Federatedaccounts (http://tynamo.org/tynamo-federatedaccounts+guide)
is exactly for these use cases. You would have to implement your own
authentication provider. It's interesting that your remote SSO service
serves as an authorization protocol as well, I'd probably handle it as
a merged local authorization. If the sso service you are using is one
of the more common ones, I'd be happy to work with you to have an
official support for it as a Tynamo federatedaccounts sub-module.
Kalle
On Wed, Feb 22, 2012 at 10:00 AM, George Christman
<gchrist...@cardaddy.com> wrote:
> Hello, our company has decided to build a sso service for all our
> applications. Up until now, I've always used the tapestry-security project,
> however I was just directed to add a filter to my web.xml which would handle
> authorization and role management. The remote login just redirects the user
> to an external login form and then redirects the user back to the
> application.
>
> My concerns/questions. I love the goodies provided to me by the
> tapestry-security project such as securing methods, role management etc.
> Would there be away I could continue to use the tapestry-security project
> with this custom remote login? Since I'm not managing login, I wouldn't have
> any credentials to pass into SimpleAuthenticationInfo, the only thing
> returned from the remote login is a username, roles, and whether or not they
> are authorized.
>
> This is my realm classed currently used to handle authorization
>
> protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
> token) throws AuthenticationException {
> UsernamePasswordToken upToken = (UsernamePasswordToken) token;
> String email = upToken.getUsername();
>
> ApplicationUser applicationUser = (ApplicationUser)
> session.createCriteria(ApplicationUser.class)
> .add(Restrictions.eq("email", email))
> .uniqueResult();
>
> if (applicationUser == null) {
> throw new UnknownAccountException();
> }
>
> return buildAuthenticationInfo(applicationUser.getId(),
> applicationUser.getPassword());
> }
>
> private AuthenticationInfo buildAuthenticationInfo(Long userId, String
> password) {
> return new SimpleAuthenticationInfo(userId, password, getName());
> }
>
> Thanks in advance.
>
> --
> View this message in context:
> http://tapestry.1045711.n5.nabble.com/tapestry-security-w-Remote-Login-tp5505792p5505792.html
> Sent from the Tapestry - User mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
