Hi,
where is the registration of AuthenticatorImp implements
AuthenticatorInterface? I can not see it in your binder.bind
Your constructor looks weird:
public void PageAccessFilter in class RequiresLoginFilter ???
You should pass the interface there, not the impl.
Kind regards
David
Am 07.08.2013 16:12, schrieb Willy Browne:
> thanks for the help. I removed my Interface and now i get a
> NullPointerException
> * RequiresLoginFilter.dispatchedToLoginPage(RequiresLoginFilter.java:66)
> *
> services.RequiresLoginFilter.handlePageRender(RequiresLoginFilter.java:57)
> *
> org.apache.tapestry5.services.InitializeActivePageName.handlePageRender(InitializeActivePageName.java:47)
> *
> org.apache.tapestry5.internal.services.RootPathDispatcher.dispatch(RootPathDispatcher.java:66)
> *
> org.apache.tapestry5.services.TapestryModule$RequestHandlerTerminator.service(TapestryModule.java:302)
> * .services.PmsModule$1.service(PmsModule.java:115)
> *
> org.apache.tapestry5.internal.services.RequestErrorFilter.service(RequestErrorFilter.java:26)
> *
> org.apache.tapestry5.services.TapestryModule$3.service(TapestryModule.java:902)
> *
> org.apache.tapestry5.services.TapestryModule$2.service(TapestryModule.java:892)
> *
> org.apache.tapestry5.internal.services.StaticFilesFilter.service(StaticFilesFilter.java:90)
> *
> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:105)
> *
> org.apache.tapestry5.internal.services.CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:95)
> *
> org.apache.tapestry5.ioc.internal.util.ConcurrentBarrier.withRead(ConcurrentBarrier.java:85)
> *
> org.apache.tapestry5.internal.services.CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:119)
> *
> org.apache.tapestry5.services.TapestryModule$HttpServletRequestHandlerTerminator.service(TapestryModule.java:253)
> *
> org.apache.tapestry5.internal.gzip.GZipFilter.service(GZipFilter.java:53)
> *
> org.apache.tapestry5.internal.services.IgnoredPathsFilter.service(IgnoredPathsFilter.java:62)
> *
> org.apache.tapestry5.services.TapestryModule$1.service(TapestryModule.java:852)
> * org.apache.tapestry5.TapestryFilter.doFilter(TapestryFilter.java:171)
>
> public class RequiresLoginFilter implements ComponentRequestFilter {
> private PageRenderLinkSource renderLinkSource;
>
> private ComponentSource componentSource;
> private Response response;
>
> private AuthenticatorImp authService;
>
> public void PageAccessFilter(PageRenderLinkSource renderLinkSource,
> ComponentSource componentSource, Response response,
> AuthenticatorImp authService) {
>
> this.renderLinkSource = renderLinkSource;
> this.componentSource = componentSource;
> this.response = response;
> this.authService = authService;
>
> }
>
> public void handleComponentEvent(
> ComponentEventRequestParameters parameters,
> ComponentRequestHandler handler) throws IOException {
>
> if (dispatchedToLoginPage(parameters.getActivePageName())) {
> return;
> }
>
> handler.handleComponentEvent(parameters);
>
> }
>
> public void handlePageRender(PageRenderRequestParameters parameters,
> ComponentRequestHandler handler) throws IOException {
> if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
> return;
> }
>
> handler.handlePageRender(parameters);
> }
>
> private boolean dispatchedToLoginPage(String pageName) throws IOException {
> if (authService.isLoggedIn()) { // line 66
> return false;
> }
>
> Component page = componentSource.getPage(pageName);
>
> if (!page.getClass().isAnnotationPresent(RequiresLogin.class)) {
> return false;
> }
>
> Link link = renderLinkSource.createPageRenderLink("Login");
>
> response.sendRedirect(link);
>
> return true;
