Youre correct, the HttpServletRequest and HttpServletResponse are not available. This was a design decision made by tapestry-offline. I guess I could make this pluggable.
But the Request and Response tapestry wrappers ARE available. Also, the ApplicationStateManager is available. I felt that these are adequate and tapestry users should never need the raw http objects. Can you make do with the Request and Response tapestry wrappers? Do you actually need the raw http objects? Or just properties from it? If not you could always create a proxy (not ideal I know). On 9 Sep 2014 12:31, "Semen Vishniakov" <vishnyako...@gmail.com> wrote: > >So it sounds like you'll need to contribute a ComponentRequestFilter. > Make sure you order it "before:" the tynamo filter. > > Yes, this is the right place, but I don't have HttpServletRequest and > HttpServletResponse and I can't initialize security subject like here: > > https://github.com/tynamo/tapestry-security/blob/master/src/main/java/org/tynamo/security/services/impl/SecurityConfiguration.java#L51 > > I've tried to make something like this: > > ThreadContext.bind(securityManager); > Subject subject = SecurityUtils.getSubject(); > subject.login(new UsernamePasswordToken("default", "default", true)); > //this user exists > handler.handleComponentEvent(parameters); > > But it causes another exception: > > java.util.concurrent.ExecutionException: > org.apache.shiro.authz.UnauthenticatedException: This subject is > anonymous - it does not have any identifying principals and > authorization operations require an identity to check against. A > Subject instance will acquire these identifying principals > automatically after a successful login is performed be executing > org.apache.shiro.subject.Subject.login(AuthenticationToken) or when > 'Remember Me' functionality is enabled by the SecurityManager. This > exception can also occur when a previously logged-in Subject has > logged out which makes it anonymous again. Because an identity is > currently not known due to any of these conditions, authorization is > denied. > at java.util.concurrent.FutureTask.report(FutureTask.java:122) > at java.util.concurrent.FutureTask.get(FutureTask.java:188) > at > org.lazan.t5.offline.services.internal.OfflineComponentRendererImpl$1.get(OfflineComponentRendererImpl.java:84) > at > org.lazan.t5.offline.services.internal.OfflineComponentRendererImpl$1.get(OfflineComponentRendererImpl.java:79) > at > org.lazan.t5.atmosphere.services.internal.PerRequestBroadcastFilterImpl.filter(PerRequestBroadcastFilterImpl.java:59) > at org.atmosphere.cpr.BroadcasterConfig.filter(BroadcasterConfig.java:483) > at > org.atmosphere.cpr.DefaultBroadcaster.perRequestFilter(DefaultBroadcaster.java:850) > at > org.atmosphere.cpr.DefaultBroadcaster.deliverPush(DefaultBroadcaster.java:740) > at org.atmosphere.cpr.DefaultBroadcaster.push(DefaultBroadcaster.java:646) > at org.atmosphere.cpr.DefaultBroadcaster$2.run(DefaultBroadcaster.java:504) > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) > at java.util.concurrent.FutureTask.run(FutureTask.java:262) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:744) > Caused by: org.apache.shiro.authz.UnauthenticatedException: This > subject is anonymous - it does not have any identifying principals and > authorization operations require an identity to check against. A > Subject instance will acquire these identifying principals > automatically after a successful login is performed be executing > org.apache.shiro.subject.Subject.login(AuthenticationToken) or when > 'Remember Me' functionality is enabled by the SecurityManager. This > exception can also occur when a previously logged-in Subject has > logged out which makes it anonymous again. Because an identity is > currently not known due to any of these conditions, authorization is > denied. > at > org.apache.shiro.subject.support.DelegatingSubject.assertAuthzCheckPossible(DelegatingSubject.java:200) > at > org.apache.shiro.subject.support.DelegatingSubject.checkPermission(DelegatingSubject.java:205) > at > org.apache.shiro.authz.aop.PermissionAnnotationHandler.assertAuthorized(PermissionAnnotationHandler.java:74) > at > org.tynamo.shiro.extension.authz.aop.DefaultSecurityInterceptor.intercept(DefaultSecurityInterceptor.java:81) > at > org.tynamo.security.SecurityComponentRequestFilter.checkInternal(SecurityComponentRequestFilter.java:67) > at > org.tynamo.security.SecurityComponentRequestFilter.handleComponentEvent(SecurityComponentRequestFilter.java:40) > at $ComponentRequestHandler_13b5b7fdc25.handleComponentEvent(Unknown > Source) > at > org.apache.tapestry5.services.InitializeActivePageName.handleComponentEvent(InitializeActivePageName.java:39) > at $ComponentRequestHandler_13b5b7fdc25.handleComponentEvent(Unknown > Source) > at > org.lazan.t5.atmosphere.services.internal.PageGlobalsComponentRequestFilter.handleComponentEvent(PageGlobalsComponentRequestFilter.java:22) > at $ComponentRequestHandler_13b5b7fdc25.handleComponentEvent(Unknown > Source) > at > de.betterbits.comp.services.OfflineRendererRequestFilter.handleComponentEvent(OfflineRendererRequestFilter.java:45) > at $ComponentRequestFilter_13b5b7fdc20.handleComponentEvent(Unknown Source) > at $ComponentRequestHandler_13b5b7fdc25.handleComponentEvent(Unknown > Source) > at > $ComponentRequestHandler_13b5b7fdc29.advised$handleComponentEvent_13b5b7fdc2b(Unknown > Source) > at > $ComponentRequestHandler_13b5b7fdc29$Invocation_handleComponentEvent_13b5b7fdc2a.proceedToAdvisedMethod(Unknown > Source) > at > org.apache.tapestry5.internal.plastic.AbstractMethodInvocation.proceed(AbstractMethodInvocation.java:84) > at > org.apache.tapestry5.ioc.internal.util.InternalUtils$21$1.proceed(InternalUtils.java:1386) > at > org.tynamo.conversations.services.RequestHandlerDecoratorImpl$1.advise(RequestHandlerDecoratorImpl.java:26) > at > org.apache.tapestry5.ioc.internal.util.InternalUtils$21.advise(InternalUtils.java:1455) > at > org.apache.tapestry5.internal.plastic.AbstractMethodInvocation.proceed(AbstractMethodInvocation.java:86) > at $ComponentRequestHandler_13b5b7fdc29.handleComponentEvent(Unknown > Source) > at $ComponentRequestHandler_13b5b7fdbed.handleComponentEvent(Unknown > Source) > at > org.lazan.t5.offline.services.internal.OfflineComponentRendererImpl$2.invoke(OfflineComponentRendererImpl.java:126) > at > org.apache.tapestry5.ioc.internal.services.ParallelExecutorImpl$1.call(ParallelExecutorImpl.java:58) > ... 4 more > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >
