I've tried that way as well. It doesn't work either and I assume it's for
the same reason, though I cannot tell in that case because the exception
doesn't bubble out of Tapestry Spring Security.
Login code:
private final static Logger LOG = LoggerFactory.getLogger(Login.class);
@Inject
@Value("${spring-security.check.url}")
private String checkUrl;
@Inject
private Request request;
private boolean failed = false;
public boolean isFailed() {
return failed;
}
public String getLoginCheckUrl() {
String loginCheckUrl = request.getContextPath() + checkUrl;
LOG.debug("Returning login check url: {}", loginCheckUrl);
return loginCheckUrl;
}
void onActivate(String extra) {
if (extra.equals("failed")) {
failed = true;
}
}
TML:
<html t:type="layout"
title="message:page-title"
xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd";
xmlns:p="tapestry:parameter">
<div id="login-help">
<t:outputraw value="${message:login-help}" />
</div>
<div>
<form action="${loginCheckUrl}" method="post">
<t:if test="failed">
<p>Username and/or password was wrong!</p>
</t:if>
<div id="login-username-row">
<label for="j_username">Username:</label>
<input id="j_username" name="j_username" type="text" />
</div>
<div id="login-password-row">
<label for="j_password">Password</label>
<input id="j_password" name="j_password" type="password" />
</div>
<div id="login-submit-row">
<input type="submit" value="Login" />
</div>
</form>
</div>
</html>
Module:
private final static Logger LOG =
LoggerFactory.getLogger(SecurityModule.class);
public static void
contributeProviderManager(OrderedConfiguration<AuthenticationProvider>
configuration,
@InjectService("DaoAuthenticationProvider") AuthenticationProvider
daoAuthenticationProvider) {
LOG.debug("Received AuthenticationProvider: {}", daoAuthenticationProvider);
configuration.add("daoAuthenticationProvider", daoAuthenticationProvider);
}
public static void
contributeAlias(Configuration<AliasContribution<PasswordEncoder>>
configuration) {
configuration.add(AliasContribution.create(PasswordEncoder.class, new
PlaintextPasswordEncoder()));
}
public static void contributeApplicationDefaults(MappedConfiguration<String,
String> configuration) {
configuration.add("spring-security.failure.url", "/login/failed");
configuration.add("spring-security.accessDenied.url", "/accessdenied");
configuration.add("spring-security.check.url", "/j_spring_security_check");
configuration.add("spring-security.target.url", "/intranet");
configuration.add("spring-security.afterlogout.url", "/");
configuration.add("spring-security.rememberme.key", "REMEMBERMEKEY");
configuration.add("spring-security.loginform.url", "/login");
configuration.add("spring-security.force.ssl.login", "false");
configuration.add("spring-security.anonymous.key", "acegi_anonymous");
configuration.add("spring-security.anonymous.attribute",
"anonymous,ROLE_ANONYMOUS");
configuration.add("spring-security.password.salt", "DEADBEEF");
}
public static void
contributeFilterSecurityInterceptor(Configuration<RequestInvocationDefinition>
configuration) {
configuration.add(new RequestInvocationDefinition("/intranet*/**",
"ROLE_ADMIN"));
}
No redirect to the target URL occurs. It just says that "Username and/or
password was wrong!".
On Thu, May 27, 2010 at 12:54 PM, Michael Gerzabek <michael.gerza...@gmx.net
> wrote:
> Why do you try to do the work of Spring Security? Please follow the sample
> in [1]. There's no need to check the credentials on your own. You just need
> to provide your implementation of UserDetails.
>
> [1] http://www.localhost.nu/svn/public/tapestry-spring-security-sample/
>
> Am 27/05/2010 16:53, schrieb Todd Orr:
>
> I am trying to integrate spring security into my Tapestry application and
>> am
>> unable to get the TSS module to work correctly. I've created a login page
>> and am attempting to perform the authentication manually so that I can use
>> tap for the fields etc. I have a login page with the j_username, etc.
>> also.
