My 'loginform.url' points to "/login". I've also looked at the source for
the new tapestry-spring-security and I don't see much for differences.
I noticed a post by Martijn asking how you configured Spring Security. If
you are using tapestry-spring-security, you don't need to do the usual
Spring configuration so I could see you running into problems there if you
did that.
Yes, all un-authenticated requests go to my login page. I also use the
SavedRequest from Acegi to continue on to the desired page with the correct
parameters, if possible.
Here's a chunk of my login page:
public Object onSuccessFromLoginForm(){
UsernamePasswordAuthenticationToken authRequest =
new
UsernamePasswordAuthenticationToken(_username,_password);
Authentication authResult;
try {
authResult =
_authenticationManager.authenticate(authRequest);
logger.info("successful login for: " + _username);
} catch (BadCredentialsException failed) {
_form.recordError(_passwordField, "Invalid username
or password");
logger.info("bad password for: " + _username);
return null;
} catch (AuthenticationException failed) {
_form.recordError(_passwordField, "Invalid username
or password");
logger.info("failed login for: " + _username);
return null;
}
// get the saved request before we trash the session
SavedRequest savedRequest =
(SavedRequest)
_requestGlobals.getHTTPServletRequest().getSession().getAttribute(AbstractPr
ocessingFilter.ACEGI_SAVED_REQUEST_KEY);
// make sure the user state gets cleared
// and problems with anonymous auth
Session s = _request.getSession(false);
s.invalidate();
s = _request.getSession(true);
SecurityContextHolder.getContext().setAuthentication(authResult);
if(savedRequest != null){
java.net.URL url = null;
try {
url = new URL(savedRequest.getRequestURL());
} catch (MalformedURLException e){
logger.error("malformed url:" +
savedRequest.getRequestURI());
}
return url;
}
return Summary.class;
}
> -----Original Message-----
> From: rs1050 [mailto:[EMAIL PROTECTED]
> Sent: Sunday, December 07, 2008 15:14
> To: users@tapestry.apache.org
> Subject: RE: tapestry-spring-security: how to set ASO on successful login?
>
>
> Thank you Jonathan,
>
> My login page is 'user/login', and this is what i have in configuration of
> spring-security:
>
> configuration.add("spring-security.loginform.url", "/user/login");
> configuration.add("spring-security.failure.url",
> "/user/login/failed");
>
> Then spring-security hijacks all submits from login page. I did not do any
> custom filter creation in addition to that. In your application, what is
> the
> 'loginform.url'? Does it point to the actual tapestry login page?
>
> Assuming that in your case spring-security does *not* hijack the submits
> from the login page, does it still redirects to login page if a user tries
> to access some other secured page without being authenitcated?
>
> Thank you.
> R.
> --
> View this message in context: http://www.nabble.com/tapestry-spring-
> security%3A-how-to-set-ASO-on-successful-login--tp20865863p20885230.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
