There is a really nice example for this: http://sourceforge.net/projects/hispacta/
Hibernate, Spring, Acegi Security and Tapestry. I don't know if this will help you, but as far as I know, method based security is used. Best regards Gregor -----Urspr�ngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Olve Hansen Gesendet: Freitag, 20. Mai 2005 13:15 An: [email protected] Betreff: acegi security and tapestry Hi all, new to this list.. Just started using tapestry, and I really like what I see. Our project has decided to use tapestry and it is a relief compared to struts! How can I tell tapestry to leave some runtime exceptions as they were and let they trickle past the Exception page? I am using Tapestry 3.0.3. Is this possible, or perhaps only in Tapestry 4? I have just managed to hook acegi into tapestry, and it works well when using url based security filter. Given the urls Tapestry generates I opted for method based security interceptors instead, and here Tapestry gives me a challenge, as acegi uses a family of runtime exceptions for capturing insufficient privileges, and redirecting the user to a login page. For url-based security this works well, but for method based security, the exception is thrown behind the tapestry framework when I call a method on my spring managed service bean. Using AOP the method is never called, and a net.sf.acegisecurity.AuthenticationCredentialsNotFoundException is thrown. A securityEnforcmentFilter hooked into a FilterChainProxy is responsible for catching this exception and forwarding to the login page, but tapestry is too kind, and shows me the nice-looking exception page, and thus swallows the exception the securityEnforcmentFilter expects. I really hope someone can help me on this, as using method based security is a blessing, specially combined with java annotations. Now I this is sufficient to secure a method (and declarative transaction setup as well), from my UserManager interface; @SecurityConfig (value = {"ROLE_ADMIN"}) @Transactional (propagation = Propagation.SUPPORTS, readOnly = true) List getAdministrativeUsers() throws ServiceException; Here is the stacktrace (sorry about the garbled linex, posting though gmane, with 80 character limit): net.sf.acegisecurity.AuthenticationCredentialsNotFoundException A valid SecureContext was not provided in the RequestContext Stack Trace: * net.sf.acegisecurity.intercept.AbstractSecurityInterceptor. credentialsNotFound(AbstractSecurityInterceptor.java:477) * net.sf.acegisecurity.intercept.AbstractSecurityInterceptor. beforeInvocation(AbstractSecurityInterceptor.java:355) * net.sf.acegisecurity.intercept.method.aopalliance. MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77) * org.springframework.aop.framework.ReflectiveMethodInvocation. proceed(ReflectiveMethodInvocation.java:144) * org.springframework.aop.framework.JdkDynamicAopProxy. invoke(JdkDynamicAopProxy.java:174) * $Proxy7.getAdministrativeUsers(Unknown Source) * no.imb.bite.useradmin.web.UserCollectionPage. buildListEditMap(UserCollectionPage.java:55) * no.imb.bite.useradmin.web.UserCollectionPage. pageBeginRender(UserCollectionPage.java:81) * org.apache.tapestry.AbstractPage. firePageBeginRender(AbstractPage.java:463) * org.apache.tapestry.AbstractPage. renderPage(AbstractPage.java:293) * org.apache.tapestry.engine.RequestCycle. renderPage(RequestCycle.java:368) * org.apache.tapestry.engine.AbstractEngine. renderResponse(AbstractEngine.java:749) * org.apache.tapestry.engine.PageService.service(PageService.java:77) * org.apache.tapestry.engine.AbstractEngine.service(AbstractEngine.java:889) * org.apache.tapestry.ApplicationServlet. doService(ApplicationServlet.java:198) * org.apache.tapestry.ApplicationServlet.doGet(ApplicationServlet.java:159) * javax.servlet.http.HttpServlet.service(HttpServlet.java:689) * javax.servlet.http.HttpServlet.service(HttpServlet.java:802) * org.apache.catalina.core.ApplicationFilterChain. internalDoFilter(ApplicationFilterChain.java:237) * org.apache.catalina.core.ApplicationFilterChain. doFilter(ApplicationFilterChain.java:157) * net.sf.acegisecurity.util.FilterChainProxy. doFilter(FilterChainProxy.java:167) * net.sf.acegisecurity.util.FilterToBeanProxy. doFilter(FilterToBeanProxy.java:125) * org.apache.catalina.core.ApplicationFilterChain. internalDoFilter(ApplicationFilterChain.java:186) * org.apache.catalina.core.ApplicationFilterChain. doFilter(ApplicationFilterChain.java:157) * org.springframework.orm.hibernate.support.OpenSessionInViewFilter. doFilterInternal(OpenSessionInViewFilter.java:172) * org.springframework.web.filter.OncePerRequestFilter. doFilter(OncePerRequestFilter.java:76) * org.apache.catalina.core.ApplicationFilterChain. internalDoFilter(ApplicationFilterChain.java:186) * org.apache.catalina.core.ApplicationFilterChain. doFilter(ApplicationFilterChain.java:157) * org.apache.catalina.core.StandardWrapperValve. invoke(StandardWrapperValve.java:214) * org.apache.catalina.core.StandardContextValve. invoke(StandardContextValve.java:178) * org.apache.catalina.valves.AccessLogValve. invoke(AccessLogValve.java:526) * org.apache.catalina.core.StandardHostValve. invoke(StandardHostValve.java:126) * org.apache.catalina.cluster.tcp.ReplicationValve. invoke(ReplicationValve.java:129) * org.apache.catalina.valves.ErrorReportValve. invoke(ErrorReportValve.java:105) * org.apache.catalina.core.StandardEngineValve. invoke(StandardEngineValve.java:107) * org.apache.catalina.connector.CoyoteAdapter. service(CoyoteAdapter.java:148) * org.apache.coyote.http11.Http11Processor. process(Http11Processor.java:825) * org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler. processConnection(Http11Protocol.java:731) * org.apache.tomcat.util.net.PoolTcpEndpoint. processSocket(PoolTcpEndpoint.java:526) * org.apache.tomcat.util.net.LeaderFollowerWorkerThread. runIt(LeaderFollowerWorkerThread.java:80) * org.apache.tomcat.util.threads.ThreadPool$ControlRunnable. run(ThreadPool.java:684) * java.lang.Thread.run(Thread.java:595) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
