Howdy !
I followed tynamo setup guide
(http://www.tynamo.org/tapestry-security+guide/) combined with
federated accounts example
(https://github.com/tynamo/tynamo-federatedaccounts). I believe I have
the setup hooked up correctly as my annotated page with
@RequiresRoles("administrator") is not intercepted by tynamo and a
login page appears. The problem I'm having is that when I enter valid
credentials tynamo is not authenticating. Below is my custom realm.
UserManagementDao is just an interface, but the implementation I'm
injecting is a simple in-memory hash map impl with a unit test
verifyinig it's correctness (in reality we're authenticating against
AWS IAM but I'm usinig mock to get things working initially). However,
I'm not sure if I'm constructing SimpleAuthenticationInfo correctly.
Another thing is that my passwords (for now) are clear text and I'm
not sure if by default Tynamo uses clear text comparison of if it
hashes the passwords.
Any help would be highly appreciated!
public class MyCustomRealm extends AuthorizingRealm {
private UserManagementDao dao;
public XappmCoreRealm(UserManagementDao dao) {
super(new MemoryConstrainedCacheManager());
setName("awsiamaccounts");
setAuthenticationTokenClass(UsernamePasswordToken.class);
//setCredentialsMatcher(new
HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME));
this.dao = dao;
}
@Override
protected AuthorizationInfo
doGetAuthorizationInfo(PrincipalCollection principals) {
if(principals == null) throw new
AuthorizationException(String.format("null %s! (should not happen)",
PrincipalCollection.class.getSimpleName()));
if(principals.isEmpty()) return null;
if(principals.fromRealm(getName()).size() <= 0) return null;
String username = (String)
principals.fromRealm(getName()).iterator().next();
if(username == null) return null;
List<XapGroup> groups = dao.getUserGroups(username);
Set<String> roles = new HashSet<>();
for(XapGroup group : groups) {
roles.add(group.getId());
}
return new SimpleAuthorizationInfo(roles);
}
@Override
protected AuthenticationInfo
doGetAuthenticationInfo(AuthenticationToken token) throws
AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String userName = upToken.getUsername();
if(userName == null) throw new AccountException("Null
usernames are not allowed by this realm.");
XapUser user = dao.getUser(userName);
if(user == null) return null;
// if (user.isAccountLocked()) { throw new
LockedAccountException("Account [" + username + "] is locked."); }
// if (user.isCredentialsExpired()) {
// String msg = "The credentials for account [" + username
+ "] are expired";
// throw new ExpiredCredentialsException(msg);
// }
String password = dao.getUserPassword(userName);
return new SimpleAuthenticationInfo(userName, password, getName());
}
}
Adam
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
