tapestry-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Kolmodin <Mich...@kolmodin.net>
Subject Re: Authentication, J2EE & Tapestry
Date Tue, 23 Sep 2003 15:23:02 GMT
Boyd Ebsworthy wrote:
> Hi,
> 
> I've been looking around but i couldn't find an example of how to use 
> J2EE Authentication mecanisms in Tapestry. All i could find was a note 
> in the wiki proposing that the developer's guide be updated with a 
> security chapter and a post in the mailing list archive giving an 
> example of do-it-yourself authentication using the 
> IPage.validate(IRequestCycle) method.
> Which isn't bad but i'd like to move the login/authentication 
> responsability out of my way.
> 

Somewhere I found an example in the archives a time ago.I  have tried to 
find it again, but failed. Enclosed you will find the LoginPage I made 
based on this. It's newbie code, it might suck, but it works for me :-)

Hope this helps, I havn't really time to take away the irrelevant parts...

--michael

---------------------------------------------------------------------------

package whatever;

import java.util.*;
import java.io.*;
import java.security.*;

import javax.security.auth.*;
import javax.security.auth.login.*;
import javax.security.auth.callback.*;

import org.apache.log4j.*;
import org.apache.tapestry.*;
import org.apache.tapestry.html.*;
import org.apache.tapestry.engine.*;
import org.apache.tapestry.event.*;
import org.apache.tapestry.callback.*;

/**
  *
  *  Presents and handles a login form, routes call to proper page.
  *  A fixed page is called on login failures.
  *  Client should invoke setCallback() before  activating page.
  *
  *  @author  mk
  */
public class LoginPage extends BasePage implements CallbackHandler
{
     private Logger log = Logger.getLogger( "Login" );
     private static char[] emptyPw = { ' ' };
     protected ICallback callback;

     /**
      *
      *  Default security realm, used as argument to LoginContext
      *  constructor.
      *  Overridden by system parameter "security-realm". Defined by
      *  the EJB
      *  container, in jboss in the login-config.xml file.
      *
      */
     public static String DEFAULT_REALM = "YALT";

     /** The key for the security realm. */
     public static String REALM_KEY = "net.kolmodin.yalt.security-realm";

     public LoginPage()
     {
	super();
     }

     /** Define where to go on succesful login. */
     public void setCallback( ICallback cb )
     {
        callback = cb;
        fireObservedChange( "callback", cb );
     }

     /**
     *
     * Called from the LoginContext, hands username and password
     * from user to the loginContext.
     *
     */
     public void handle(Callback[] callbacks)
         throws IOException, UnsupportedCallbackException
     {

	 for (int i = 0; i < callbacks.length; i++) {
             if (callbacks[i] instanceof NameCallback) {
		// Return username.
		NameCallback nc = (NameCallback) callbacks[i];
		nc.setName( username == null ? "" : username );
	    }
             else if (callbacks[i] instanceof PasswordCallback) {
		// Return password.
		PasswordCallback pc = (PasswordCallback) callbacks[i];
		pc.setPassword(
                      password == null ? emptyPw : password.toCharArray()
                       );
	    }
             else {
		throw new UnsupportedCallbackException(
                     callbacks[i], "Unrecognized Callback" );
	    }
	 }
     }

     /** Username entered by user. */
     protected String username = null;

     /** Set the username property. */
     public void setUsername( String s )
     {
         username = s;
         fireObservedChange("username", s);
     }

     /** Returns the username entered by user. */
     public String getUsername()
     {
        return username;
     }

     /** Password entered by user. */
     protected String password = null;

     /** Define password entered by user. No checks, those are
         supposed to be done in presentation layer.  */
     public void setPassword( String s )
     {
         password = s;
         fireObservedChange("password", s);
     }

     /** Return password entered by user. */
     public String getPassword()
     {
        return password;
     }

     protected String realm = DEFAULT_REALM;

     /** Reset page properties after use. */
     public void detach()
     {
        username = null;
        password = null;
        realm    = null;
        super.detach();
     }


     /** Handle users request to login. SetCallback() must be invoked
         before calling this. */
     public void submitLogin(IRequestCycle cycle)
     {

         Visit visit = (Visit) getPage().getVisit();
         assert visit != null : "Null visit?!";
         try{
            visit.setPrincipal( null );

            IPropertySource props =
                cycle.getEngine().getPropertySource();
            String tmpRealm  = props.getPropertyValue( REALM_KEY );
            if( tmpRealm != null )
                realm = tmpRealm;

            LoginContext loginContext = new LoginContext( realm, this );
	   loginContext.login();

	   Subject subject = loginContext.getSubject();
	   assert subject != null :
                "Null subject after successful login?!";
            visit.doSomethingWithSubject(...)

       }
       catch( LoginException le ){
            visit.clearAllLoginData(...)
            log.warn( "Login exception: " + le.getMessage() );
            IPage page = Whatever.getLoginFailurPage(...);
            throw new PageRedirectException( page );
       }
       if( callback == null )
           throw new IllegalStateException(
               "No callback defined for successful login ");
       callback.performCallback( cycle );
     }
}


---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org


Mime
View raw message