> }
> }
>
>
> public class RequiresLoginFilter implements ComponentRequestFilter {
> private PageRenderLinkSource renderLinkSource;
>
> private ComponentSource componentSource;
> private Response response;
>
> private AuthenticatorImp authService;
>
> public void PageAccessFilter(PageRenderLinkSource renderLinkSource,
> ComponentSource componentSource, Response response,
> AuthenticatorImp authService) {
>
> this.renderLinkSource = renderLinkSource;
> this.componentSource = componentSource;
> this.response = response;
> this.authService = authService;
>
> }
>
> public void handleComponentEvent(
> ComponentEventRequestParameters parameters,
> ComponentRequestHandler handler) throws IOException {
>
> if (dispatchedToLoginPage(parameters.getActivePageName())) {
> return;
> }
>
> handler.handleComponentEvent(parameters);
>
> }
>
> public void handlePageRender(PageRenderRequestParameters parameters,
> ComponentRequestHandler handler) throws IOException {
> if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
> return;
> }
>
> handler.handlePageRender(parameters);
> }
>
> private boolean dispatchedToLoginPage(String pageName) throws IOException {
> // line 57
> if (authService.isLoggedIn()) {
> return false;
> }
>
> Component page = componentSource.getPage(pageName);
>
> if (!page.getClass().isAnnotationPresent(RequiresLogin.class)) {
> return false;
> }
>
> Link link = renderLinkSource.createPageRenderLink("Login");
>
> response.sendRedirect(link);
>
> return true;
> }
> }
>
>
>
> public class AuthenticatorImp implements AuthenticatorInterface{
>
> public static final String AUTH_TOKEN = "authToken";
> /**
> *
> */
> public AuthenticatorImp() {
> super();
> // TODO Auto-generated constructor stub
> }
>
> /**
> * @param request
> */
> public AuthenticatorImp(Request request) {
> super();
> this.request = request;
> }
>
>
>
>
> @Inject
> private Request request;
> public Mitarbeiter getLoggedUser() {
>
> Mitarbeiter user = null;
>
> if (isLoggedIn())
> user = (Mitarbeiter)
> request.getSession(true).getAttribute(AUTH_TOKEN);
>
> else
> throw new IllegalStateException("The user is not logged ! ");
>
> return user;
> }
>
> public boolean isLoggedIn() {
> org.apache.tapestry5.services.Session session = request.getSession(true);
> if (session != null) { return session.getAttribute(AUTH_TOKEN) !=
> null; }
> return false;
>
> }
>
> @SuppressWarnings("unchecked")
> public void login(String nickName, String password, org.hibernate.Session
> session)
> throws NoSuchAlgorithmException, UnsupportedEncodingException {
> MitarbeiterDaoImpl mitarbeiterDao = new MitarbeiterDaoImpl(
> Mitarbeiter.class, session);
> Mitarbeiter authUser = mitarbeiterDao.authenticate(nickName,
> Encrypt.MD5(password));
>
> try{
> request.getSession(true).setAttribute(AUTH_TOKEN, authUser);
> }
> catch(NullPointerException e){
> System.out.println("Beim Einlogen ist ein fehler aufgetreten");
> }
>
>
> }
>
> public void logout() {
> org.apache.tapestry5.services.Session session = request.getSession(false);
> if (session != null)
> {
> session.setAttribute(AUTH_TOKEN, null);
> session.invalidate();
> }
> }
>
>
> }
>
> ________________________________
> De : Taha Hafeez Siddiqi <[email protected]>
> À : Tapestry users <[email protected]>
> Envoyé le : Mardi 6 août 2013 14h41
> Objet : Re: Securing page with Tapestry
>
>
> Are you defining your own ComponentRequestFilter interface? As you have
> included the code for that I am assuming you have.
>
> You have to implement Tapestry's ComponentRequestFilter, not your own as you
> can't contribute to the RequestHandler any other implementation.
