Orbeon Forms community mailing list

Acegi integration?

classic Classic list List threaded Threaded
15 messages Options
ops-user
Reply | Threaded
Open this post in threaded view
|

Acegi integration?

ops-user

Has anyone integrated Acegi Security (via minimal Spring rather than the
container adapter) and Ops/XForms (on tomcat)?  I'm wondering if I need
to write a processor to access the Acegi bits in the
HttpSession/SecurityContextHolder or if the java.lang.Object scope
generator is sufficient, or if I'm driving off a cliff. :)

from the Acegi javadocs:
The HttpSession will be queried to retrieve the SecurityContext (minimum
security information associated with the current thread of execution)
that should be stored against the SecurityContextHolder for the duration
of the web request. At the end of the web request, any updates made to
the SecurityContextHolder will be persisted back to the HttpSession by
this filter.

from the Acegi manual:
The most fundamental object is SecurityContextHolder. This is where we
store details of the present security context of the application, which
includes details of the principal currently using the application. By
default the SecurityContextHolder uses a ThreadLocal to store these
details, which means that the security context is always available to
methods in the same thread of execution, even if the security context is
not explicitly passed around as an argument those methods. Using a
ThreadLocal in this way is quite safe if care is taken to clear the
thread after the present principal's request is processed. Of course,
Acegi Security takes care of for you automatically so there is no need
to worry about it.


Would I use a bean generator to access the SecurityContextHolder?

Any help is most appreciated!


--



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Alessandro Vernet
Reply | Threaded
Open this post in threaded view
|

Re: Acegi integration?

Alessandro Vernet
Administrator
On 12/28/06, [hidden email] <[hidden email]> wrote:
> Has anyone integrated Acegi Security (via minimal Spring rather than the
> container adapter) and Ops/XForms (on tomcat)?  I'm wondering if I need
> to write a processor to access the Acegi bits in the
> HttpSession/SecurityContextHolder or if the java.lang.Object scope
> generator is sufficient, or if I'm driving off a cliff. :)

I have no experience with Acegi Security, but it looks like you will
want to write your own Java code that gets the SecurityContextHolder
from the session, and generates an XML document with information about
the current user. Using the Java processor you can place your Java
code in the resources, and Orbeon Forms will compile it for you when
needed. See:

http://www.orbeon.com/ops/doc/processors-java

Alex
--
Blog (XML, Web apps, Open Source):
http://www.orbeon.com/blog/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
Mike Leary
Reply | Threaded
Open this post in threaded view
|

Re: newbie pipeline docs questions (nightly build)

Mike Leary
In reply to this post by ops-user
> How do I access the current request/response from a java processor?

I got as far as a making a working processor, but ...

HttpServletRequest req =
 (HttpServletRequest) context.getAttribute(org.orbeon.oxf.pipeline.api.PipelineContext.REQUEST);

req is null :(

any suggestions?


--



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Mike Leary
Reply | Threaded
Open this post in threaded view
|

Re: newbie pipeline docs questions (nightly build)

Mike Leary

Where can I find the source code for ops/forms?  I'd suppose that the
request-security processor source has most of the right incantations.


On Tue, Jan 02, 2007 at 07:26:13PM -0800, Mike Leary wrote:

> > How do I access the current request/response from a java processor?
>
> I got as far as a making a working processor, but ...
>
> HttpServletRequest req =
>  (HttpServletRequest) context.getAttribute(org.orbeon.oxf.pipeline.api.PipelineContext.REQUEST);
>
> req is null :(
>
> any suggestions?
>
>
> --
>

>
> --
> You receive this message as a subscriber of the [hidden email] mailing list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws


--



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Ryan Puddephatt
Reply | Threaded
Open this post in threaded view
|

RE: newbie pipeline docs questions (nightly build)

Ryan Puddephatt
Mike,
        You can find the CVS source through View CVS at
http://forge.objectweb.org/scm/?group_id=168, which provides details on
getting access to CVS.

