Re: Wicket 7 + Spring Security 7
Hi, Thanks a lot for sharing this! Very useful! Regards, Pierre On Mon, Jan 9, 2017 at 9:43 PM, David Beer wrote: > Hi Martin/All > > I actually solved the problem late yesterday. The issue is around the way > in which spring security can be configured. There had been a lot of changes > between 3.1 and 4.2. Mainly around configuration, as I said earlier. It is > now advised also to use the configuration in the Java Code. However there > were a few defaults that don't get overridden in the java config but do > automatically in the XML definition, the main part being the way in which > error and login processing is handled. Spring Security will default to > process the login for you if you don't configure it correctly, which is why > the signin code was not get used. > > Which meant that error's were being handle by the spring security form > which is why I couldn't access them. I have now configured everything > properly and the example project shows how it needs to be configured. > > Thanks > > David > > On 9 January 2017 at 19:22, Martin Grigorov wrote: > > > Hi David, > > > > What exactly is hard ? > > What kind of errors you mean? > > > > Martin Grigorov > > Wicket Training and Consulting > > https://twitter.com/mtgrigorov > > > > On Fri, Jan 6, 2017 at 7:38 PM, David Beer > wrote: > > > > > Hi Martin > > > > > > Happy New Year. > > > > > > Thanks for this. I have managed to get Started and have a configuration > > > which indeed allows authenticated user to a specifc page. I can login > and > > > logout and it cleans the session, however I am having a hard time > getting > > > and displaying errors. > > > > > > My demo project is located on github here > > > https://github.com/dmbeer/wicket-7-spring-security/tree/master. I > > wondered > > > if could have a quick look and see if everything is correct and point > me > > in > > > the right direction for obtaining the error messages. > > > > > > Thanks > > > > > > David > > > > > > On 31 December 2016 at 06:12, Martin Grigorov < > martin.grigo...@gmail.com > > > > > > wrote: > > > > > > > Hi David, > > > > > > > > Latest Spring Security release is 4.1.4, there is no 7.x ;-) > > > > > > > > I cannot share my project but the integration is quite simple. > > > > > > > > 1) define the Spring config (with an impl of UserDetailsService!) > > > > 2) in your login logic (MyAuthenticatedWebSession#signin() or > > > > MyLoginForm#onSubmit()) use Spring AuthenticationService# > > > authenticate(new > > > > UsernamePasswordAuthenticationToken(username, password)) > > > > 3) if 2) is successful then you can use > > > > SecurityContextHolder.getContext().getUser() to get the User > returned > > by > > > > your UserDetailsService with its authorities, i.e. roles. You can use > > > them > > > > in Wicket's RolesAuthorizationStrategy > > > > 4) if 2) is not successful then Spring Security will throw very > > specific > > > > exception with the reason > > > > > > > > P.S. I am on my phone now, without access to the application code, so > > > some > > > > class/method names might be slightly wrong but I hope they are good > > > enough > > > > to get you going! > > > > > > > > Happy New Year! > > > > > > > > On Dec 30, 2016 8:23 PM, "David Beer" > wrote: > > > > > > > > > Hi All > > > > > > > > > > I am trying to add spring security to wicket 7. I have looked at > > > example > > > > > thomberges did but that doesn't really seem to work. If I comment > out > > > the > > > > > code in the SecureWebsession all still seems to authenticate > somehow. > > > > > > > > > > Is there an up to date project anyone has of integrating spring > > > security > > > > > with apache wicket? It would be really useful if a basic project > > could > > > be > > > > > shared. > > > > > > > > > > Thanks > > > > > David > > > > > > > > > > Happy New Year All > > > > > > > > > > > > > > > -- Je n'aime pas seulement ma vie, mais aussi celle des autres. (Blade Runner)
Re: Wicket 7 + Spring Security 7
Hi Martin/All I actually solved the problem late yesterday. The issue is around the way in which spring security can be configured. There had been a lot of changes between 3.1 and 4.2. Mainly around configuration, as I said earlier. It is now advised also to use the configuration in the Java Code. However there were a few defaults that don't get overridden in the java config but do automatically in the XML definition, the main part being the way in which error and login processing is handled. Spring Security will default to process the login for you if you don't configure it correctly, which is why the signin code was not get used. Which meant that error's were being handle by the spring security form which is why I couldn't access them. I have now configured everything properly and the example project shows how it needs to be configured. Thanks David On 9 January 2017 at 19:22, Martin Grigorov wrote: > Hi David, > > What exactly is hard ? > What kind of errors you mean? > > Martin Grigorov > Wicket Training and Consulting > https://twitter.com/mtgrigorov > > On Fri, Jan 6, 2017 at 7:38 PM, David Beer wrote: > > > Hi Martin > > > > Happy New Year. > > > > Thanks for this. I have managed to get Started and have a configuration > > which indeed allows authenticated user to a specifc page. I can login and > > logout and it cleans the session, however I am having a hard time getting > > and displaying errors. > > > > My