Announcement Announcement Module
Collapse
No announcement yet.
Acegi - Login Tapestry another clarification Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Acegi - Login Tapestry another clarification

    Ben,
    As I understand it, in the AbstractProcessingFilter, if the URL is for authentication, then the filter chain is not continued and the response is redirected on successful authentication.
    I know that onSuccessfulAuthentication method can be overridden by a inherited class to do extra processing after authentication.
    But, I would still like to continue the filter chain because tapestry can assign server state (like associating user) further down the chain on authentication and the response of which can be ignored by redirecting to another url in the filter.
    2. Also, the login URL is not uniquely available since tapestry uses the same URL for all form requests (/app) and the fact that it is a login form is given as a hidden field in the form post data. So, I cant use j_acegi_security_check as the URL for filtering. I suggest to have a separate method requiresAuthentication(ServletRequest request) which can be overridden by inheriting classes of AbstractProcessingFilter.


    This would involve the following change in the doFilter method for which I was planning to extend AuthenticationProcessingFilter. Please give me your suggestions if there is a better approach to the same.

    ---------------------------------------
    public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain chain) throws IOException, ServletException {
    if (!(request instanceof HttpServletRequest)) {
    throw new ServletException("Can only process HttpServletRequest");
    }

    if (!(response instanceof HttpServletResponse)) {
    throw new ServletException("Can only process HttpServletResponse");
    }

    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;

    /*---CHANGED THIS:: if (httpRequest.getRequestURL().toString().endsWith(h ttpRequest
    .getContextPath() + filterProcessesUrl))
    */
    // CHANGED TO:
    if (requiresAuthentication(request)) // This checks for the post parameter
    {
    if (logger.isDebugEnabled()) {
    logger.debug("Request is to process authentication");
    }

    onPreAuthentication(httpRequest, httpResponse);

    Authentication authResult;

    try {
    authResult = attemptAuthentication(httpRequest);
    } catch (AuthenticationException failed) {
    // Authentication failed
    unsuccessfulAuthentication(httpRequest, httpResponse, failed);

    return;
    }

    // Authentication success
    //ADDED THIS ::: ----------------------------------------------
    chain.doFilter(request,response);
    //------------------------------------------------------------------
    successfulAuthentication(httpRequest, httpResponse, authResult);
    return;
    }

    chain.doFilter(request, response);
    }
    Regards,
    John

  • #2
    Hi John

    Some good ideas there to improve Tapestry integration.

    I ran with them pretty much as suggested, except made the chain.doFilter conditional on a continueChainBeforeSuccessfulAuthentication property. This is just to ensure better backward compatibility, as I don't believe continuing with the filter chain would be beneficial most of the time. Indeed continuing may cause a "file not found" or similar error, so it's really mostly for Tapestry-like situations.

    They're now in CVS.

    Comment

    Working...
    X