Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tapestry Wiki" for change notification.
The following page has been changed by UlrichStaerk: http://wiki.apache.org/tapestry/Tapestry5HowToSpringSecurityAndOpenId ------------------------------------------------------------------------------ That's it. The rest is setting this all up in your AppModule. = Tying it together = + Setting up the OpenID authentication is done in two steps. First we need to add an AuthenticationProvider that provides OpenID authentication and contribute this to the ProviderManager service which is defined by the tapestry-spring-security module. The OpenIDAuthenticationProvider comes directly from Spring security and just has to be set up correctly. Basically it is some kind of wrapper around the UserDetailsService. The following code builds the UserDetailsService and the OpenIDAuthenticationProvider and contributes it to the ProviderManager service: + {{{ + public static UserDetailsService buildUserDetailsService(Logger logger, + @InjectService("HibernateSessionManager") + HibernateSessionManager session) + { + return new UserDetailsServiceImpl(session, logger); + } + + public static OpenIDAuthenticationProvider buildOpenIDAuthenticationProvider( + @InjectService("UserDetailsService") + UserDetailsService userDetailsService) throws Exception + { + OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider(); + + provider.setUserDetailsService(userDetailsService); + + provider.afterPropertiesSet(); + + return provider; + } + + public static void contributeProviderManager( + OrderedConfiguration<AuthenticationProvider> configuration, + + @InjectService("OpenIDAuthenticationProvider") + AuthenticationProvider openIdAuthenticationProvider) + { + configuration.add("openIDAuthenticationProvider", openIdAuthenticationProvider); + } + }}} + + The second part is to configure the filter that intercepts incoming OpenID authentication requests and delegates those to the respective services: + + {{{ + public static OpenIDAuthenticationProcessingFilter buildRealOpenIDAuthenticationProcessingFilter( + @SpringSecurityServices final AuthenticationManager manager, + + @SpringSecurityServices final RememberMeServices rememberMeServices, + + @Inject @Value("${spring-security.check.url}") final String authUrl, + + @Inject @Value("${spring-security.target.url}") final String targetUrl, + + @Inject @Value("${spring-security.failure.url}") final String failureUrl) throws Exception + { + OpenIDAuthenticationProcessingFilter filter = new OpenIDAuthenticationProcessingFilter(); + + filter.setAuthenticationManager(manager); + + filter.setAuthenticationFailureUrl(failureUrl); + + filter.setDefaultTargetUrl(targetUrl); + + filter.setFilterProcessesUrl(authUrl); + + filter.setRememberMeServices(rememberMeServices); + + filter.afterPropertiesSet(); + + return filter; + } + + public static HttpServletRequestFilter buildOpenIDAuthenticationProcessingFilter( + final OpenIDAuthenticationProcessingFilter filter) + { + return new HttpServletRequestFilterWrapper(filter); + } + }}} + + This filter then has to be contributed to the HttpServletRequestHandler pipeline. The order (before: and after:) is very important (don't get this wrong or nothing will work): + + {{{ + public static void contributeHttpServletRequestHandler( + OrderedConfiguration<HttpServletRequestFilter> configuration, + + @InjectService("OpenIDAuthenticationProcessingFilter") + HttpServletRequestFilter openIDAuthenticationProcessingFilter) + { + configuration.add( + "openIDAuthenticationProcessingFilter", + + openIDAuthenticationProcessingFilter, + + "before:springSecurityAuthenticationProcessingFilter", + + "after:springSecurityHttpSessionContextIntegrationFilter"); + } + }}} + + And that's it. If you now secure your pages/methods with the @Secured annotation and provide a login page, you should be able to login with your OpenID. For the sake of completeness, here is the Login page and it's template: + + {{{ + package org.yourgroup.yourapp.pages; + + import org.apache.tapestry5.ioc.annotations.Inject; + import org.apache.tapestry5.ioc.annotations.Value; + import org.apache.tapestry5.services.Request; + + /** + * The login page (adapted from the tapestry-spring-security project). + * + * @author Ulrich Stärk + */ + public class LoginPage + { + @Inject + @Value("${spring-security.check.url}") + private String checkUrl; + + @Inject + private Request request; + + private boolean failed = false; + + public boolean isFailed() + { + return failed; + } + + public String getLoginCheckUrl() + { + return request.getContextPath() + checkUrl; + } + + void onActivate(String extra) + { + if (extra.equals("failed")) + { + failed = true; + } + } + + } + }}} + + LoginPage.tml: + {{{ + <html t:type="layout" xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd";> + <form xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd"; action="${loginCheckUrl}" method="POST"> + <t:if test="failed">Username and/or password was wrong!<br /></t:if> + <label class="username" for="j_username">Username:</label> + <input class="username" name="j_username" type="text" size="30"/> + <input id="submit" class="submit" type="submit" value="log in"/> + </form> + </html> + }}} + --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
