Discussion:
tapestry-spring-security: Custom UsernamePasswordAuthenticationFilter
Beat Durrer
2012-03-15 18:34:28 UTC
Permalink
Hi guys

I'm using T5.3.2 with tapestry-spring-security 3.0.3

I want to do some custom redirecting when a user logs in, so I tried
several ways to override the UsernamePasswordAuthenticationFilter of
tapestry-spring-security, but all failed.

The build Method looks like this:

public RoleBasedAuthenticationFilter buildRoleBasedAuthenticationFilter(
final AuthenticationManager manager,
final RememberMeServices rememberMeServices,
RoleBasedAuthenticationSuccessHandler successHandler,
Logger logger,
@Inject @Value( "${spring-security.check.url}" ) final
String authUrl,
@Inject @Value( "${spring-security.target.url}" ) final
String targetUrl,
@Inject @Value( "${spring-security.failure.url}" ) final
String failureUrl,
@Inject @Value( "${spring-security.always.use.target.url}"
) final String alwaysUseTargetUrl ) throws Exception {

logger.debug("MMANAGER IS : " + manager);

RoleBasedAuthenticationFilter filter = new
RoleBasedAuthenticationFilter(logger);
// do the same configuration like in the original SecurityModule
return filter;
}


The existing examples I found in the mailing list are all for T5.1,
where AliasContribution still existed... does ServiceOverride work
differently? I couldn't get them to work either.

When I make my own build method and want to contribute the instance to
ServiceOverride, I get an exception due to recursion.

Adding it to the ServiceOverride as class lets me start the app, but
the Filter seems to not being set up correctly (it throws exceptions
because of the AuthenticationManager being NULL):
configuration.addInstance(UsernamePasswordAuthenticationFilter.class,
RoleBasedAuthenticationFilter.class);

I also tried the lazy method with a proxy from ObjectLocator in the
ServiceOverride, but that fails because
UsernamePasswordAuthenticationFilter is not an interface.


Then I tried to do the configuration by using a decorator method, but
that one was never called (I tried serveral naming combinations like
class name, ID, annotations)
public static UsernamePasswordAuthenticationFilter
decorateRealUsernamePasswordAuthenticationFilter(
@InjectService("RealAuthenticationProcessingFilter")
UsernamePasswordAuthenticationFilter baseService,
RoleBasedAuthenticationSuccessHandler successHandler){

baseService.setAuthenticationSuccessHandler(successHandler);
return baseService;
}



My simple (but big) question is: How can I override that service? Is
there a sample which works under T5.3.2?


Cheers and thanks in advance
Beat

---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tapestry.apache.org
For additional commands, e-mail: users-***@tapestry.apache.org
Beat Durrer
2012-03-16 10:38:39 UTC
Permalink
Hey there,

I started over today and removed all my stuff, so it starts up as
normally. Then I added a decorator method, which is never called.

After logging in I checked the servicestatus and saw that the service
with id "RealAuthenticationProcessingFilter" is always in state
"defined".
Even after logging in, it stays in this state. It would explain why my
decorator was not called.
However, that can't be true, I checked by using the debugger and it's
method attemptAuthentication is called.

How can there be a configured instance and Tapestry still thinks the
service is not started?
The HttpServletRequestFilter with ID "AuthenticationProcessingFilter"
depends on this service and is 'real'.


I'm really lost here, is there anyone who was able to override this
service successfully?

Cheers
Beat
Post by Beat Durrer
Hi guys
I'm using T5.3.2 with tapestry-spring-security 3.0.3
I want to do some custom redirecting when a user logs in, so I tried
several ways to override the UsernamePasswordAuthenticationFilter of
tapestry-spring-security, but all failed.
public RoleBasedAuthenticationFilter buildRoleBasedAuthenticationFilter(
           final AuthenticationManager manager,
           final RememberMeServices rememberMeServices,
           RoleBasedAuthenticationSuccessHandler successHandler,
           Logger logger,
String authUrl,
String targetUrl,
String failureUrl,
) final String alwaysUseTargetUrl ) throws Exception {
       logger.debug("MMANAGER IS : " + manager);
       RoleBasedAuthenticationFilter filter = new
RoleBasedAuthenticationFilter(logger);
       // do the same configuration like in the original SecurityModule
       return filter;
}
The existing examples I found in the mailing list are all for T5.1,
where AliasContribution still existed... does ServiceOverride work
differently? I couldn't get them to work either.
When I make my own build method and want to contribute the instance to
ServiceOverride, I get an exception due to recursion.
Adding it to the ServiceOverride as class lets me start the app, but
the Filter seems to not being set up correctly (it throws exceptions
     configuration.addInstance(UsernamePasswordAuthenticationFilter.class,
RoleBasedAuthenticationFilter.class);
I also tried the lazy method with a proxy from ObjectLocator in the
ServiceOverride, but that fails because
UsernamePasswordAuthenticationFilter is not an interface.
Then I tried to do the configuration by using a decorator method, but
that one was never called (I tried serveral naming combinations like
class name, ID, annotations)
public static UsernamePasswordAuthenticationFilter
decorateRealUsernamePasswordAuthenticationFilter(
           UsernamePasswordAuthenticationFilter baseService,
           RoleBasedAuthenticationSuccessHandler successHandler){
       baseService.setAuthenticationSuccessHandler(successHandler);
       return baseService;
}
My simple (but big) question is: How can I override that service? Is
there a sample which works under T5.3.2?
Cheers and thanks in advance
Beat
---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tapestry.apache.org
For additional commands, e-mail: users-***@tapestry.apache.org
Beat Durrer
2012-03-16 13:46:37 UTC
Permalink
For the records: I solved my issue.
It's not the way I would like it to be, but at least it works: I
simply contribute an Override to the ServletRequestHandler.