demo project is located on github here > > https://github.com/dmbeer/wicket-7-spring-security/tree/master. I > wondered > > if could have a quick look and see if everything is correct and point me > in > > the right direction for obtaining the error messages. > > > > Thanks > > > > David > > > > On 31 December 2016 at 06:12, Martin Grigorov > > > wrote: > > > > > Hi David, > > > > > > Latest Spring Security release is 4.1.4, there is no 7.x ;-) > > > > > > I cannot share my project but the integration is quite simple. > > > > > > 1) define the Spring config (with an impl of UserDetailsService!) > > > 2) in your login logic (MyAuthenticatedWebSession#signin() or > > > MyLoginForm#onSubmit()) use Spring AuthenticationService# > > authenticate(new > > > UsernamePasswordAuthenticationToken(username, password)) > > > 3) if 2) is successful then you can use > > > SecurityContextHolder.getContext().getUser() to get the User returned > by > > > your UserDetailsService with its authorities, i.e. roles. You can use > > them > > > in Wicket's RolesAuthorizationStrategy > > > 4) if 2) is not successful then Spring Security will throw very > specific > > > exception with the reason > > > > > > P.S. I am on my phone now, without access to the application code, so > > some > > > class/method names might be slightly wrong but I hope they are good > > enough > > > to get you going! > > > > > > Happy New Year! > > > > > > On Dec 30, 2016 8:23 PM, "David Beer" wrote: > > > > > > > Hi All > > > > > > > > I am trying to add spring security to wicket 7. I have looked at > > example > > > > thomberges did but that doesn't really seem to work. If I comment out > > the > > > > code in the SecureWebsession all still seems to authenticate somehow. > > > > > > > > Is there an up to date project anyone has of integrating spring > > security > > > > with apache wicket? It would be really useful if a basic project > could > > be > > > > shared. > > > > > > > > Thanks > > > > David > > > > > > > > Happy New Year All > > > > > > > > > >
Re: Wicket 7 + Spring Security 7
Hi David, What exactly is hard ? What kind of errors you mean? Martin Grigorov Wicket Training and Consulting https://twitter.com/mtgrigorov On Fri, Jan 6, 2017 at 7:38 PM, David Beer wrote: > Hi Martin > > Happy New Year. > > Thanks for this. I have managed to get Started and have a configuration > which indeed allows authenticated user to a specifc page. I can login and > logout and it cleans the session, however I am having a hard time getting > and displaying errors. > > My demo project is located on github here > https://github.com/dmbeer/wicket-7-spring-security/tree/master. I wondered > if could have a quick look and see if everything is correct and point me in > the right direction for obtaining the error messages. > > Thanks > > David > > On 31 December 2016 at 06:12, Martin Grigorov > wrote: > > > Hi David, > > > > Latest Spring Security release is 4.1.4, there is no 7.x ;-) > > > > I cannot share my project but the integration is quite simple. > > > > 1) define the Spring config (with an impl of UserDetailsService!) > > 2) in your login logic (MyAuthenticatedWebSession#signin() or > > MyLoginForm#onSubmit()) use Spring AuthenticationService# > authenticate(new > > UsernamePasswordAuthenticationToken(username, password)) > > 3) if 2) is successful then you can use > > SecurityContextHolder.getContext().getUser() to get the User returned by > > your UserDetailsService with its authorities, i.e. roles. You can use > them > > in Wicket's RolesAuthorizationStrategy > > 4) if 2) is not successful then Spring Security will throw very specific > > exception with the reason > > > > P.S. I am on my phone now, without access to the application code, so > some > > class/method names might be slightly wrong but I hope they are good > enough > > to get you going! > > > > Happy New Year! > > > > On Dec 30, 2016 8:23 PM, "David Beer" wrote: > > > > > Hi All > > > > > > I am trying to add spring security to wicket 7. I have looked at > example > > > thomberges did but that doesn't really seem to work. If I comment out > the > > > code in the SecureWebsession all still seems to authenticate somehow. > > > > > > Is there an up to date project anyone has of integrating spring > security > > > with apache wicket? It would be really useful if a basic project could > be > > > shared. > > > > > > Thanks > > > David > > > > > > Happy New Year All > > > > > >
Re: Wicket 7 + Spring Security 7
Hi After more investigation, it seems that if you use Wicket 6 and Spring Security 3 all works as expected. However Wicket 7 and Spring Security 4 and you get the behaviour I am facing. Spring Security seems to take care of the whole login process. David On 6 January 2017 at 18:38, David Beer wrote: > Hi Martin > > Happy New Year. > > Thanks for this. I have managed to get Started and have a configuration > which indeed allows authenticated user to a specifc page. I can login and > logout and it cleans the session, however I am having a hard time getting > and displaying errors. > > My demo project is located on github here https://github.com/ > dmbeer/wicket-7-spring-security/tree/master. I wondered if could have a > quick look and see if everything is correct and point me in the right > direction for obtaining the error messages. > > Thanks > > David > > On 31 December 2016 at 06:12, Martin Grigorov > wrote: > >> Hi David, >> >> Latest