>
> regards
> Taha
>
> On 06-Aug-2013, at 5:53 PM, Will N. <[email protected]> wrote:
>
>> Am 06.08.2013 14:13, schrieb Thiago H de Paula Figueiredo:
>>> I'm sorry, I should have asked for your ComponentRequestFilter
>>> implementation source too. ;)
>>>
>>> On Tue, 06 Aug 2013 08:31:15 -0300, Will N. <[email protected]> wrote:
>>>
>>>> Am 06.08.2013 13:25, schrieb Thiago H de Paula Figueiredo:
>>>>> On Tue, 06 Aug 2013 05:10:37 -0300, Will N. <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>> Hi!
>>>>>
>>>>>> I am trying secure some pages of my application as shown in this
>>>>>> tutorial. http://tapestryjava.blogspot.co.uk/search/label/security
>>>>>> But I am having following error message when I start the application.
>>>>>> Since the RequiresLoginFilte class implements the ComponentRequestFilter
>>>>>> interface, I am confused about the coertion error!
>>>>> The error is weird. Could you post your
>>>>> PmsModule.contributeComponentRequestHandler() method
>>>> /**
>>>> * This module is automatically included as part of the Tapestry IoC
>>>> Registry,
>>>> * it's a good place to configure and extend Tapestry, or to place your
>>>> own
>>>> * service definitions. spring
>>>> */
>>>> public class PmsModule {
>>>> // public static void bind(ServiceBinder binder) {
>>>> // // binder.bind(MyServiceInterface.class, MyServiceImpl.class);
>>>> //
>>>> // // Make bind() calls on the binder object to define most IoC
>>>> services.
>>>> // // Use service builder methods (example below) when the
>>>> implementation
>>>> // // is provided inline, or requires more initialization than
>>>> simply
>>>> // // invoking the constructor.
>>>> // binder.bind(ArbeitspaketDao.class, ArbeitspaketDaoImpl.class);
>>>> // binder.bind(AufgabeDao.class, AufgabeDaoImpl.class);
>>>> // binder.bind(BasicDao.class, BasicDaoImpl.class);
>>>> // binder.bind(FunktionDao.class, FunktionDaoImpl.class);
>>>> //// binder.bind(GrantedAuthorityBeanDao.class,
>>>> //// GrantedAuthorityBeanDaoImpl.class);
>>>> // binder.bind(MitarbeiterDao.class, MitarbeiterDaoImpl.class);
>>>> // binder.bind(MitarbeiterProjektDao.class,
>>>> // MitarbeiterProjektDaoImpl.class);
>>>> // binder.bind(ModulDao.class, ModulDaoImpl.class);
>>>> // binder.bind(PersonMonatDao.class, PersonMonatDaoImpl.class);
>>>> // binder.bind(UserDataDao.class, UserDataDaoImpl.class);
>>>> // binder.bind(ProjektDao.class, ProjektDaoImpl.class);
>>>> // binder.bind(UnteraufgabeDao.class, UnteraufgabeDaoImpl.class);
>>>> // binder.bind(UnterunteraufgabeDao.class,
>>>> UnterunteraufgabeDaoImpl.class);
>>>> //
>>>> // }
>>>>
>>>> public static void contributeFactoryDefaults(
>>>> MappedConfiguration<String, Object> configuration) {
>>>> // The application version number is incorprated into URLs for
>>>> some
>>>> // assets. Web browsers will cache assets because of the far
>>>> future
>>>> // expires
>>>> // header. If existing assets are changed, the version number
>>>> should
>>>> // also
>>>> // change, to force the browser to download new versions. This
>>>> overrides
>>>> // Tapesty's default
>>>> // (a random hexadecimal number), but may be further overriden by
>>>> // DevelopmentModule or
>>>> // QaModule.
>>>> configuration.override(SymbolConstants.APPLICATION_VERSION,
>>>> "1.0-SNAPSHOT");
>>>> }
>>>>
>>>> public static void contributeApplicationDefaults(
>>>> MappedConfiguration<String, Object> configuration) {
>>>> // Contributions to ApplicationDefaults will override any
>>>> contributions
>>>> // to
>>>> // FactoryDefaults (with the same key). Here we're restricting the
>>>> // supported
>>>> // locales to just "en" (English). As you add localised message
>>>> catalogs
>>>> // and other assets,
>>>> // you can extend this list of locales (it's a comma separated
>>>> series of
>>>> // locale names;
>>>> // the first locale name is the default when there's no reasonable
>>>> // match).