>> It doesn't work either. The code for my login page is:
>>
>>
>> private final static Logger LOG =
>> LoggerFactory.getLogger(LoginPage.class);
>>
>> @Inject
>> private RequestGlobals requestGlobals;
>>
>> @Inject
>> private AuthenticationManager authenticationManager;
>>
>> private Class<?> defaultTargetUrl = Index.class;
>>
>> @SuppressWarnings("unused")
>> @Inject
>> private Request request;
>>
>> @SuppressWarnings("unused")
>> @Inject
>> private Response response;
>>
>> @Persist
>> @Property
>> private String username;
>>
>> @Persist(PersistenceConstants.FLASH)
>> @Property
>> private String password;
>>
>> @Property
>> @Component(id = "loginForm")
>> private Form loginForm;
>>
>> private Authentication authResult;
>>
>> @Component(id = "password")
>> private PasswordField passwordField;
>>
>> @SuppressWarnings("unused")
>> @Component(id = "username")
>> private TextField usernameField;
>>
>> public void onValidateFormFromLoginForm() {
>> // clean up the properties
>> username = username == null ? null : username.trim();
>> password = password == null ? null : password.trim();
>>
>> UsernamePasswordAuthenticationToken authRequest = new
>> UsernamePasswordAuthenticationToken(username, password);
>> try {
>> authResult = authenticationManager.authenticate(authRequest);
>>
>> } catch (BadCredentialsException e) {
>> LOG.warn("Authentication failed: {}", e.getAuthentication());
>> loginForm.recordError(passwordField, "Invalid username or password");
>>
>> } catch (AuthenticationException e) {
>> LOG.warn("Authentication failed: {}", e.getAuthentication());
>> loginForm.recordError(passwordField, "Invalid username or password");
>> }
>>
>> }
>>
>> public Object onSuccessFromLoginForm() {
>>
>> SavedRequest savedRequest = (SavedRequest)
>> requestGlobals.getHTTPServletRequest().getSession().getAttribute(
>> AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY);
>>
>> SecurityContextHolder.getContext().setAuthentication(authResult);
>>
>> if (savedRequest != null) {
>>
>> URL url = null;
>> try {
>> url = new URL(savedRequest.getRequestURL());
>>
>> } catch (MalformedURLException e) {
>> LOG.error("malformed url:" + savedRequest.getRequestURI());
>> return defaultTargetUrl;
>> }
>>
>> return url;
>>
>> }
>>
>> return defaultTargetUrl;
>>
>> }
>>
>> And the stdout shows the following when attempting to login:
>>
>> 10:49:01,733 DEBUG [UserDetailsServiceImpl] Attempting to locate user with
>> username "my_username"
>> 10:49:01,782 INFO [sqlonly] select this_.user_id as user1_0_1_,
>> this_.user_passwd as user2_0_1_, this_.user_username as
>> user3_0_1_, roles2_.u_to_p_frn_user_id as u2_3_,
>> roles2_.u_to_p_frn_permission_id as u1_3_,
>> roles2_.u_to_p_frn_permission_id as u1_1_0_, roles2_.u_to_p_frn_user_id as
>> u2_1_0_ from users
>> this_ left outer join user_to_permissions roles2_ on
>> this_.user_id=roles2_.u_to_p_frn_user_id
>> where this_.user_username='my_username'
>> 10:49:02,063 DEBUG [UserDetailsServiceImpl] Located user:
>> User[username=my_username,roles=[ROLE_TEMP,
>> ROLE_ADMIN],authorities=[ROLE_TEMP, ROLE_ADMIN]]
>> 10:49:02,446 WARN [LoginPage] Authentication failed:
>>
>> org.springframework.security.providers.usernamepasswordauthenticationto...@1f
>> :
>> Principal: my_username; Password: [PROTECTED]; Authenticated: false;
>> Details: null; Not granted any authorities
>>
>> I am sure that a valid user with valid authorities is being returned from
>> my
>> UserDetailsService. I am sure it's password matches the password I am
>> providing. But no matter what, it always - ALWAYS - throws the
>> BadCredentialsException.
>>
>> I've been beating my head against this wall since Tuesday - literally.
>> Please advise.
>>
>> Thanks,
>> T
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
