I changed the code so that these are injected and now it works. I cannot
describe how angry this makes me. Days wasted.
Thanks for you help though!!!
On Thu, May 27, 2010 at 1:37 PM, Todd Orr <torr0...@gmail.com> wrote:
> My UserDetailsService is managed by Spring and as such I can't inject the
> same exact instances that tapestry is using, but I do use the same types,
> PlaintextPasswordEncoder and SaltSourceImpl.
>
> UserDetailsService:
>
>
> private final static Logger LOG =
> LoggerFactory.getLogger(UserDetailsServiceImpl.class);
>
> @Autowired
> private SessionFactory sessionManager;
>
> private PasswordEncoder passwordEncoder = new PlaintextPasswordEncoder();
>
> private SaltSource saltSource = new SaltSourceImpl();
>
> /**
> * Default constructor.
> */
> public UserDetailsServiceImpl() {
> // default
> }
>
> /**
> * Try to find the given user in the local database.
> */
> @Transactional(propagation = Propagation.REQUIRED, isolation =
> Isolation.READ_COMMITTED, readOnly = true)
> public UserDetails loadUserByUsername(String username) throws
> UsernameNotFoundException, DataAccessException {
> LOG.debug("Attempting to locate user with username \"{}\"", username);
>
> Session session = sessionManager.getCurrentSession();
>
> User user = (User)
> session.createCriteria(User.class).add(Restrictions.eq("username",
> username)).uniqueResult();
>
> if (user != null) {
> // encode the password
> user.setPassword(passwordEncoder.encodePassword(user.getPassword(),
> saltSource.getSalt(user)));
> }
>
> LOG.debug("Located user: {}", user);
>
> return new User(user);
> }
>
> On Thu, May 27, 2010 at 1:29 PM, Michael Gerzabek <
> michael.gerza...@gmx.net> wrote:
>
>> What about the salt. Did you change it? You have to 'save' password with
>> your PasswordEncoder prior to using it.
>>
>> Which Am 27/05/2010 19:20, schrieb Todd Orr:
>>
>> I've tried that way as well. It doesn't work either and I assume it's for
>>> the same reason, though I cannot tell in that case because the exception
>>> doesn't bubble out of Tapestry Spring Security.
>>>
>>> Login code:
>>>
>>> private final static Logger LOG = LoggerFactory.getLogger(Login.class);
>>>
>>> @Inject
>>> @Value("${spring-security.check.url}")
>>> private String checkUrl;
>>>
>>> @Inject
>>> private Request request;
>>>
>>> private boolean failed = false;
>>>
>>> public boolean isFailed() {
>>> return failed;
>>> }
>>>
>>> public String getLoginCheckUrl() {
>>> String loginCheckUrl = request.getContextPath() + checkUrl;
>>> LOG.debug("Returning login check url: {}", loginCheckUrl);
>>> return loginCheckUrl;
>>> }
>>>
>>> void onActivate(String extra) {
>>> if (extra.equals("failed")) {
>>> failed = true;
>>> }
>>> }
>>>
>>> TML:
>>>
>>> <html t:type="layout"
>>> title="message:page-title"
>>> xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd";
>>> xmlns:p="tapestry:parameter">
>>>
>>> <div id="login-help">
>>> <t:outputraw value="${message:login-help}" />
>>> </div>
>>> <div>
>>> <form action="${loginCheckUrl}" method="post">
>>> <t:if test="failed">
>>> <p>Username and/or password was wrong!</p>
>>> </t:if>
>>> <div id="login-username-row">
>>> <label for="j_username">Username:</label>
>>> <input id="j_username" name="j_username" type="text" />
>>> </div>
>>> <div id="login-password-row">
>>> <label for="j_password">Password</label>
>>> <input id="j_password" name="j_password" type="password" />
>>> </div>
>>> <div id="login-submit-row">
>>> <input type="submit" value="Login" />
>>> </div>
>>> </form>
>>> </div>
>>>
>>> </html>
>>>
>>> Module:
>>>
>>> private final static Logger LOG =
>>> LoggerFactory.getLogger(SecurityModule.class);
>>> public static void
>>> contributeProviderManager(OrderedConfiguration<AuthenticationProvider>
>>> configuration,
>>> @InjectService("DaoAuthenticationProvider") AuthenticationProvider
>>> daoAuthenticationProvider) {
>>> LOG.debug("Received AuthenticationProvider: {}",
>>> daoAuthenticationProvider);
>>> configuration.add("daoAuthenticationProvider",
>>> daoAuthenticationProvider);
>>> }
>>>
>>> public static void
>>> contributeAlias(Configuration<AliasContribution<PasswordEncoder>>
>>> configuration) {
>>> configuration.add(AliasContribution.create(PasswordEncoder.class, new
>>> PlaintextPasswordEncoder()));
>>> }
>>>
>>> public static void
>>> contributeApplicationDefaults(MappedConfiguration<String,
>>> String> configuration) {
>>> configuration.add("spring-security.failure.url", "/login/failed");
>>> configuration.add("spring-security.accessDenied.url", "/accessdenied");
>>> configuration.add("spring-security.check.url",
>>> "/j_spring_security_check");
>>> configuration.add("spring-security.target.url", "/intranet");
>>> configuration.add("spring-security.afterlogout.url", "/");
>>> configuration.add("spring-security.rememberme.key", "REMEMBERMEKEY");
>>> configuration.add("spring-security.loginform.url", "/login");
>>> configuration.add("spring-security.force.ssl.login", "false");
>>> configuration.add("spring-security.anonymous.key", "acegi_anonymous");
>>> configuration.add("spring-security.anonymous.attribute",
>>> "anonymous,ROLE_ANONYMOUS");
>>> configuration.add("spring-security.password.salt", "DEADBEEF");
>>> }
>>>
>>> public static void
>>>
>>> contributeFilterSecurityInterceptor(Configuration<RequestInvocationDefinition>
>>> configuration) {
>>> configuration.add(new RequestInvocationDefinition("/intranet*/**",
>>> "ROLE_ADMIN"));
>>> }
>>>
>>>
>>> No redirect to the target URL occurs. It just says that "Username and/or
>>> password was wrong!".
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
>> For additional commands, e-mail: users-h...@tapestry.apache.org
>>
>>
>