>>>> // configuration.add(SymbolConstants.SUPPORTED_LOCALES, "en");
>>>> configuration.add(SymbolConstants.SUPPORTED_LOCALES, "de");
>>>> configuration.add(SymbolConstants.COMPRESS_WHITESPACE, "true");
>>>>
>>>> }
>>>>
>>>> /**
>>>> * This is a service definition, the service will be named
>>>> "TimingFilter".
>>>> * The interface, RequestFilter, is used within the RequestHandler
>>>> service
>>>> * pipeline, which is built from the RequestHandler service
>>>> configuration.
>>>> * Tapestry IoC is responsible for passing in an appropriate Logger
>>>> * instance. Requests for static resources are handled at a higher
>>>> level, so
>>>> * this filter will only be invoked for Tapestry related requests.
>>>> * <p/>
>>>> * <p/>
>>>> * Service builder methods are useful when the implementation is
>>>> inline as
>>>> * an inner class (as here) or require some other kind of special
>>>> * initialization. In most cases, use the static bind() method
>>>> instead.
>>>> * <p/>
>>>> * <p/>
>>>> * If this method was named "build", then the service id would be
>>>> taken from
>>>> * the service interface and would be "RequestFilter". Since Tapestry
>>>> * already defines a service named "RequestFilter" we use an explicit
>>>> * service id that we can reference inside the contribution method.
>>>> */
>>>> public RequestFilter buildTimingFilter(final Logger log) {
>>>> return new RequestFilter() {
>>>> public boolean service(Request request, Response response,
>>>> RequestHandler handler) throws IOException {
>>>> long startTime = System.currentTimeMillis();
>>>>
>>>> try {
>>>> // The responsibility of a filter is to invoke the
>>>> // corresponding method
>>>> // in the handler. When you chain multiple filters
>>>> together,
>>>> // each filter
>>>> // received a handler that is a bridge to the next
>>>> filter.
>>>>
>>>> return handler.service(request, response);
>>>> } finally {
>>>> long elapsed = System.currentTimeMillis() - startTime;
>>>>
>>>> log.info(String.format("Request time: %d ms",
>>>> elapsed));
>>>> }
>>>> }
>>>> };
>>>> }
>>>>
>>>> /**
>>>> * This is a contribution to the RequestHandler service
>>>> configuration. This
>>>> * is how we extend Tapestry using the timing filter. A common use
>>>> for this
>>>> * kind of filter is transaction management or security. The @Local
>>>> * annotation selects the desired service by type, but only from the
>>>> same
>>>> * module. Without @Local, there would be an error due to the other
>>>> * service(s) that implement RequestFilter (defined in other modules).
>>>> */
>>>> public void
>>>> contributeRequestHandler(OrderedConfiguration<RequestFilter>
>>>> configuration, @Local RequestFilter filter) {
>>>> // Each contribution to an ordered configuration has a name, When
>>>> // necessary, you may
>>>> // set constraints to precisely control the invocation order of
>>>> the
>>>> // contributed filter
>>>> // within the pipeline.
>>>>
>>>> configuration.add("Timing", filter);
>>>> }
>>>>
>>>>
>>>> @SuppressWarnings("unchecked")
>>>> public static void
>>>> contributeComponentRequestHandler(OrderedConfiguration configuration) {
>>>> configuration.addInstance("RequiresLogin",
>>>> RequiresLoginFilter.class);
>>>>
>>>> }
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> }
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [email protected]
>>>> For additional commands, e-mail: [email protected]
>>>>
>>>
>>
>>
>> import java.io.IOException;
>>
>> import org.apache.tapestry5.services.ComponentEventRequestParameters;
>> import org.apache.tapestry5.services.ComponentRequestHandler;
>> import org.apache.tapestry5.services.PageRenderRequestParameters;
>>
>>
>> /**
>> * Filter interface for {@link
>> org.apache.tapestry5.services.ComponentRequestHandler}.
