Hello, everyone!
On Wed, Jan 15, 2025 at 10:45 AM Ben Weidig <b...@netzgut.net> wrote:
> Off the top of my head, I'd say you're right that the problem originates
> from binding an implementation. In this case, the service isn't proxied and
> follows a different lifecycle.
>
Hmm, I wouldn't say Tapestry-IoC as a different lifecycle for services
defined by concrete classes. You just cannot proxy/advise them. On the
other hand, you should be able to override that service using a
contribution to ServiceOverride or, if that doesn't work (sometimes it
causes circular dependencies), you can decorate the existing service with a
Tapestry-IoC override method. Example not tested to be added to your
AppModule or any other Tapestry-IoC module class
public static CsrfTokenManager decorateCsrfTokenManager(CsrfTokenManager
original) {
return new CustomCsrfTokenManager(...);
}
No need for copying sources nor blacklisting modules that way. :)
Cheers!
>
> See:
>
> https://github.com/apache/tapestry-5/blob/82199021fa646a7ea4f7ccd7a7ea08cccb014b46/tapestry-ioc/src/main/java/org/apache/tapestry5/ioc/ServiceBinder.java#L45
>
> A workaroud you could try would be blacklisting
> at.porscheinformatik.tapestry.csrfprotection.services.CsrfProtectionModule
> to auto-load, and create your own copy of it.
>
> There, you can remove the service binding and add a builder method instead:
>
> public static CsrfTokenManager buildCsrfTokenManager() {
> return new CustomCsrfTokenManager(...);
> }
>
> To blacklist a module, it needs to be present in the system property
> tapestry.manifest-modules-blacklist
>
> See:
>
> https://github.com/apache/tapestry-5/blob/82199021fa646a7ea4f7ccd7a7ea08cccb014b46/tapestry-ioc/src/main/java/org/apache/tapestry5/ioc/IOCUtilities.java#L60
>
> I only tested this approach with a tiny project with 2 services, not the
> actual Csrf project, so it might not work...
> Hope this workaround helps!
>
> Cheers
> Ben
>
> On Wed, Jan 15, 2025 at 12:18 PM Niran Abeygunawardena <
> niran.abeygunaward...@clarivate.com> wrote:
>
> > Hi,
> >
> > I am trying to override a third party class from the recommended CSRF
> > protection module for Tapestry:
> > https://github.com/porscheinformatik/tapestry-csrf-protection/
> > Specifically, I would like to just override a method checkToken from
> > CsrfTokenManager.java:
> >
> >
> https://github.com/porscheinformatik/tapestry-csrf-protection/blob/master/src/main/java/at/porscheinformatik/tapestry/csrfprotection/internal/CsrfTokenManager.java#L66
> >
> > I tried to override the bind for CsrfTokenManager.class in
> >
> https://github.com/porscheinformatik/tapestry-csrf-protection/blob/master/src/main/java/at/porscheinformatik/tapestry/csrfprotection/services/CsrfProtectionModule.java
> > on my side but my overridden class is not being picked up as I think it
> is
> > just a class and not an interface so it can’t be overridden?
> > Is there any other workaround to override this third party class rather
> > than copying across all the other associated code in this module?
> >
> >
> > Thanks,
> >
> > --
> > Niran Abeygunawardena
> > Senior Technical Architect
> > T +44(0)1223 271264
> > Time zone: BST/GMT
> >
> > ProQuest
> > Part of Clarivate
> > about.proquest.com<https://about.proquest.com/en/>
> > clarivate.com<https://clarivate.com/>
> >
> > Confidentiality note: This e-mail may contain confidential information
> > from Clarivate. If you are not the intended recipient, be aware that any
> > disclosure, copying, distribution or use of the contents of this e-mail
> is
> > strictly prohibited. If you have received this e-mail in error, please
> > delete this e-mail and notify the sender as soon as possible.
> >
>
--
Thiago H. de Paula Figueiredo
Software developer/engineer
Apache Tapestry consultant, committer and project management committee
member
You can sponsor my work on Tapestry at
https://github.com/sponsors/machina-br
