Hello, our company has decided to build a sso service for all our
applications. Up until now, I've always used the tapestry-security project,
however I was just directed to add a filter to my web.xml which would handle
authorization and role management. The remote login just redirects the user
to an external login form and then redirects the user back to the
application.
My concerns/questions. I love the goodies provided to me by the
tapestry-security project such as securing methods, role management etc.
Would there be away I could continue to use the tapestry-security project
with this custom remote login? Since I'm not managing login, I wouldn't have
any credentials to pass into SimpleAuthenticationInfo, the only thing
returned from the remote login is a username, roles, and whether or not they
are authorized.
This is my realm classed currently used to handle authorization
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String email = upToken.getUsername();
ApplicationUser applicationUser = (ApplicationUser)
session.createCriteria(ApplicationUser.class)
.add(Restrictions.eq("email", email))
.uniqueResult();
if (applicationUser == null) {
throw new UnknownAccountException();
}
return buildAuthenticationInfo(applicationUser.getId(),
applicationUser.getPassword());
}
private AuthenticationInfo buildAuthenticationInfo(Long userId, String
password) {
return new SimpleAuthenticationInfo(userId, password, getName());
}
Thanks in advance.
--
View this message in context:
http://tapestry.1045711.n5.nabble.com/tapestry-security-w-Remote-Login-tp5505792p5505792.html
Sent from the Tapestry - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
