Won't authenticate or won't authorize? Have you debugged it, i.e. are your doGetAuthenticationInfo() and doGetAuthorizationInfo() invoked? If they don't (and the realm is properly contributed), then the problem is with your login code. The system finds the right realm by a matching token class, so you have to use the same UsernamePasswordToken to login the Subject.
Kalle On Wed, Aug 15, 2012 at 7:11 PM, Jaypax Ginete <killer.tila...@gmail.com> wrote: > I am using your excellent tynamo-security module but I'm kinda sort-of > stuck. I have followed the tapestry-security guide and I think that I > got it to work half-way; I'm able to redirect unauthenticated users, > secure pages and methods via annotations. I just can't seem to > "authenticate" users. I'm working with a very legacy database(circa > 2000) with clear text passwords. It's an intranet web application with > about 10 users. > > Here's an excerpt of my SecurityRealm: > > public class SecurityRealm extends AuthorizingRealm { > > @Inject > private UserDAO userDAO; > > public SecurityRealm() { > super(new MemoryConstrainedCacheManager()); > setName("SecurityRealm"); > setAuthenticationTokenClass(UsernamePasswordToken.class); > setCredentialsMatcher(new SimpleCredentialsMatcher()); > } > > @Override > protected AuthorizationInfo > doGetAuthorizationInfo(PrincipalCollection pc) { > ... > // stuff to retrieve roles from the database > > User u= userDAO.findByUsername(username); > Set<String> roles = new HashSet<String>(u.getRoleList().size()); > for(UserRole role : u.getRoleList()){ > roles.add(role.getRole()); > } > return new SimpleAuthorizationInfo(roles); > } > > @Override > protected AuthenticationInfo > doGetAuthenticationInfo(AuthenticationToken at) throws > AuthenticationException { > > UsernamePasswordToken token = (UsernamePasswordToken) at; > token.setRememberMe(false); > String username = token.getUsername(); > > if(username == null){ > throw new AccountException("Null usernames are not allowed."); > } > > User u= userDAO.findByUsername(username); > > if(u.getIslocked()){ > throw new LockedAccountException("Account is > disabled/locked."); > } > > return new > SimpleAuthenticationInfo(username,u.getPassword().toCharArray(),getName()); > } > > And I added this "Realm" using the contributeWebSecurityManager method > in the AppModule of Tapestry. I also have checked out code in the SVN. > > I'm still at a lost why my project won't authenticate users. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org