Did you debug down to the point where the compare of the credential to
the stored pwd happens? Are they really the same?
Am 27/05/2010 19:37, schrieb Todd Orr:
My UserDetailsService is managed by Spring and as such I can't inject the
same exact instances that tapestry is using, but I do use the same types,
PlaintextPasswordEncoder and SaltSourceImpl.
UserDetailsService:
private final static Logger LOG =
LoggerFactory.getLogger(UserDetailsServiceImpl.class);
@Autowired
private SessionFactory sessionManager;
private PasswordEncoder passwordEncoder = new PlaintextPasswordEncoder();
private SaltSource saltSource = new SaltSourceImpl();
/**
* Default constructor.
*/
public UserDetailsServiceImpl() {
// default
}
/**
* Try to find the given user in the local database.
*/
@Transactional(propagation = Propagation.REQUIRED, isolation =
Isolation.READ_COMMITTED, readOnly = true)
public UserDetails loadUserByUsername(String username) throws
UsernameNotFoundException, DataAccessException {
LOG.debug("Attempting to locate user with username \"{}\"", username);
Session session = sessionManager.getCurrentSession();
User user = (User)
session.createCriteria(User.class).add(Restrictions.eq("username",
username)).uniqueResult();
if (user != null) {
// encode the password
user.setPassword(passwordEncoder.encodePassword(user.getPassword(),
saltSource.getSalt(user)));
}
LOG.debug("Located user: {}", user);
return new User(user);
}
On Thu, May 27, 2010 at 1:29 PM, Michael Gerzabek
<michael.gerza...@gmx.net>wrote:
What about the salt. Did you change it? You have to 'save' password with
your PasswordEncoder prior to using it.
Which Am 27/05/2010 19:20, schrieb Todd Orr:
I've tried that way as well. It doesn't work either and I assume it's for
the same reason, though I cannot tell in that case because the exception
doesn't bubble out of Tapestry Spring Security.
Login code:
private final static Logger LOG = LoggerFactory.getLogger(Login.class);
@Inject
@Value("${spring-security.check.url}")
private String checkUrl;
@Inject
private Request request;
private boolean failed = false;
public boolean isFailed() {
return failed;
}
public String getLoginCheckUrl() {
String loginCheckUrl = request.getContextPath() + checkUrl;
LOG.debug("Returning login check url: {}", loginCheckUrl);
return loginCheckUrl;
}
void onActivate(String extra) {
if (extra.equals("failed")) {
failed = true;
}
}
TML:
<html t:type="layout"
title="message:page-title"
xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd";
xmlns:p="tapestry:parameter">
<div id="login-help">
<t:outputraw value="${message:login-help}" />
</div>
<div>
<form action="${loginCheckUrl}" method="post">
<t:if test="failed">
<p>Username and/or password was wrong!</p>
</t:if>
<div id="login-username-row">
<label for="j_username">Username:</label>
<input id="j_username" name="j_username" type="text" />
</div>
<div id="login-password-row">
<label for="j_password">Password</label>
<input id="j_password" name="j_password" type="password" />
</div>
<div id="login-submit-row">
<input type="submit" value="Login" />
</div>
</form>
</div>
</html>
Module:
private final static Logger LOG =
LoggerFactory.getLogger(SecurityModule.class);
public static void
contributeProviderManager(OrderedConfiguration<AuthenticationProvider>
configuration,
@InjectService("DaoAuthenticationProvider") AuthenticationProvider
daoAuthenticationProvider) {
LOG.debug("Received AuthenticationProvider: {}",
daoAuthenticationProvider);
configuration.add("daoAuthenticationProvider",
daoAuthenticationProvider);
}
public static void
contributeAlias(Configuration<AliasContribution<PasswordEncoder>>
configuration) {
configuration.add(AliasContribution.create(PasswordEncoder.class, new
PlaintextPasswordEncoder()));
}
public static void
contributeApplicationDefaults(MappedConfiguration<String,
String> configuration) {
configuration.add("spring-security.failure.url", "/login/failed");
configuration.add("spring-security.accessDenied.url", "/accessdenied");
configuration.add("spring-security.check.url",
"/j_spring_security_check");
configuration.add("spring-security.target.url", "/intranet");
configuration.add("spring-security.afterlogout.url", "/");
configuration.add("spring-security.rememberme.key", "REMEMBERMEKEY");
configuration.add("spring-security.loginform.url", "/login");
configuration.add("spring-security.force.ssl.login", "false");
configuration.add("spring-security.anonymous.key", "acegi_anonymous");
configuration.add("spring-security.anonymous.attribute",
"anonymous,ROLE_ANONYMOUS");
configuration.add("spring-security.password.salt", "DEADBEEF");
}
public static void
contributeFilterSecurityInterceptor(Configuration<RequestInvocationDefinition>
configuration) {
configuration.add(new RequestInvocationDefinition("/intranet*/**",
"ROLE_ADMIN"));
}
No redirect to the target URL occurs. It just says that "Username and/or
password was wrong!".
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
