+1 for tapestry-security.
This module is excellent and very well documented.  The key is, indeed to 
understanding Shiro,
and T-security is just a very lightweight front-end/configuration module for 
Shiro.


On Nov 8, 2012, at 9:45 AM, Richard Frovarp wrote:

> On 11/08/2012 07:29 AM, John wrote:
>> I've been looking at Tynamo tapestry-security and while it is feature rich, 
>> it seems complex and not documented or with detailed enough with full 
>> examples for me to follow.
>> 
>> So I am trying to implement the  RequiresLoginFilter code HLS provided. This 
>> requies implementing authService.isLoggedIn().
>> 
>> My login page will place a User object into session state. I assume I need 
>> to grab session state and pass that to my authService which will simply 
>> check for the session state != null?
>> 
>> Any suggestions on how I obtain the session state in a service? Or otherwise 
>> a clear and complete Tynamo tapestry-security example I can browse?
>> 
>> TIA
>> 
> 
> Over the past week, I've been moving us from Spring Security to Tynamo's 
> tapestry-security. After attending a Spring Security talk at No Fluff Just 
> Stuff, I was interested in implementing method level security in my 
> application, but discovered the the Spring Security module for Tapestry is 
> out of date. So I decided to move us to Tynamo's tapestry-security, and have 
> been quite happy with the change so far.
> 
> tapestry-security is an integration module with Apache Shiro. Understanding 
> Shiro is key to understanding tapestry-security in my very recent experience. 
> I highly recommend reading Shiro's reference documentation, including the 
> sections on Architecture, Authentication, Auhorizations, Realms, and of 
> course the the Terminology section (start with that one).
> http://shiro.apache.org/reference.html
> 
> You'll need to add to the chain the authc filter to take the username and 
> password, which will then pass it onto a realm. The authc filter by default 
> goes to this filter, which describes how it works:
> http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html
> 
> That will then attempt to authenticate against one of your realms, so you'll 
> need to configure one of those. From there Shiro will handle remembering the 
> user. The authorization information is retrieved each time, unless you enable 
> caching.
> 
> From there you use the rest of Shiro / tapestry-security to perform your 
> authorization.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Reply via email to