On Thu, May 17, 2012 at 8:04 PM, kc22033 <k...@aforeverhome.org> wrote: > I am struggling with getting tapestry-security working using the jdbcrealm. > I've read the tapestry-security guide over and over again. I've searched > using every keyword I can come up with. I find lots of people saying "it's > easy" and "it's documented" ... so far, I've not been able to validate > either of those claims! > Can someone please point me to the appropriate documentation?
Part of your frustration stems from the fact that it's impossible to point to a single piece of documentation for each user's specific use case. Any sufficiently flexible and configurable technology requires understanding the basics and tapestry-security and Apache Shiro that the former is based on is no exception. > It would also be great if there were a very simple example that provided > only basic security functions via jdbc (things like register a user, login, > logout, update profile, etc.). The examples I've been able to locate are all > for earlier versions of tapestry-security which rely on .ini file > configuration - those no longer work. Neither registering a user nor updating a profile have anything to do with a jdbcrealm. To log out, you can simply invalidate the session. Tapestry-security is responsible for authenticating and authorizing users. Forget the jdbc for a moment, and focus on understanding the responsibility of a realm. The appropriate documentation is at http://shiro.apache.org/realm.html. Now, with tapestry-security it's super simple to configure a realm (you contribute it) or multiple realms to authenticate your users against, and the appropriate documentation is at http://tynamo.org/tapestry-security+guide. Once you get the basics, it doesn't matter whether you are authenticating your users via jdbc, ldap, jpa, etc. since the Realm interface stays the same. Finally, and forgive me for pointing you to the source code, but if you really want to understand and adapt the JdbcRealm implementation to your use case and datamodel, you have to know the queries it creates by default. The appropriate documentation is at http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/jdbc/JdbcRealm.html and the source at https://svn.apache.org/repos/asf/shiro/trunk/core/src/main/java/org/apache/shiro/realm/jdbc/JdbcRealm.java. With all this said, I'm thinking you might just need a sample more than documentation. The federatedaccounts testapp (not the live federatedaccounts example but the Hibernate-based testapp within federatedaccounts module) shows a fairly complete Hibernate-backed custom UserRealm, starts browsing from http://svn.codehaus.org/tynamo/trunk/tynamo-federatedaccounts/tynamo-federatedaccounts-core/src/test/java/org/tynamo/security/federatedaccounts/testapp/. Finally, I'm more than willing to improve documentation and I continuously do so, but I have to keep it in a generic level since the issues users are facing in the real world quickly become too specific for others to adapt to their own environments. Kalle --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
