I think I found the problem. I replaced the filters order. First order - Apache Ki filter Second order - Wicket Filter
now It works ! Great. 2009/5/13 Altuğ B. Altıntaş <[email protected]> > Hi Les; > Yes i 've already defined the filter, my complete web.xml file : > > > <?xml version="1.0" encoding="UTF-8"?> > <!DOCTYPE web-app > PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" > "http://java.sun.com/dtd/web-app_2_3.dtd";> > > <web-app> > <display-name>Dodod</display-name> > <filter> > <filter-name>DododUrl</filter-name> > > <filter-class>org.apache.wicket.protocol.http.WicketFilter</filter-class> > <init-param> > <param-name>applicationClassName</param-name> > <param-value>com.dodod.web.DododUygulamasi</param-value> > </init-param> > </filter> > > <filter> > <filter-name>KiFilter</filter-name> > <filter-class>org.apache.ki.web.servlet.KiFilter</filter-class> > <init-param> > <param-name>config</param-name> > <param-value> > > # The KiFilter configuration is very powerful and flexible, > while still remaining succinct. > # Please read the comprehensive example, with full comments > and explanations, in the JavaDoc: > # > # > http://ki.apache.org/api/org/apache/ki/web/servlet/KiFilter.html > > [main] > > myRealm = com.dodod.security.MyRealm > > [filters] > ki.loginUrl = /login > authc.successUrl = / > > [urls] > # The /login.jsp is not restricted to authenticated users > (otherwise no one could log in!), but > # the 'authc' filter must still be specified for it so it > can process that url's > # login submissions. It is 'smart' enough to allow those > requests through as specified by the > # ki.loginUrl above. > /login = authcBasic > > > </param-value> > </init-param> > </filter> > > > > <filter-mapping> > <filter-name>DodoUrl</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > <filter-mapping> > <filter-name>KiFilter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > > </web-app> > > > > > > > The same exception occurs : > > Caused by: java.lang.IllegalStateException: No SecurityManager accessible > to this method, either bound to the org.apache.ki.util.ThreadContext or as a > vm static singleton. See the org.apache.ki.SecurityUtils.getSubject() > method JavaDoc for an explanation of expected environment configuration. > at org.apache.ki.SecurityUtils.getSubject(SecurityUtils.java:79) > > jar files that i am using > > ki-core-1.0-incubating-SNAPSHOT.jar > ki-web-1.0-incubating-SNAPSHOT.jar > commons-logging-1.0.3.jar > commons-beanutils-1.7.0.jar > > Thanks. > > 2009/5/13 Les Hazlewood <[email protected]> > > Hi Altuğ, >> >> You don't need the two lines defining the SecurityManager - that is done >> by default. >> >> Other than that, this looks ok. Did you ensure that you set up a filter >> mapping to ensure the Filter intercepts that url (or set of urls)? >> >> For example: >> >> <filter-mapping> >> <filter-name>KiFilter</filter-name> >> <url-pattern>/*</url-pattern> >> </filter-mapping> >> >> Cheers, >> >> Les >> >> >> On Wed, May 13, 2009 at 7:09 AM, Altuğ B. Altıntaş <[email protected]>wrote: >> >>> Hi all; >>> I am using wicket and i need a security framework at that point Apache >>> ki seems ok to me. >>> >>> First i am getting this error message : >>> >>> No SecurityManager accessible to this method, either bound to the >>> org.apache.ki.util.ThreadContext or as a vm static singleton. See the >>> org.apache.ki.SecurityUtils.getSubject() method JavaDoc for an explanation >>> of expected environment configuration. >>> >>> When i do this : >>> >>> UsernamePasswordToken token = new UsernamePasswordToken(email , >>> password); >>> token.setRememberMe(true); >>> >>> Subject currentUser = SecurityUtils.getSubject(); >>> try { >>> currentUser.login(token); // throws above exception >>> catch(....) { >>> ..... >>> } >>> >>> Here is my web.xml >>> >>> <filter> >>> <filter-name>KiFilter</filter-name> >>> <filter-class>org.apache.ki.web.servlet.KiFilter</filter-class> >>> <init-param> >>> <param-name>config</param-name> >>> <param-value> >>> securityManager = >>> org.apache.ki.web.DefaultWebSecurityManager >>> >>> securityManager.sessionMode = http >>> # The KiFilter configuration is very powerful and >>> flexible, while still remaining succinct. >>> # Please read the comprehensive example, with full >>> comments and explanations, in the JavaDoc: >>> # >>> # >>> http://ki.apache.org/api/org/apache/ki/web/servlet/KiFilter.html >>> >>> [main] >>> >>> myRealm = com.dodod.security.MyRealm >>> >>> [filters] >>> ki.loginUrl = /login >>> authc.successUrl = / >>> >>> [urls] >>> # The /login.jsp is not restricted to authenticated users >>> (otherwise no one could log in!), but >>> # the 'authc' filter must still be specified for it so it >>> can process that url's >>> # login submissions. It is 'smart' enough to allow those >>> requests through as specified by the >>> # ki.loginUrl above. >>> /login= authcBasic >>> >>> >>> </param-value> >>> </init-param> >>> </filter> >>> >>> I wrote my own com.dodod.security.MyRealm class which >>> extends AuthorizingRealm and overrides doGetAuthenticationInfo >>> and doGetAuthorizationInfo methods. >>> >>> What is wrong ? >>> >>> Thanks. >>> >>> -- >>> Altuğ. >>> >> >> > > > -- > Altuğ. > -- Altuğ.