public static void contributeHttpServletRequestHandler(
OrderedConfiguration<HttpServletRequestFilter> configuration,
@InjectService( "MyAuthenticationProcessingFilter" )
UsernamePasswordAuthenticationFilter filter,
@InjectService( "RoleBasedAuthenticationSuccessHandler" )
RoleBasedAuthenticationSuccessHandler successHandler,
Logger logger){

filter.setAuthenticationSuccessHandler(successHandler);
filter.afterPropertiesSet();
HttpServletRequestFilterWrapper wrapper = new
HttpServletRequestFilterWrapper(filter);
configuration.override("springSecurityAuthenticationProcessingFilter",
wrapper);
}
Post by Beat Durrer
Hey there,
I started over today and removed all my stuff, so it starts up as
normally. Then I added a decorator method, which is never called.
After logging in I checked the servicestatus and saw that the service
with id "RealAuthenticationProcessingFilter" is always in state
"defined".
Even after logging in, it stays in this state. It would explain why my
decorator was not called.
However, that can't be true, I checked by using the debugger and it's
method attemptAuthentication is called.
How can there be a configured instance and Tapestry still thinks the
service is not started?
The HttpServletRequestFilter with ID "AuthenticationProcessingFilter"
depends on this service and is 'real'.
I'm really lost here, is there anyone who was able to override this
service successfully?
Cheers
Beat
Post by Beat Durrer
Hi guys
I'm using T5.3.2 with tapestry-spring-security 3.0.3
I want to do some custom redirecting when a user logs in, so I tried
several ways to override the UsernamePasswordAuthenticationFilter of
tapestry-spring-security, but all failed.
public RoleBasedAuthenticationFilter buildRoleBasedAuthenticationFilter(
           final AuthenticationManager manager,
           final RememberMeServices rememberMeServices,
           RoleBasedAuthenticationSuccessHandler successHandler,
           Logger logger,
String authUrl,
String targetUrl,
String failureUrl,
) final String alwaysUseTargetUrl ) throws Exception {
       logger.debug("MMANAGER IS : " + manager);
       RoleBasedAuthenticationFilter filter = new
RoleBasedAuthenticationFilter(logger);
       // do the same configuration like in the original SecurityModule
       return filter;
}
The existing examples I found in the mailing list are all for T5.1,
where AliasContribution still existed... does ServiceOverride work
differently? I couldn't get them to work either.
When I make my own build method and want to contribute the instance to
ServiceOverride, I get an exception due to recursion.
Adding it to the ServiceOverride as class lets me start the app, but
the Filter seems to not being set up correctly (it throws exceptions
     configuration.addInstance(UsernamePasswordAuthenticationFilter.class,
RoleBasedAuthenticationFilter.class);
I also tried the lazy method with a proxy from ObjectLocator in the
ServiceOverride, but that fails because
UsernamePasswordAuthenticationFilter is not an interface.
Then I tried to do the configuration by using a decorator method, but
that one was never called (I tried serveral naming combinations like
class name, ID, annotations)
public static UsernamePasswordAuthenticationFilter
decorateRealUsernamePasswordAuthenticationFilter(
           UsernamePasswordAuthenticationFilter baseService,
           RoleBasedAuthenticationSuccessHandler successHandler){
       baseService.setAuthenticationSuccessHandler(successHandler);
       return baseService;
}
My simple (but big) question is: How can I override that service? Is
there a sample which works under T5.3.2?
Cheers and thanks in advance
Beat
---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tapestry.apache.org
For additional commands, e-mail: users-***@tapestry.apache.org

Loading...