On 11/08/2012 07:29 AM, John wrote:
I've been looking at Tynamo tapestry-security and while it is feature rich, it
seems complex and not documented or with detailed enough with full examples for
me to follow.
So I am trying to implement the RequiresLoginFilter code HLS provided. This
requies implementing authService.isLoggedIn().
My login page will place a User object into session state. I assume I need to
grab session state and pass that to my authService which will simply check for
the session state != null?
Any suggestions on how I obtain the session state in a service? Or otherwise a
clear and complete Tynamo tapestry-security example I can browse?
TIA
Over the past week, I've been moving us from Spring Security to Tynamo's
tapestry-security. After attending a Spring Security talk at No Fluff
Just Stuff, I was interested in implementing method level security in my
application, but discovered the the Spring Security module for Tapestry
is out of date. So I decided to move us to Tynamo's tapestry-security,
and have been quite happy with the change so far.
tapestry-security is an integration module with Apache Shiro.
Understanding Shiro is key to understanding tapestry-security in my very
recent experience. I highly recommend reading Shiro's reference
documentation, including the sections on Architecture, Authentication,
Auhorizations, Realms, and of course the the Terminology section (start
with that one).
http://shiro.apache.org/reference.html
You'll need to add to the chain the authc filter to take the username
and password, which will then pass it onto a realm. The authc filter by
default goes to this filter, which describes how it works:
http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html
That will then attempt to authenticate against one of your realms, so
you'll need to configure one of those. From there Shiro will handle
remembering the user. The authorization information is retrieved each
time, unless you enable caching.
From there you use the rest of Shiro / tapestry-security to perform
your authorization.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
