Hi Kalle thanks for replying. I know that my doGetAuthenticationInfo()
and doGetAuthorizationInfo() methods are getting called. So I will look
at my login code but I will revisit this project another time. I'm being
re-assigned to a different project.
Jay
On 8/16/2012 10:20 AM, Kalle Korhonen wrote:
Won't authenticate or won't authorize? Have you debugged it, i.e. are
your doGetAuthenticationInfo() and doGetAuthorizationInfo() invoked?
If they don't (and the realm is properly contributed), then the
problem is with your login code. The system finds the right realm by a
matching token class, so you have to use the same
UsernamePasswordToken to login the Subject.
Kalle
On Wed, Aug 15, 2012 at 7:11 PM, Jaypax Ginete <killer.tila...@gmail.com> wrote:
I am using your excellent tynamo-security module but I'm kinda sort-of
stuck. I have followed the tapestry-security guide and I think that I
got it to work half-way; I'm able to redirect unauthenticated users,
secure pages and methods via annotations. I just can't seem to
"authenticate" users. I'm working with a very legacy database(circa
2000) with clear text passwords. It's an intranet web application with
about 10 users.
Here's an excerpt of my SecurityRealm:
public class SecurityRealm extends AuthorizingRealm {
@Inject
private UserDAO userDAO;
public SecurityRealm() {
super(new MemoryConstrainedCacheManager());
setName("SecurityRealm");
setAuthenticationTokenClass(UsernamePasswordToken.class);
setCredentialsMatcher(new SimpleCredentialsMatcher());
}
@Override
protected AuthorizationInfo
doGetAuthorizationInfo(PrincipalCollection pc) {
...
// stuff to retrieve roles from the database
User u= userDAO.findByUsername(username);
Set<String> roles = new HashSet<String>(u.getRoleList().size());
for(UserRole role : u.getRoleList()){
roles.add(role.getRole());
}
return new SimpleAuthorizationInfo(roles);
}
@Override
protected AuthenticationInfo
doGetAuthenticationInfo(AuthenticationToken at) throws
AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) at;
token.setRememberMe(false);
String username = token.getUsername();
if(username == null){
throw new AccountException("Null usernames are not allowed.");
}
User u= userDAO.findByUsername(username);
if(u.getIslocked()){
throw new LockedAccountException("Account is
disabled/locked.");
}
return new
SimpleAuthenticationInfo(username,u.getPassword().toCharArray(),getName());
}
And I added this "Realm" using the contributeWebSecurityManager method
in the AppModule of Tapestry. I also have checked out code in the SVN.
I'm still at a lost why my project won't authenticate users.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
