Many thanks Ben – I’ll give that a go. Cheers,
-- Niran Abeygunawardena Senior Technical Architect T +44(0)1223 271264 clarivate.com<https://clarivate.com/> From: Ben Weidig <b...@netzgut.net> Date: Wednesday, 15 January 2025 at 13:45 To: Tapestry users <users@tapestry.apache.org> Subject: Re: Override a class in CSRF protection module Hello, Off the top of my head, I'd say you're right that the problem originates from binding an implementation. In this case, the service isn't proxied and follows a different lifecycle. See: https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Ftapestry-5%2Fblob%2F82199021fa646a7ea4f7ccd7a7ea08cccb014b46%2Ftapestry-ioc%2Fsrc%2Fmain%2Fjava%2Forg%2Fapache%2Ftapestry5%2Fioc%2FServiceBinder.java%23L45&data=05%7C02%7CNiran.Abeygunawardena%40proquest.com%7C365982cbfdec47fdc00608dd356ad4c2%7C127fa96e00b4429e95f972c2828437a4%7C0%7C0%7C638725455148680132%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=iuZl4Olz%2FICoyuRxDc0r%2BeEqXO%2ByXdXvY3GVhb6eYdQ%3D&reserved=0<https://github.com/apache/tapestry-5/blob/82199021fa646a7ea4f7ccd7a7ea08cccb014b46/tapestry-ioc/src/main/java/org/apache/tapestry5/ioc/ServiceBinder.java#L45> A workaroud you could try would be blacklisting at.porscheinformatik.tapestry.csrfprotection.services.CsrfProtectionModule to auto-load, and create your own copy of it. There, you can remove the service binding and add a builder method instead: public static CsrfTokenManager buildCsrfTokenManager() { return new CustomCsrfTokenManager(...); } To blacklist a module, it needs to be present in the system property tapestry.manifest-modules-blacklist See: https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Ftapestry-5%2Fblob%2F82199021fa646a7ea4f7ccd7a7ea08cccb014b46%2Ftapestry-ioc%2Fsrc%2Fmain%2Fjava%2Forg%2Fapache%2Ftapestry5%2Fioc%2FIOCUtilities.java%23L60&data=05%7C02%7CNiran.Abeygunawardena%40proquest.com%7C365982cbfdec47fdc00608dd356ad4c2%7C127fa96e00b4429e95f972c2828437a4%7C0%7C0%7C638725455148706223%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=dfBWcZUKjMbxpskmqc65rSjYSIwd1ZEfDhrkql38Hmc%3D&reserved=0<https://github.com/apache/tapestry-5/blob/82199021fa646a7ea4f7ccd7a7ea08cccb014b46/tapestry-ioc/src/main/java/org/apache/tapestry5/ioc/IOCUtilities.java#L60> I only tested this approach with a tiny project with 2 services, not the actual Csrf project, so it might not work... Hope this workaround helps! Cheers Ben On Wed, Jan 15, 2025 at 12:18 PM Niran Abeygunawardena < niran.abeygunaward...@clarivate.com> wrote: > Hi, > > I am trying to override a third party class from the recommended CSRF > protection module for Tapestry: > https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fporscheinformatik%2Ftapestry-csrf-protection%2F&data=05%7C02%7CNiran.Abeygunawardena%40proquest.com%7C365982cbfdec47fdc00608dd356ad4c2%7C127fa96e00b4429e95f972c2828437a4%7C0%7C0%7C638725455148718423%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=VHQSL8W%2Fc9%2FZ8uyL6VBzOVsDohx04AtpRy8PWgS%2Fb%2Fc%3D&reserved=0<https://github.com/porscheinformatik/tapestry-csrf-protection/> > Specifically, I would like to just override a method checkToken from > CsrfTokenManager.java: > > https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fporscheinformatik%2Ftapestry-csrf-protection%2Fblob%2Fmaster%2Fsrc%2Fmain%2Fjava%2Fat%2Fporscheinformatik%2Ftapestry%2Fcsrfprotection%2Finternal%2FCsrfTokenManager.java%23L66&data=05%7C02%7CNiran.Abeygunawardena%40proquest.com%7C365982cbfdec47fdc00608dd356ad4c2%7C127fa96e00b4429e95f972c2828437a4%7C0%7C0%7C638725455148729946%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=BODIyrDqY002LXzGYmZfp7JuPMxv3THzUNw04LrTaPc%3D&reserved=0<https://github.com/porscheinformatik/tapestry-csrf-protection/blob/master/src/main/java/at/porscheinformatik/tapestry/csrfprotection/internal/CsrfTokenManager.java#L66> > > I tried to override the bind for CsrfTokenManager.class in > https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fporscheinformatik%2Ftapestry-csrf-protection%2Fblob%2Fmaster%2Fsrc%2Fmain%2Fjava%2Fat%2Fporscheinformatik%2Ftapestry%2Fcsrfprotection%2Fservices%2FCsrfProtectionModule.java&data=05%7C02%7CNiran.Abeygunawardena%40proquest.com%7C365982cbfdec47fdc00608dd356ad4c2%7C127fa96e00b4429e95f972c2828437a4%7C0%7C0%7C638725455148741694%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=%2B6cW67U7vqIzZEcyASRn6wRuEuReoryyADEhuqo6vHM%3D&reserved=0<https://github.com/porscheinformatik/tapestry-csrf-protection/blob/master/src/main/java/at/porscheinformatik/tapestry/csrfprotection/services/CsrfProtectionModule.java> > on my side but my overridden class is not being picked up as I think it is > just a class and not an interface so it can’t be overridden? > Is there any other workaround to override this third party class rather > than copying across all the other associated code in this module? > > > Thanks, > > -- > Niran Abeygunawardena > Senior Technical Architect > T +44(0)1223 271264 > Time zone: BST/GMT > > ProQuest > Part of Clarivate > about.proquest.com<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fabout.proquest.com%2Fen%2F&data=05%7C02%7CNiran.Abeygunawardena%40proquest.com%7C365982cbfdec47fdc00608dd356ad4c2%7C127fa96e00b4429e95f972c2828437a4%7C0%7C0%7C638725455148753489%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=RjrR0IlTbylBWbSCAwecStuPrZ0ulxpi1z4806FY2LA%3D&reserved=0<https://about.proquest.com/en/>> > clarivate.com<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fclarivate.com%2F&data=05%7C02%7CNiran.Abeygunawardena%40proquest.com%7C365982cbfdec47fdc00608dd356ad4c2%7C127fa96e00b4429e95f972c2828437a4%7C0%7C0%7C638725455148765034%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=pBSQut0K%2BS3%2BbR6GkEdAD4nXQHhHr0Snv5PVTdd25EU%3D&reserved=0<https://clarivate.com/>> > > Confidentiality note: This e-mail may contain confidential information > from Clarivate. If you are not the intended recipient, be aware that any > disclosure, copying, distribution or use of the contents of this e-mail is > strictly prohibited. If you have received this e-mail in error, please > delete this e-mail and notify the sender as soon as possible. > Confidentiality note: This e-mail may contain confidential information from Clarivate. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this e-mail is strictly prohibited. If you have received this e-mail in error, please delete this e-mail and notify the sender as soon as possible.