More importantly for you, you can view the request-security and request
processors at
http://cvs.forge.objectweb.org/cgi-bin/viewcvs.cgi/ops/orbeon/src/java/org/o
rbeon/oxf/processor/generator/RequestSecurityGenerator.java and
http://cvs.forge.objectweb.org/cgi-bin/viewcvs.cgi/ops/orbeon/src/java/org/o
rbeon/oxf/processor/generator/RequestGenerator.java respectively

Hope this helps

Ryan

Ryan Puddephatt
Software Engineer

Teleflex Group - IT UK
1 Michaelson Square
Livingston
West Lothian
Scotland
EH54 7DP

e> [hidden email]
t> +44(0)1506 407 110
f> +44(0)1506 407 108

 

>-----Original Message-----
>From: Mike Leary [mailto:[hidden email]]
>Sent: 03 January 2007 03:55
>To: [hidden email]
>Subject: Re: [ops-users] newbie pipeline docs questions (nightly build)
>
>
>Where can I find the source code for ops/forms?  I'd suppose
>that the request-security processor source has most of the
>right incantations.
>
>
>On Tue, Jan 02, 2007 at 07:26:13PM -0800, Mike Leary wrote:
>> > How do I access the current request/response from a java processor?
>>
>> I got as far as a making a working processor, but ...
>>
>> HttpServletRequest req =
>>  (HttpServletRequest)
>>
>context.getAttribute(org.orbeon.oxf.pipeline.api.PipelineContext.REQUE
>> ST);
>>
>> req is null :(
>>
>> any suggestions?
>>
>>
>> --
>>
>
>>
>> --
>> You receive this message as a subscriber of the
>[hidden email] mailing list.
>> To unsubscribe: mailto:[hidden email]
>> For general help: mailto:[hidden email]?subject=help
>> ObjectWeb mailing lists service home page:
>http://www.objectweb.org/wws
>
>
>--
>
>



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Ryan Puddephatt
Reply | Threaded
Open this post in threaded view
|

RE: newbie pipeline docs questions (nightly build)

Ryan Puddephatt
In reply to this post by Mike Leary
Mike,
        Seems this is what you need

ExternalContext externalContext = (ExternalContext)
context.getAttribute(PipelineContext.EXTERNAL_CONTEXT);
ExternalContext.Request request = externalContext.getRequest();

Ryan

Ryan Puddephatt
Software Engineer

Teleflex Group - IT UK
1 Michaelson Square
Livingston
West Lothian
Scotland
EH54 7DP

e> [hidden email]
t> +44(0)1506 407 110
f> +44(0)1506 407 108

 

>-----Original Message-----
>From: Mike Leary [mailto:[hidden email]]
>Sent: 03 January 2007 03:26
>To: [hidden email]
>Subject: Re: [ops-users] newbie pipeline docs questions (nightly build)
>
>> How do I access the current request/response from a java processor?
>
>I got as far as a making a working processor, but ...
>
>HttpServletRequest req =
> (HttpServletRequest)
>context.getAttribute(org.orbeon.oxf.pipeline.api.PipelineContex
>t.REQUEST);
>
>req is null :(
>
>any suggestions?
>
>
>--
>
>



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Erik Bruchez
Reply | Threaded
Open this post in threaded view
|

Re: newbie pipeline docs questions (nightly build)

Erik Bruchez
Administrator
In reply to this post by Mike Leary
Mike,

The source code is available from here:

   http://forge.objectweb.org/scm/?group_id=168

-Erik

Mike Leary wrote:

> Where can I find the source code for ops/forms?  I'd suppose that the
> request-security processor source has most of the right incantations.
>
>
> On Tue, Jan 02, 2007 at 07:26:13PM -0800, Mike Leary wrote:
>>> How do I access the current request/response from a java processor?
>> I got as far as a making a working processor, but ...
>>
>> HttpServletRequest req =
>>  (HttpServletRequest) context.getAttribute(org.orbeon.oxf.pipeline.api.PipelineContext.REQUEST);
>>
>> req is null :(
>>
>> any suggestions?
>>
>>
>> --
>>
>
>> --
>> You receive this message as a subscriber of the [hidden email] mailing list.
>> To unsubscribe: mailto:[hidden email]
>> For general help: mailto:[hidden email]?subject=help
>> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
>
>
>
> ------------------------------------------------------------------------
>
>
> --
> You receive this message as a subscriber of the [hidden email] mailing list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