>> */
>> /**
>> * Our implementation of this filter will check the page referenced in the
>> request to see if it has the annotation.
>> * If the annotation is present and the user has not yet logged in, we'll
>> redirect to the Login page.
>> * When a redirect is not necessary, we delegate to the next handler in the
>> pipeline2:
>> */
>> public interface ComponentRequestFilter
>> {
>> /**
>> * Handler for a component action request which will trigger an event on
>> a component and use the return value to
>> * send a response to the client (typically, a redirect to a page render
>> URL).
>> *
>> * @param parameters defining the request
>> * @param handler next handler in the pipeline
>> */
>> void handleComponentEvent(ComponentEventRequestParameters parameters,
>> ComponentRequestHandler handler)
>> throws IOException;
>>
>> /**
>> * Invoked to activate and render a page. In certain cases, based on
>> values returned when activating the page, a
>> * {@link org.apache.tapestry5.services.ComponentEventResultProcessor}
>> may be used to send an alternate response
>> * (typically, a redirect).
>> *
>> * @param parameters defines the page name and activation context
>> * @param handler next handler in the pipeline
>> */
>> void handlePageRender(PageRenderRequestParameters parameters,
>> ComponentRequestHandler handler) throws IOException;
>> }
>>
>>
>>
>>
>>
>>
>> import java.io.IOException;
>>
>> import org.apache.tapestry5.Link;
>> import org.apache.tapestry5.runtime.Component;
>> import org.apache.tapestry5.services.ComponentEventRequestParameters;
>> import org.apache.tapestry5.services.ComponentRequestHandler;
>> import org.apache.tapestry5.services.ComponentSource;
>> import org.apache.tapestry5.services.PageRenderLinkSource;
>> import org.apache.tapestry5.services.PageRenderRequestParameters;
>> import org.apache.tapestry5.services.Response;
>>
>>
>> import com.example.pms.annotations.*;
>>
>>
>> public class RequiresLoginFilter implements ComponentRequestFilter {
>>
>> private PageRenderLinkSource renderLinkSource;
>>
>> private ComponentSource componentSource;
>>
>> private Response response;
>>
>> // private final AuthenticationService authService;
>> private AuthenticatorImp authService;
>>
>>
>> public void PageAccessFilter(PageRenderLinkSource renderLinkSource,
>> ComponentSource componentSource,
>> Response response, AuthenticatorImp
>> authService) {
>>
>> this.renderLinkSource = renderLinkSource;
>> this.componentSource = componentSource;
>> this.response = response;
>> this.authService = authService;
>>
>> }
>>
>> public void handleComponentEvent(
>> ComponentEventRequestParameters parameters,
>> ComponentRequestHandler handler) throws IOException {
>>
>> if (dispatchedToLoginPage(parameters.getActivePageName())) {
>> return;
>> }
>>
>> handler.handleComponentEvent(parameters);
>>
>> }
>>
>> public void handlePageRender(PageRenderRequestParameters parameters,
>> ComponentRequestHandler handler) throws IOException {
>>
>> if (dispatchedToLoginPage(parameters.getLogicalPageName())) {
>> return;
>> }
>>
>> handler.handlePageRender(parameters);
>> }
>>
>> private boolean dispatchedToLoginPage(String pageName) throws IOException {
>>
>> if (authService.isLoggedIn()) {
>> return false;
>> }
>>
>> Component page = componentSource.getPage(pageName);
>>
>> if (! page.getClass().isAnnotationPresent(RequiresLogin.class)) {
>> return false;
>> }
>>
>> Link link = renderLinkSource.createPageRenderLink("Index");
>>
>> response.sendRedirect(link);
>>
>> return true;
>> }
>> }
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
