Announcement Announcement Module
Collapse
No announcement yet.
String Security + Tapestry problem Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • String Security + Tapestry problem

    I'm trying to use Spring Security for my web applictaion. Its using the Tapestry 5 framework. I have done all the required changes to the web.xml and in the application-security.xml

    Authentictaion is working fine (correct credentials authenticated and bad rejected). The session also has the attribute SPRING_SECURITY_CONTEXT

    However the statement below always returns null;
    Code:
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    I'm calling this in one of the Tapestry Components.

    My XML config is as follows
    Code:
    <http auto-config="true" access-denied-page="/Login/Failed" lowercase-comparisons="true">
    
    	<intercept-url pattern="/images/*" filters="none"/>
    	<intercept-url pattern="/styles*/**" filters="none"/>
    	<intercept-url pattern="/scripts*/**" filters="none"/>
    	<intercept-url pattern="/assets*/**" filters="none"/>
    
    	<intercept-url pattern="/Login*/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    	<intercept-url pattern="/Logout*/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    	<intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN" />
    
    	<form-login login-page="/Login" 
    	default-target-url="/Download" 
    	always-use-default-target="true" 
    	authentication-failure-url="/Login/Failed" 
    	login-processing-url="/j_security_check" />
    
    	<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" />
    	<anonymous />
    	<http-basic />
    	<logout logout-url="/Logout" logout-success-url="/Index.html" />
    	<remember-me />
    </http>
    
    <authentication-provider>
    	<password-encoder hash="sha" />
    	<user-service>
    		<user name="admin1" password="32bc517603f889dd17a896d74fca122ac15d191f" authorities="ROLE_ADMIN" />
    		<user name="user1" password="5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8" authorities="ROLE_USER" />
    	</user-service>
    </authentication-provider>
    I have the following paths /Index.html , /download , /upload. If access Index.html (which justs redirect to /upload)
    and not authenticated, i get the login page. Unfortunately if i access /upload directly i simply go through to the
    page without any login page first. :-(

    The maximum concurrent sessions constraint is being executed correctly, i.e. a user cannot have more than 1 session.

    Is there anything i'm missing here?
    Last edited by n002213f; May 7th, 2009, 02:28 AM. Reason: correted wording
Working...
X