--
Orbeon Forms - Web Forms for the Enterprise Done the Right Way
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Mike Leary
Reply | Threaded
Open this post in threaded view
|

Re: newbie pipeline docs questions (nightly build)

Mike Leary
In reply to this post by Ryan Puddephatt
Thanks to all for all the help.  I ended up using some of Ryan's code
(below) as well as being able to access Acegi's ThreadLocal stuff
directly.

I also finally found orbeon's 'request' pipeline (cue trumpets), which
seems pretty complete at first glance.

See the xml output like so:

in page-flow:
<page id="request" path-info="/this_dir_under_apps/request" view="request.xpl"/>

request.xpl:
<p:config xmlns:p="http://www.orbeon.com/oxf/pipeline"
          xmlns:oxf="http://www.orbeon.com/oxf/processors">
  <p:param name="data" type="output"/>
  <p:processor name="oxf:request">
    <p:input name="config">
      <config>
        <include>/*</include>
      </config>
    </p:input>
    <p:output name="data" ref="data"/>
  </p:processor>
</p:config>

No similar 'session' pipeline, though I'm sure I'm not the only one to
roll his own.


On Wed, Jan 03, 2007 at 10:55:14AM +0000, Ryan Puddephatt wrote:
> ExternalContext externalContext = (ExternalContext)
> context.getAttribute(PipelineContext.EXTERNAL_CONTEXT);
> ExternalContext.Request request = externalContext.getRequest();


--



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Daniel E. Renfer
Reply | Threaded
Open this post in threaded view
|

Re: newbie pipeline docs questions (nightly build)

Daniel E. Renfer
The session information can be accessed by using the scope serializer
and generator. The documentation for both are respectively:

http://www.orbeon.com/ops/doc/processors-serializers#scope-serializer
http://www.orbeon.com/ops/doc/processors-generators#scope-generator

from Java, they can be accessed using:

ExternalContext.Session session = externalContext.getSession();

Hope this helps.

--
Daniel E. Renfer
http://kronkltd.net/


On 1/5/07, Mike Leary <[hidden email]> wrote:

> Thanks to all for all the help.  I ended up using some of Ryan's code
> (below) as well as being able to access Acegi's ThreadLocal stuff
> directly.
>
> I also finally found orbeon's 'request' pipeline (cue trumpets), which
> seems pretty complete at first glance.
>
> See the xml output like so:
>
> in page-flow:
> <page id="request" path-info="/this_dir_under_apps/request" view="request.xpl"/>
>
> request.xpl:
> <p:config xmlns:p="http://www.orbeon.com/oxf/pipeline"
>           xmlns:oxf="http://www.orbeon.com/oxf/processors">
>   <p:param name="data" type="output"/>
>   <p:processor name="oxf:request">
>     <p:input name="config">
>       <config>
>         <include>/*</include>
>       </config>
>     </p:input>
>     <p:output name="data" ref="data"/>
>   </p:processor>
> </p:config>
>
> No similar 'session' pipeline, though I'm sure I'm not the only one to
> roll his own.
>
>
> On Wed, Jan 03, 2007 at 10:55:14AM +0000, Ryan Puddephatt wrote:
> > ExternalContext externalContext = (ExternalContext)
> > context.getAttribute(PipelineContext.EXTERNAL_CONTEXT);
> > ExternalContext.Request request = externalContext.getRequest();


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Daniel E. Renfer
Reply | Threaded
Open this post in threaded view
|

Re: newbie pipeline docs questions (nightly build)

Daniel E. Renfer
I'm sorry.

getSession() takes a boolean value to determine if a session should be created.

