>LW_USER</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>file</realm-name>
</login-config>
but what I want is tapestry login template used with
<auth-method>FORM</auth-method>
thanks, m.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Joachim Van der Auwera
PROGS bvba, progs.be
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
