The answer to your question is no as far as I remember but the way I logon
using acegi is:
In the html template I use:
for the form:
<form id="loginForm" action="j_acegi_security_check" method="post">
and for the user name:
<input type="text" name="j_username" size="20"/>
and for the password:
<input type="password" name="j_password" size="20"/>
and submit the form with:
<input type="submit" jwcid="@Any" value="LogIn"/>
This form is then handled by the acegi filter in web.xml
In my java page I have:
protected void prepareForRender(IRequestCycle cycle) {
super.prepareForRender(cycle);
try {
//
if(cycle.getRequestContext().getSession().getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)
!= null) {
// setDisplayError(true);
//
cycle.getRequestContext().getSession().setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY,
null);
// try {
// Thread.sleep(SECURITY_DELAY);
// } catch (InterruptedException e) {}
// }
if(getRequest().getSession(Boolean.FALSE.booleanValue()).getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY)
!= null) {
setDisplayError(true);
getRequest().getSession(Boolean.FALSE.booleanValue()).setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY,
null);
try {
Thread.sleep(SECURITY_DELAY);
} catch (InterruptedException e) {}
}
}
catch (NullPointerException e) {
// this occurs when the session has been invalidated when user
logs off see method logout
}
}
To check if the acegi log in failed. The section commented out here is for
Tapestry 3.0.3. The section not commented out is to Tapestry 4.0 which also
requires:
<inject property="request" object="service:tapestry.globals.WebRequest"; />
in the .page file and:
// injected in from tapestry framework to get the request
private WebRequest request;
public void setRequest(WebRequest request) {
this.request = request;
}
public WebRequest getRequest() {
return request;
}
in the java page file.
This all seems to work fine. I have not included any of my acegi / spring
information but I can if you are still having problems.
Hope this helps
Paul
[EMAIL PROTECTED] wrote:
Hi Seloha,
Thanks for the response. In my attempts to use ACEGI security, I have
run into a problem where on the first request, ACEGI will perform
authentication but not create an HttpSession object. However, my
tapestry application depends on the SecureContext object being stored
in the HttpSession in order to extract the authentication information
like userName. After tapestry creates the session and throws an
exception, ACEGI then populates the session with the appropriate
object. Have you experienced this problem? If so, how did you get
around it.
Thanks,
Anthony
On 6/28/05, seloha . <[EMAIL PROTECTED]> wrote:
I have had similar problems trying to logout whilst using acegi. The
mechanism I now use that seems to work fine was suggested on this list,
involves redirecting to a jsp page to let that invalidate the session.
In your html template:
<a href="logout.jsp" jwcid="logout" >Logout</a>
In your .page:
<component id="logout" type="Any">
<binding name="href" value="page.engine.contextPath + '/logout.jsp'"/>
</component>
In the root directory of your app create a logout.jsp with the following
content:
<%
session.invalidate();
response.sendRedirect( "app");
%>
This should hopefully work,
Paul
Anthony Fox <[EMAIL PROTECTED]> wrote:
My application uses ACEGI x509 authentication. I have implemented a
logout link that calls a listener which does the following:
public void logout(IRequestCycle cycle) {
try {
((Visit)getVisit()).logout();
IEngineServiceView engineView =
(IEngineServiceView)getEngine();
engineView.restart(cycle);
cycle.activate("Home");
} catch (Exception e) {
throw new ApplicationRuntimeException(e);
}
}
When the browser is redirected to the "Home" page, I would expect a
new session to be created and the authentication process to occur.
However, I am not seeing the authentication process occur at all.
Rather, my Visit object attempts to initialize and there is no
SecureContext in the HttpSession.
Has anyone had similar experiences? Is there something I am doing wrong?
Thanks,
Anthony
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
