Re: Tapestry-csrf-protection with Tapestry-Spring-Security.

Tue, 15 Jul 2014 08:27:41 -0700 

The trace :

|java.lang.NullPointerException: Unable to delegate method invocation to property 
'request' of <Proxy for 
RequestGlobals(org.apache.tapestry5.services.RequestGlobals)>, because the 
property is null.
    at $Request_1ce08361bf2a.readProperty(Unknown Source)
    at $Request_1ce08361bf2a.getSession(Unknown Source)
    at $Request_1ce08361bee0.getSession(Unknown Source)
    at 
org.apache.tapestry5.internal.services.SessionApplicationStatePersistenceStrategy.exists(SessionApplicationStatePersistenceStrategy.java:80)
    at $ApplicationStatePersistenceStrategy_1ce08361c07b.exists(Unknown Source)
    at 
org.apache.tapestry5.internal.services.ApplicationStateManagerImpl$ApplicationStateAdapter.exists(ApplicationStateManagerImpl.java:60)
    at 
org.apache.tapestry5.internal.services.ApplicationStateManagerImpl.getIfExists(ApplicationStateManagerImpl.java:140)
    at $ApplicationStateManager_1ce08361bf33.getIfExists(Unknown Source)
    at 
org.apache.tapestry5.csrfprotection.internal.SessionCsrfTokenRepository.loadToken(SessionCsrfTokenRepository.java:39)
    at $CsrfTokenRepository_1ce08361c079.loadToken(Unknown Source)
    at $CsrfTokenRepository_1ce08361beff.loadToken(Unknown Source)
    at 
org.atlog.mjweb.services.user.GemwebCsrfAuthenticationProcessingFilter.checkToken(GemwebCsrfAuthenticationProcessingFilter.java:40)
    at 
org.atlog.mjweb.services.user.GemwebCsrfAuthenticationProcessingFilter.attemptAuthentication(GemwebCsrfAuthenticationProcessingFilter.java:35)
    at 
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
    at 
nu.localhost.tapestry5.springsecurity.services.internal.HttpServletRequestFilterWrapper.service(HttpServletRequestFilterWrapper.java:52)
...
|



Le 15/07/2014 16:15, TNO a écrit :

Hello,
Is there anybody who already use tapestry-csrf-protection with Tapestry-Spring-Security ?
tapestry-csrf-protection works out of the box with t:form, but Tapestry-Spring-Security works with is a simple html form and uses the Spring HttpServletRequestFilter.
I'm using <input t:type="csrf/hidden"/> in the login form but I can't check the token value in the filters... 

Thanks for any help

Cheers, Thomas


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Reply via email to