Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tapestry Wiki" for change notification.
The following page has been changed by UlrichStaerk: http://wiki.apache.org/tapestry/Tapestry5HowToSpringSecurityAndOpenId ------------------------------------------------------------------------------ Let's begin with the User and Role objects that implement the UserDetails and GrantedAuthority interfaces, respectively. These are used to store users and their roles in a local database using Hibernate. The User is a minimalistic implementation that only stores an id and a username. {{{ + #!java package org.mygroup.myapp.entities; import java.util.HashSet; @@ -129, +130 @@ }}} {{{ + #!java package org.mygroup.myapp.entities; import javax.persistence.Entity; @@ -218, +220 @@ Next, we need a UserDetailsService implementation, that finds users and their roles in our local database: {{{ + #!java package org.mygroup.myapp.services.impl; import java.util.HashSet; @@ -312, +315 @@ Setting up the OpenID authentication is done in two steps. First we need to add an AuthenticationProvider that provides OpenID authentication and contribute this to the ProviderManager service which is defined by the tapestry-spring-security module. The OpenIDAuthenticationProvider comes directly from Spring security and just has to be set up correctly. Basically it is some kind of wrapper around the UserDetailsService. The following code builds the UserDetailsService and the OpenIDAuthenticationProvider and contributes it to the ProviderManager service: {{{ + #!java public static UserDetailsService buildUserDetailsService(Logger logger, @InjectService("HibernateSessionManager") HibernateSessionManager session) @@ -345, +349 @@ The second part is to configure the filter that intercepts incoming OpenID authentication requests and delegates those to the respective services: {{{ + #!java public static OpenIDAuthenticationProcessingFilter buildRealOpenIDAuthenticationProcessingFilter( @SpringSecurityServices final AuthenticationManager manager, @@ -383, +388 @@ This filter then has to be contributed to the HttpServletRequestHandler pipeline. The order (before: and after:) is very important (don't get this wrong or nothing will work): {{{ + #!java public static void contributeHttpServletRequestHandler( OrderedConfiguration<HttpServletRequestFilter> configuration, @@ -403, +409 @@ And that's it. If you now secure your pages/methods with the @Secured annotation and provide a login page, you should be able to login with your OpenID. For the sake of completeness, here is the Login page and it's template: {{{ + #!java package org.yourgroup.yourapp.pages; import org.apache.tapestry5.ioc.annotations.Inject; --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
