My UserDetailsService is managed by Spring and as such I can't inject the
same exact instances that tapestry is using, but I do use the same types,
PlaintextPasswordEncoder and SaltSourceImpl.
UserDetailsService:
private final static Logger LOG =
LoggerFactory.getLogger(UserDetailsServiceImpl.class);
@Autowired
private SessionFactory sessionManager;
private PasswordEncoder passwordEncoder = new PlaintextPasswordEncoder();
private SaltSource saltSource = new SaltSourceImpl();
/**
* Default constructor.
*/
public UserDetailsServiceImpl() {
// default
}
/**
* Try to find the given user in the local database.
*/
@Transactional(propagation = Propagation.REQUIRED, isolation =
Isolation.READ_COMMITTED, readOnly = true)
public UserDetails loadUserByUsername(String username) throws
UsernameNotFoundException, DataAccessException {
LOG.debug("Attempting to locate user with username \"{}\"", username);
Session session = sessionManager.getCurrentSession();
User user = (User)
session.createCriteria(User.class).add(Restrictions.eq("username",
username)).uniqueResult();
if (user != null) {
// encode the password
user.setPassword(passwordEncoder.encodePassword(user.getPassword(),
saltSource.getSalt(user)));
}
LOG.debug("Located user: {}", user);
return new User(user);
}
On Thu, May 27, 2010 at 1:29 PM, Michael Gerzabek
<michael.gerza...@gmx.net>wrote:
> What about the salt. Did you change it? You have to 'save' password with
> your PasswordEncoder prior to using it.
>
> Which Am 27/05/2010 19:20, schrieb Todd Orr:
>
> I've tried that way as well. It doesn't work either and I assume it's for
>> the same reason, though I cannot tell in that case because the exception
>> doesn't bubble out of Tapestry Spring Security.
>>
>> Login code:
>>
>> private final static Logger LOG = LoggerFactory.getLogger(Login.class);
>>
>> @Inject
>> @Value("${spring-security.check.url}")
>> private String checkUrl;
>>
>> @Inject
>> private Request request;
>>
>> private boolean failed = false;
>>
>> public boolean isFailed() {
>> return failed;
>> }
>>
>> public String getLoginCheckUrl() {
>> String loginCheckUrl = request.getContextPath() + checkUrl;
>> LOG.debug("Returning login check url: {}", loginCheckUrl);
>> return loginCheckUrl;
>> }
>>
>> void onActivate(String extra) {
>> if (extra.equals("failed")) {
>> failed = true;
>> }
>> }
>>
>> TML:
>>
>> <html t:type="layout"
>> title="message:page-title"
>> xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd";
>> xmlns:p="tapestry:parameter">
>>
>> <div id="login-help">
>> <t:outputraw value="${message:login-help}" />
>> </div>
>> <div>
>> <form action="${loginCheckUrl}" method="post">
>> <t:if test="failed">
>> <p>Username and/or password was wrong!</p>
>> </t:if>
>> <div id="login-username-row">
>> <label for="j_username">Username:</label>
>> <input id="j_username" name="j_username" type="text" />
>> </div>
>> <div id="login-password-row">
>> <label for="j_password">Password</label>
>> <input id="j_password" name="j_password" type="password" />
>> </div>
>> <div id="login-submit-row">
>> <input type="submit" value="Login" />
>> </div>
>> </form>
>> </div>
>>
>> </html>
>>
>> Module:
>>
>> private final static Logger LOG =
>> LoggerFactory.getLogger(SecurityModule.class);
>> public static void
>> contributeProviderManager(OrderedConfiguration<AuthenticationProvider>
>> configuration,
>> @InjectService("DaoAuthenticationProvider") AuthenticationProvider
>> daoAuthenticationProvider) {
>> LOG.debug("Received AuthenticationProvider: {}",
>> daoAuthenticationProvider);
>> configuration.add("daoAuthenticationProvider",
>> daoAuthenticationProvider);
>> }
>>
>> public static void
>> contributeAlias(Configuration<AliasContribution<PasswordEncoder>>
>> configuration) {
>> configuration.add(AliasContribution.create(PasswordEncoder.class, new
>> PlaintextPasswordEncoder()));
>> }
>>
>> public static void
>> contributeApplicationDefaults(MappedConfiguration<String,
>> String> configuration) {
>> configuration.add("spring-security.failure.url", "/login/failed");
>> configuration.add("spring-security.accessDenied.url", "/accessdenied");
>> configuration.add("spring-security.check.url",
>> "/j_spring_security_check");
>> configuration.add("spring-security.target.url", "/intranet");
>> configuration.add("spring-security.afterlogout.url", "/");
>> configuration.add("spring-security.rememberme.key", "REMEMBERMEKEY");
>> configuration.add("spring-security.loginform.url", "/login");
>> configuration.add("spring-security.force.ssl.login", "false");
>> configuration.add("spring-security.anonymous.key", "acegi_anonymous");
>> configuration.add("spring-security.anonymous.attribute",
>> "anonymous,ROLE_ANONYMOUS");
>> configuration.add("spring-security.password.salt", "DEADBEEF");
>> }
>>
>> public static void
>>
>> contributeFilterSecurityInterceptor(Configuration<RequestInvocationDefinition>
>> configuration) {
>> configuration.add(new RequestInvocationDefinition("/intranet*/**",
>> "ROLE_ADMIN"));
>> }
>>
>>
>> No redirect to the target URL occurs. It just says that "Username and/or
>> password was wrong!".
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
