I changed the code so that these are injected and now it works. I cannot describe how angry this makes me. Days wasted.
Thanks for you help though!!! On Thu, May 27, 2010 at 1:37 PM, Todd Orr <torr0...@gmail.com> wrote: > My UserDetailsService is managed by Spring and as such I can't inject the > same exact instances that tapestry is using, but I do use the same types, > PlaintextPasswordEncoder and SaltSourceImpl. > > UserDetailsService: > > > private final static Logger LOG = > LoggerFactory.getLogger(UserDetailsServiceImpl.class); > > @Autowired > private SessionFactory sessionManager; > > private PasswordEncoder passwordEncoder = new PlaintextPasswordEncoder(); > > private SaltSource saltSource = new SaltSourceImpl(); > > /** > * Default constructor. > */ > public UserDetailsServiceImpl() { > // default > } > > /** > * Try to find the given user in the local database. > */ > @Transactional(propagation = Propagation.REQUIRED, isolation = > Isolation.READ_COMMITTED, readOnly = true) > public UserDetails loadUserByUsername(String username) throws > UsernameNotFoundException, DataAccessException { > LOG.debug("Attempting to locate user with username \"{}\"", username); > > Session session = sessionManager.getCurrentSession(); > > User user = (User) > session.createCriteria(User.class).add(Restrictions.eq("username", > username)).uniqueResult(); > > if (user != null) { > // encode the password > user.setPassword(passwordEncoder.encodePassword(user.getPassword(), > saltSource.getSalt(user))); > } > > LOG.debug("Located user: {}", user); > > return new User(user); > } > > On Thu, May 27, 2010 at 1:29 PM, Michael Gerzabek < > michael.gerza...@gmx.net> wrote: > >> What about the salt. Did you change it? You have to 'save' password with >> your PasswordEncoder prior to using it. >> >> Which Am 27/05/2010 19:20, schrieb Todd Orr: >> >> I've tried that way as well. It doesn't work either and I assume it's for >>> the same reason, though I cannot tell in that case because the exception >>> doesn't bubble out of Tapestry Spring Security. >>> >>> Login code: >>> >>> private final static Logger LOG = LoggerFactory.getLogger(Login.class); >>> >>> @Inject >>> @Value("${spring-security.check.url}") >>> private String checkUrl; >>> >>> @Inject >>> private Request request; >>> >>> private boolean failed = false; >>> >>> public boolean isFailed() { >>> return failed; >>> } >>> >>> public String getLoginCheckUrl() { >>> String loginCheckUrl = request.getContextPath() + checkUrl; >>> LOG.debug("Returning login check url: {}", loginCheckUrl); >>> return loginCheckUrl; >>> } >>> >>> void onActivate(String extra) { >>> if (extra.equals("failed")) { >>> failed = true; >>> } >>> } >>> >>> TML: >>> >>> <html t:type="layout" >>> title="message:page-title" >>> xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd" >>> xmlns:p="tapestry:parameter"> >>> >>> <div id="login-help"> >>> <t:outputraw value="${message:login-help}" /> >>> </div> >>> <div> >>> <form action="${loginCheckUrl}" method="post"> >>> <t:if test="failed"> >>> <p>Username and/or password was wrong!</p> >>> </t:if> >>> <div id="login-username-row"> >>> <label for="j_username">Username:</label> >>> <input id="j_username" name="j_username" type="text" /> >>> </div> >>> <div id="login-password-row"> >>> <label for="j_password">Password</label> >>> <input id="j_password" name="j_password" type="password" /> >>> </div> >>> <div id="login-submit-row"> >>> <input type="submit" value="Login" /> >>> </div> >>> </form> >>> </div> >>> >>> </html> >>> >>> Module: >>> >>> private final static Logger LOG = >>> LoggerFactory.getLogger(SecurityModule.class); >>> public static void >>> contributeProviderManager(OrderedConfiguration<AuthenticationProvider> >>> configuration, >>> @InjectService("DaoAuthenticationProvider") AuthenticationProvider >>> daoAuthenticationProvider) { >>> LOG.debug("Received AuthenticationProvider: {}", >>> daoAuthenticationProvider); >>> configuration.add("daoAuthenticationProvider", >>> daoAuthenticationProvider); >>> } >>> >>> public static void >>> contributeAlias(Configuration<AliasContribution<PasswordEncoder>> >>> configuration) { >>> configuration.add(AliasContribution.create(PasswordEncoder.class, new >>> PlaintextPasswordEncoder())); >>> } >>> >>> public static void >>> contributeApplicationDefaults(MappedConfiguration<String, >>> String> configuration) { >>> configuration.add("spring-security.failure.url", "/login/failed"); >>> configuration.add("spring-security.accessDenied.url", "/accessdenied"); >>> configuration.add("spring-security.check.url", >>> "/j_spring_security_check"); >>> configuration.add("spring-security.target.url", "/intranet"); >>> configuration.add("spring-security.afterlogout.url", "/"); >>> configuration.add("spring-security.rememberme.key", "REMEMBERMEKEY"); >>> configuration.add("spring-security.loginform.url", "/login"); >>> configuration.add("spring-security.force.ssl.login", "false"); >>> configuration.add("spring-security.anonymous.key", "acegi_anonymous"); >>> configuration.add("spring-security.anonymous.attribute", >>> "anonymous,ROLE_ANONYMOUS"); >>> configuration.add("spring-security.password.salt", "DEADBEEF"); >>> } >>> >>> public static void >>> >>> contributeFilterSecurityInterceptor(Configuration<RequestInvocationDefinition> >>> configuration) { >>> configuration.add(new RequestInvocationDefinition("/intranet*/**", >>> "ROLE_ADMIN")); >>> } >>> >>> >>> No redirect to the target URL occurs. It just says that "Username and/or >>> password was wrong!". >>> >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org >> For additional commands, e-mail: users-h...@tapestry.apache.org >> >> >