Responses inline
> -----Original Message----- > From: rs1050 [mailto:[EMAIL PROTECTED] > Sent: Saturday, December 06, 2008 15:27 > To: users@tapestry.apache.org > Subject: RE: tapestry-spring-security: how to set ASO on successful login? > > > Thank you. > > "You could work with the ASO in the relevant onSuccess method." - i wish i > could - my onSuccess method for my Login page is *not* being called b/c > tapestry-spring-security filter hijacks the request to that url. Once > spring-security's filter (and it is not a Tapestry's filter) start > processing the request, i need to be able to do something with the ASO. I'm using tapestry5-acegi, but I don't think it's changed with the update to Spring Security. I AM using a Login page, and my onSuccess() method does get called. I haven't tried to configure any authentication processing filter which may explain why what I do works - I don't get hijacked. > > Currently I am planning to subclass > org.springframework.security.ui.webapp.AuthenticationProcessingFilter and > overwrite onSuccessfulAuthentication method to create ASO. In order to do > that I need reference to ApplicationStateManager. However, i can't figure > out a way of how to get it except for a very ugly one: > > 1. I create a TapestryExposer eager service, which on construction, > remembers ApplicationStateManager passed to the constructor and set itself > into a Spring-defined bean called 'TapestryExposerHolder' > 2. in my custom spring-security filter's (non-tapestry filter) > onSuccessfulAuthentication method I lookup TapestryExposerHolder, and from > it get TapestryExposer, and from that I get ApplicationStateManager. > ugrhhhh. > I suggest you follow the link I gave earlier: http://www.nabble.com/Accessing-ApplicationStateManager-from-within-a-Filter -td20274449.html#a20324607 My strategy was simple: You only get a page that uses the ASO if you have been authenticated. Therefore, on any page that asks for the ASO, you know that authentication will already have occurred. You can put all your ASO-building code in a contribution to the ApplicationStateManager, and get the authentication information from the SecurityContext. This also guarantees that any "accidental" ASO creation will create a properly constructed ASO, and allows things like the RememberMe service to be used (that would not be calling your onSuccess() method) yet still get a properly constructed ASO at the end. > I anyone can come up with a cleaner way of doing something with ASO after > successful authentication by spring security, it is really appreciated. > > R. > -- > View this message in context: http://www.nabble.com/tapestry-spring- > security%3A-how-to-set-ASO-on-successful-login--tp20865863p20874204.html > Sent from the Tapestry - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED]
