Hello, Off the top of my head, I'd say you're right that the problem originates from binding an implementation. In this case, the service isn't proxied and follows a different lifecycle.
See: https://github.com/apache/tapestry-5/blob/82199021fa646a7ea4f7ccd7a7ea08cccb014b46/tapestry-ioc/src/main/java/org/apache/tapestry5/ioc/ServiceBinder.java#L45 A workaroud you could try would be blacklisting at.porscheinformatik.tapestry.csrfprotection.services.CsrfProtectionModule to auto-load, and create your own copy of it. There, you can remove the service binding and add a builder method instead: public static CsrfTokenManager buildCsrfTokenManager() { return new CustomCsrfTokenManager(...); } To blacklist a module, it needs to be present in the system property tapestry.manifest-modules-blacklist See: https://github.com/apache/tapestry-5/blob/82199021fa646a7ea4f7ccd7a7ea08cccb014b46/tapestry-ioc/src/main/java/org/apache/tapestry5/ioc/IOCUtilities.java#L60 I only tested this approach with a tiny project with 2 services, not the actual Csrf project, so it might not work... Hope this workaround helps! Cheers Ben On Wed, Jan 15, 2025 at 12:18 PM Niran Abeygunawardena < niran.abeygunaward...@clarivate.com> wrote: > Hi, > > I am trying to override a third party class from the recommended CSRF > protection module for Tapestry: > https://github.com/porscheinformatik/tapestry-csrf-protection/ > Specifically, I would like to just override a method checkToken from > CsrfTokenManager.java: > > https://github.com/porscheinformatik/tapestry-csrf-protection/blob/master/src/main/java/at/porscheinformatik/tapestry/csrfprotection/internal/CsrfTokenManager.java#L66 > > I tried to override the bind for CsrfTokenManager.class in > https://github.com/porscheinformatik/tapestry-csrf-protection/blob/master/src/main/java/at/porscheinformatik/tapestry/csrfprotection/services/CsrfProtectionModule.java > on my side but my overridden class is not being picked up as I think it is > just a class and not an interface so it can’t be overridden? > Is there any other workaround to override this third party class rather > than copying across all the other associated code in this module? > > > Thanks, > > -- > Niran Abeygunawardena > Senior Technical Architect > T +44(0)1223 271264 > Time zone: BST/GMT > > ProQuest > Part of Clarivate > about.proquest.com<https://about.proquest.com/en/> > clarivate.com<https://clarivate.com/> > > Confidentiality note: This e-mail may contain confidential information > from Clarivate. If you are not the intended recipient, be aware that any > disclosure, copying, distribution or use of the contents of this e-mail is > strictly prohibited. If you have received this e-mail in error, please > delete this e-mail and notify the sender as soon as possible. >
