+1 for tapestry-security. This module is excellent and very well documented. The key is, indeed to understanding Shiro, and T-security is just a very lightweight front-end/configuration module for Shiro.
On Nov 8, 2012, at 9:45 AM, Richard Frovarp wrote: > On 11/08/2012 07:29 AM, John wrote: >> I've been looking at Tynamo tapestry-security and while it is feature rich, >> it seems complex and not documented or with detailed enough with full >> examples for me to follow. >> >> So I am trying to implement the RequiresLoginFilter code HLS provided. This >> requies implementing authService.isLoggedIn(). >> >> My login page will place a User object into session state. I assume I need >> to grab session state and pass that to my authService which will simply >> check for the session state != null? >> >> Any suggestions on how I obtain the session state in a service? Or otherwise >> a clear and complete Tynamo tapestry-security example I can browse? >> >> TIA >> > > Over the past week, I've been moving us from Spring Security to Tynamo's > tapestry-security. After attending a Spring Security talk at No Fluff Just > Stuff, I was interested in implementing method level security in my > application, but discovered the the Spring Security module for Tapestry is > out of date. So I decided to move us to Tynamo's tapestry-security, and have > been quite happy with the change so far. > > tapestry-security is an integration module with Apache Shiro. Understanding > Shiro is key to understanding tapestry-security in my very recent experience. > I highly recommend reading Shiro's reference documentation, including the > sections on Architecture, Authentication, Auhorizations, Realms, and of > course the the Terminology section (start with that one). > http://shiro.apache.org/reference.html > > You'll need to add to the chain the authc filter to take the username and > password, which will then pass it onto a realm. The authc filter by default > goes to this filter, which describes how it works: > http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html > > That will then attempt to authenticate against one of your realms, so you'll > need to configure one of those. From there Shiro will handle remembering the > user. The authorization information is retrieved each time, unless you enable > caching. > > From there you use the rest of Shiro / tapestry-security to perform your > authorization. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org