Actually, there are two problems. In the configuration for tapestry5-acegi and presumably spring security, there is an AnonymousAuthenticationProvider.
I think that should be omitted by default, but right now it will fill in the Authentication object if your regular authentication fails. Either omit it, or change the test to fail for the AnonymousAuthnticationToken. > -----Original Message----- > From: Ulrich Stärk [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 07, 2008 17:14 > To: Tapestry users > Subject: Re: tapestry-spring-security and openid > > Thanks Jonathan, but this not the root cause. The Authentication object > stored in the > SecurityContext is an AnonymousAuthenticationToken instead of an > OpenIDAuthenticationToken. That > tells me that somehow the Authentication doesn't get stored... > > Uli > > Jonathan Barker schrieb: > > I'm assuming this hasn't changed since tapestry5-acegi. The IfLoggedIn > > component uses the following test: > > > > private boolean test() { > > Principal principal = > > requestGlobals.getHTTPServletRequest().getUserPrincipal(); > > return principal != null && principal.getName() != ""; > > } > > > > Unfortunately, you really need to have a test based on the > SecurityContext: > > > > Authentication currentAuth = null; > > currentAuth = > > SecurityContextHolder.getContext().getAuthentication(); > > return (currentAuth !=null) > > > > > > Either that, or you need to populate the UserPrincipal in the > HttpSession. > > > > Jonathan > > > > > > > >> -----Original Message----- > >> From: Ulrich Stärk [mailto:[EMAIL PROTECTED] > >> Sent: Tuesday, October 07, 2008 16:38 > >> To: Tapestry users > >> Subject: tapestry-spring-security and openid > >> > >> Hi, > >> > >> I'm trying to authenticate my users against an openid provider. Spring > >> security provides an > >> OpenIDAuthenticationProcessingFilter and an > OpenIDAuthenticationProvider > >> for this purpose. I set up > >> the filter and the provider and contributed them to the > >> HttpServletRequestHandler service and the > >> ProviderManager service. Additionally I've got an UserDetailsService, > that > >> queries a database for > >> the user's role (or throws an exception if the user is not allowed to > log > >> in). > >> > >> Logging in works fine and I get redirected to ${spring- > >> security.target.url} afterwards and not to > >> the ${spring-security.failure.url} which tells me that everything is > >> working. But when I place the > >> security/ifloggedin component on a page, the else block gets rendered, > >> telling me that I'm not > >> logged in. I also can't access pages secured with the @Secured > annotation. > >> When I try, I see an > >> AccessDeniedException and are redirected to the login page. > >> > >> Here are the relevant parts of my AppModule: > >> > >> public static void contributeHttpServletRequestHandler( > >> OrderedConfiguration<HttpServletRequestFilter> configuration, > >> @InjectService("OpenIDAuthenticationProcessingFilter") > >> HttpServletRequestFilter openIDAuthenticationProcessingFilter) > >> { > >> configuration.add( > >> "openIDAuthenticationProcessingFilter", > >> openIDAuthenticationProcessingFilter, > >> "before:springSecurityAuthenticationProcessingFilter"); > >> } > >> > >> public static OpenIDAuthenticationProcessingFilter > >> buildRealOpenIDAuthenticationProcessingFilter( > >> @SpringSecurityServices final AuthenticationManager manager, > >> @SpringSecurityServices final RememberMeServices > >> rememberMeServices, > >> @Inject @Value("${spring-security.check.url}") final String > >> authUrl, > >> @Inject @Value("${spring-security.target.url}") final String > >> targetUrl, > >> @Inject @Value("${spring-security.failure.url}") final String > >> failureUrl) throws Exception > >> { > >> OpenIDAuthenticationProcessingFilter filter = new > >> OpenIDAuthenticationProcessingFilter(); > >> > >> filter.setAuthenticationManager(manager); > >> > >> filter.setAuthenticationFailureUrl(failureUrl); > >> > >> filter.setDefaultTargetUrl(targetUrl); > >> > >> filter.setFilterProcessesUrl(authUrl); > >> > >> filter.setRememberMeServices(rememberMeServices); > >> > >> filter.afterPropertiesSet(); > >> > >> return filter; > >> } > >> > >> public static HttpServletRequestFilter > >> buildOpenIDAuthenticationProcessingFilter( > >> final OpenIDAuthenticationProcessingFilter filter) > >> { > >> return new HttpServletRequestFilterWrapper(filter); > >> } > >> > >> public static OpenIDAuthenticationProvider > >> buildOpenIDAuthenticationProvider( > >> @InjectService("UserDetailsService") > >> UserDetailsService userDetailsService) throws Exception > >> { > >> OpenIDAuthenticationProvider provider = new > >> OpenIDAuthenticationProvider(); > >> > >> provider.setUserDetailsService(userDetailsService); > >> > >> provider.afterPropertiesSet(); > >> > >> return provider; > >> } > >> > >> public static void contributeProviderManager( > >> OrderedConfiguration<AuthenticationProvider> configuration, > >> @InjectService("OpenIDAuthenticationProvider") > >> AuthenticationProvider openIdAuthenticationProvider) > >> { > >> configuration.add("openIDAuthenticationProvider", > >> openIdAuthenticationProvider); > >> } > >> > >> public static UserDetailsService buildUserDetailsService(Logger logger, > >> @InjectService("HibernateSessionManager") > >> HibernateSessionManager sessionManager) > >> { > >> return new UserDetailsServiceImpl(sessionManager, logger); > >> } > >> > >> Thanks for any help. > >> > >> Uli > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