ExternalContext.Session session = externalContext.getSession(true);

That's what you get for copy and pasting without double checking.

--
Daniel E. Renfer
http://kronkltd.net/


On 1/7/07, Daniel E. Renfer <[hidden email]> wrote:

> The session information can be accessed by using the scope serializer
> and generator. The documentation for both are respectively:
>
> http://www.orbeon.com/ops/doc/processors-serializers#scope-serializer
> http://www.orbeon.com/ops/doc/processors-generators#scope-generator
>
> from Java, they can be accessed using:
>
> ExternalContext.Session session = externalContext.getSession();
>
> Hope this helps.
>
> --
> Daniel E. Renfer
> http://kronkltd.net/
>
>
> On 1/5/07, Mike Leary <[hidden email]> wrote:
> > Thanks to all for all the help.  I ended up using some of Ryan's code
> > (below) as well as being able to access Acegi's ThreadLocal stuff
> > directly.
> >
> > I also finally found orbeon's 'request' pipeline (cue trumpets), which
> > seems pretty complete at first glance.
> >
> > See the xml output like so:
> >
> > in page-flow:
> > <page id="request" path-info="/this_dir_under_apps/request" view="request.xpl"/>
> >
> > request.xpl:
> > <p:config xmlns:p="http://www.orbeon.com/oxf/pipeline"
> >           xmlns:oxf="http://www.orbeon.com/oxf/processors">
> >   <p:param name="data" type="output"/>
> >   <p:processor name="oxf:request">
> >     <p:input name="config">
> >       <config>
> >         <include>/*</include>
> >       </config>
> >     </p:input>
> >     <p:output name="data" ref="data"/>
> >   </p:processor>
> > </p:config>
> >
> > No similar 'session' pipeline, though I'm sure I'm not the only one to
> > roll his own.
> >
> >
> > On Wed, Jan 03, 2007 at 10:55:14AM +0000, Ryan Puddephatt wrote:
> > > ExternalContext externalContext = (ExternalContext)
> > > context.getAttribute(PipelineContext.EXTERNAL_CONTEXT);
> > > ExternalContext.Request request = externalContext.getRequest();
>


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Erik Bruchez
Reply | Threaded
Open this post in threaded view
|

Re: newbie pipeline docs questions (nightly build)

Erik Bruchez
Administrator
In reply to this post by ops-user
[hidden email] wrote:
>> "Manually: ... 3. Declare the new processor in processors.xml (i.e.
>> mapping an URI to this new processor)."
>
> I don't have any such file.  Where should it be and where is the
> documentation for its contents, syntax, et al?

That file is hidden in ops.jar. But you should add your own processor
definition to /config/custom-processors.xml. This is documented here:

   http://www.orbeon.com/ops/doc/reference-processor-api#custom-processors

I fixed the Java processor documentation to point there.

>> "Using the Java processor: ...  1. Place MyProcessor.java with the other
>> resources."
>
> The other resources *where*?
> Just any old place under "$CATALINA_HOME/webapps/ops/WEB-INF/resources/"?

Sure. The point is that this file goes with resources, not within a JAR
or anything else.

> When should I use processors.xml (mentioned in processors-java) and when
> should I use custom-processors.xml (mentioned in
> reference-processor-api)?  Is the syntax and such identical for both;
> any meta configurations for those files?

processors.xml includes custom-processors.xml. You should always put
your own processors in custom-processors.xml rather than processors.xml,
as the latter contains the default Orbeon Forms processors and will be
overridden with each new build.

> How do I access the current request/response from a java processor
> pipeline?  I want to make an xml doc from data/objects in the
> request/httpsession (and maybe also update objects in the httpsession
> from a different pipeline).  Whether I do that in a tomcat filter prior
> to the pipeline running or in the pipeline itself I still need the
> request object, yes?

Sure. You can use the oxf:scope-generator processor to extract objects
from the request/session/application scope and produce XML, or you can
do this in your own processor.