Spring Security release is 4.1.4, there is no 7.x ;-) >> >> I cannot share my project but the integration is quite simple. >> >> 1) define the Spring config (with an impl of UserDetailsService!) >> 2) in your login logic (MyAuthenticatedWebSession#signin() or >> MyLoginForm#onSubmit()) use Spring AuthenticationService#authenticate(new >> UsernamePasswordAuthenticationToken(username, password)) >> 3) if 2) is successful then you can use >> SecurityContextHolder.getContext().getUser() to get the User returned by >> your UserDetailsService with its authorities, i.e. roles. You can use them >> in Wicket's RolesAuthorizationStrategy >> 4) if 2) is not successful then Spring Security will throw very specific >> exception with the reason >> >> P.S. I am on my phone now, without access to the application code, so some >> class/method names might be slightly wrong but I hope they are good enough >> to get you going! >> >> Happy New Year! >> >> On Dec 30, 2016 8:23 PM, "David Beer" wrote: >> >> > Hi All >> > >> > I am trying to add spring security to wicket 7. I have looked at example >> > thomberges did but that doesn't really seem to work. If I comment out >> the >> > code in the SecureWebsession all still seems to authenticate somehow. >> > >> > Is there an up to date project anyone has of integrating spring security >> > with apache wicket? It would be really useful if a basic project could >> be >> > shared. >> > >> > Thanks >> > David >> > >> > Happy New Year All >> > >> > >
Re: Wicket 7 + Spring Security 7
Hi Martin Happy New Year. Thanks for this. I have managed to get Started and have a configuration which indeed allows authenticated user to a specifc page. I can login and logout and it cleans the session, however I am having a hard time getting and displaying errors. My demo project is located on github here https://github.com/dmbeer/wicket-7-spring-security/tree/master. I wondered if could have a quick look and see if everything is correct and point me in the right direction for obtaining the error messages. Thanks David On 31 December 2016 at 06:12, Martin Grigorov wrote: > Hi David, > > Latest Spring Security release is 4.1.4, there is no 7.x ;-) > > I cannot share my project but the integration is quite simple. > > 1) define the Spring config (with an impl of UserDetailsService!) > 2) in your login logic (MyAuthenticatedWebSession#signin() or > MyLoginForm#onSubmit()) use Spring AuthenticationService#authenticate(new > UsernamePasswordAuthenticationToken(username, password)) > 3) if 2) is successful then you can use > SecurityContextHolder.getContext().getUser() to get the User returned by > your UserDetailsService with its authorities, i.e. roles. You can use them > in Wicket's RolesAuthorizationStrategy > 4) if 2) is not successful then Spring Security will throw very specific > exception with the reason > > P.S. I am on my phone now, without access to the application code, so some > class/method names might be slightly wrong but I hope they are good enough > to get you going! > > Happy New Year! > > On Dec 30, 2016 8:23 PM, "David Beer" wrote: > > > Hi All > > > > I am trying to add spring security to wicket 7. I have looked at example > > thomberges did but that doesn't really seem to work. If I comment out the > > code in the SecureWebsession all still seems to authenticate somehow. > > > > Is there an up to date project anyone has of integrating spring security > > with apache wicket? It would be really useful if a basic project could be > > shared. > > > > Thanks > > David > > > > Happy New Year All > > >
Re: Wicket 7 + Spring Security 7
Hi David, Latest Spring Security release is 4.1.4, there is no 7.x ;-) I cannot share my project but the integration is quite simple. 1) define the Spring config (with an impl of UserDetailsService!) 2) in your login logic (MyAuthenticatedWebSession#signin() or MyLoginForm#onSubmit()) use Spring AuthenticationService#authenticate(new UsernamePasswordAuthenticationToken(username, password)) 3) if 2) is successful then you can use SecurityContextHolder.getContext().getUser() to get the User returned by your UserDetailsService with its authorities, i.e. roles. You can use them in Wicket's RolesAuthorizationStrategy 4) if 2) is not successful then Spring Security will throw very specific exception with the reason P.S. I am on my phone now, without access to the application code, so some class/method names might be slightly wrong but I hope they are good enough to get you going! Happy New Year! On Dec 30, 2016 8:23 PM, "David Beer" wrote: > Hi All > > I am trying to add spring security to wicket 7. I have looked at example > thomberges did but that doesn't really seem to work. If I comment out the > code in the SecureWebsession all still seems to authenticate somehow. > > Is there an up to date project anyone has of integrating spring security > with apache wicket? It would be really useful if a basic project could be > shared. > > Thanks > David > > Happy New Year All >
Wicket 7 + Spring Security 7
Hi All I am trying to add spring security to wicket 7. I have looked at example thomberges did but that doesn't really seem to work. If I comment out the code in the SecureWebsession all still seems to authenticate somehow. Is there an up to date project anyone has of integrating spring security with apache wicket? It would be really useful if a basic project could be shared. Thanks David Happy New Year All