> Is "oxf:/" always equal to "$CATALINA_HOME/webapps/ops/WEB-INF/resources/"?

No, this depends on how the resource manager is configured in web.xml.
By default there are typically several resource managers cascaded using
the Priority Resource Manager. See the doc here:

   http://www.orbeon.com/ops/doc/reference-resource-managers

> Does "file:/" == "/" on the filesystem, or is it "file:///"?

This is up to the Java implementation, but I think that a single "/" works.

-Erik

--
Orbeon Forms - Web Forms for the Enterprise Done the Right Way
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Henrik Pettersen
Reply | Threaded
Open this post in threaded view
|

Re: Acegi integration?

Henrik Pettersen
In reply to this post by ops-user
I'm attempting to integrate Acegi, but I am having a lot of problems getting it to work.

In particular, my login form is pointing to /j_acegi_security_check, but Orbeon returns with a "page not found" error for that url. I think I'm missing something obvious here...

I was wondering if you were able to get Aseci to work? If so, would you mind sharing some pointers/code?

Anyone else had any experiences?

Thanks!

Sincerely,
Henrik Pettersen

On 12/28/06, [hidden email] <[hidden email]> wrote:

Has anyone integrated Acegi Security (via minimal Spring rather than the
container adapter) and Ops/XForms (on tomcat)?  I'm wondering if I need
to write a processor to access the Acegi bits in the
HttpSession/SecurityContextHolder or if the java.lang.Object scope
generator is sufficient, or if I'm driving off a cliff. :)

from the Acegi javadocs:
The HttpSession will be queried to retrieve the SecurityContext (minimum
security information associated with the current thread of execution)
that should be stored against the SecurityContextHolder for the duration
of the web request. At the end of the web request, any updates made to
the SecurityContextHolder will be persisted back to the HttpSession by
this filter.

from the Acegi manual:
The most fundamental object is SecurityContextHolder. This is where we
store details of the present security context of the application, which
includes details of the principal currently using the application. By
default the SecurityContextHolder uses a ThreadLocal to store these
details, which means that the security context is always available to
methods in the same thread of execution, even if the security context is
not explicitly passed around as an argument those methods. Using a
ThreadLocal in this way is quite safe if care is taken to clear the
thread after the present principal's request is processed. Of course,
Acegi Security takes care of for you automatically so there is no need
to worry about it.


Would I use a bean generator to access the SecurityContextHolder?

Any help is most appreciated!


--



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws




--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Alessandro Vernet
Reply | Threaded
Open this post in threaded view
|

Re: Acegi integration?

Alessandro Vernet
Administrator
Hi Henrik,

I am not familiar with Acegi. Is it setup using form authentication?
In general with form authentication, the container intercepts the
query to whatever URI it chose to use for form authentication before
it reaches the servlet. Sorry if I raise here even more questions than
you had originally make my comment here totally useless :).

Alex

On 4/30/07, Henrik Pettersen <[hidden email]> wrote:

> I'm attempting to integrate Acegi, but I am having a lot of problems getting
> it to work.
>
> In particular, my login form is pointing to /j_acegi_security_check, but
> Orbeon returns with a "page not found" error for that url. I think I'm
> missing something obvious here...
>
> I was wondering if you were able to get Aseci to work? If so, would you mind
> sharing some pointers/code?
>
> Anyone else had any experiences?
>
> Thanks!
>
> Sincerely,
> Henrik Pettersen
>
>  On 12/28/06, [hidden email] <[hidden email]> wrote:
> >
> >
> > Has anyone integrated Acegi Security (via minimal Spring rather than the
> > container adapter) and Ops/XForms (on tomcat)?  I'm wondering if I need
> > to write a processor to access the Acegi bits in the
> > HttpSession/SecurityContextHolder or if the
> java.lang.Object scope
> > generator is sufficient, or if I'm driving off a cliff. :)
> >
> > from the Acegi javadocs:
> > The HttpSession will be queried to retrieve the SecurityContext (minimum
> > security information associated with the current thread of execution)
> > that should be stored against the SecurityContextHolder for the duration
> > of the web request. At the end of the web request, any updates made to
> > the SecurityContextHolder will be persisted back to the HttpSession by
> > this filter.
> >
> > from the Acegi manual:
> > The most fundamental object is SecurityContextHolder. This is where we
> > store details of the present security context of the application, which
> > includes details of the principal currently using the application. By
> > default the SecurityContextHolder uses a ThreadLocal to store these
> > details, which means that the security context is always available to
> > methods in the same thread of execution, even if the security context is
> > not explicitly passed around as an argument those methods. Using a
> > ThreadLocal in this way is quite safe if care is taken to clear the
> > thread after the present principal's request is processed. Of course,
> > Acegi Security takes care of for you automatically so there is no need
> > to worry about it.
> >
> >
> > Would I use a bean generator to access the SecurityContextHolder?
> >
> > Any help is most appreciated!
> >
> >
> > --
> >
> >
> >
> > --
> > You receive this message as a subscriber of the [hidden email]
> mailing list.
> > To unsubscribe:
> mailto:[hidden email]
> > For general help: mailto: [hidden email]?subject=help
> > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
> >
> >
>
>
>
> --
> You receive this message as a subscriber of the [hidden email]
> mailing list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
>
>

--
Orbeon Forms - Web 2.0 Forms for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Henrik Pettersen
Reply | Threaded
Open this post in threaded view
|

Re: Acegi integration?

Henrik Pettersen
Alex, all,

thanks for the pointers. I was able to track down my problem to the servlet-mapping for Acegi, where I had this:
    <filter-mapping>
      <filter-name>Acegi Filter Chain Proxy</filter-name>
      <url-pattern>/protected</url-pattern>
    </filter-mapping>

which obviously should have been configured like this:
    <filter-mapping>
      <filter-name>Acegi Filter Chain Proxy</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

It's a little tricky to get Acegi working, so I thought I would share my configuration tips with ops-users

web.xml:
=======
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/acegi-config.xml</param-value>
    </context-param>
...
    <!-- Acegi Filter -->
    <filter>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
        <init-param>
            <param-name>targetClass</param-name>
            <param-value>org.acegisecurity.util.FilterChainProxy</param-value>
        </init-param>
    </filter>

    <filter-mapping>
      <filter-name>Acegi Filter Chain Proxy</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
...

    <listener>
        <listener-class> org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

acegi-config.xml:
=============
attached


login.form:
========
    <xhtml:form action="/j_acegi_security_check" method="POST">
        <xhtml:table>
            <xhtml:tr>
                <xhtml:td>Username</xhtml:td>
                <xhtml:td><input name="j_username"/></xhtml:td>
            </xhtml:tr>
            <xhtml:tr>
                <xhtml:td>Password</xhtml:td>
                <xhtml:td><xhtml:input type="password" name="j_password"/></xhtml:td>
            </xhtml:tr>
            <xhtml:tr>
                <xhtml:td><xhtml:input class="button" type="submit" value="Login"/></xhtml:td>
                <xhtml:td/>
            </xhtml:tr>
        </xhtml:table>
    </xhtml:form>

Logout:
======
<xhtml:a href="/j_acegi_logout" alt="Logout" title="Logout / Exit">Logout / Exit</xhtml:a>

Hope someone finds this usefull.

Henrik


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

acegi-config.xml (6K) Download Attachment
Alessandro Vernet
Reply | Threaded
Open this post in threaded view
|

Re: Acegi integration?

Alessandro Vernet
Administrator
On 5/1/07, Henrik Pettersen <[hidden email]> wrote:
> thanks for the pointers. I was able to track down my problem to the
> servlet-mapping for Acegi, where I had this:
> [...]

Henrik,

I am glad this worked, and thank you for sharing the solution you
found on the list.

Alex
--
Orbeon Forms - Web 2.0 Forms for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
Free forum by Nabble Edit this page