题
I am completely new to tapestry and the tynamo-security module and need your help.
I want to implement an authentication feature on my web app using tynamo-security and hibernate. I followed the instructions here but it's are not sufficent for me to make it work.
So far I have implemented a user entity and its dao:
https://stackoverflow.com/questions/13692024
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianpackage com.example.tynamo.entities;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import org.apache.tapestry5.beaneditor.NonVisual;
import org.apache.tapestry5.beaneditor.Validate;
@Entity
public class User {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@NonVisual
private Long id;
@Validate("required")
private String firstName;
@Validate("required")
private String lastName;
@Validate("required")
private String email;
@Validate("required")
private String loginName;
@Validate("required")
private String password;
public User(){
}
public User(String firstName, String lastName, String email, String userName, String password){
this.loginName = userName;
this.firstName = firstName;
this.lastName = lastName;
this.email = email;
this.password = password;
}
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public String getFirstName() {
return firstName;
}
public void setFirstName(String firstName) {
this.firstName = firstName;
}
public String getLastName() {
return lastName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getLoginName() {
return loginName;
}
public void setLoginName(String loginName) {
this.loginName = loginName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String toString(){
return loginName + " : " + firstName + " " + lastName + " - " + email + " : " + password;
}
}
package com.example.tynamo.dao.impl;
import java.util.List;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.Transaction;
import org.hibernate.cfg.Configuration;
import org.hibernate.criterion.Criterion;
import org.hibernate.criterion.Restrictions;
import org.hibernate.exception.ConstraintViolationException;
import com.example.tynamo.dao.UserDAO;
import com.example.tynamo.entities.User;
public class UserDAOImpl implements UserDAO {
private SessionFactory factory = new Configuration().configure().buildSessionFactory();
public void insertUser(User user) {
Session session = factory.openSession();
Transaction tx = session.beginTransaction();
try {
System.out.println(session.save(user));
tx.commit();
session.close();
} catch (ConstraintViolationException e) {
System.out.println(e.getErrorCode());
}
}
public User loadUserById(int id) {
Session session = factory.openSession();
User u = (User) session.load(User.class, id);
session.close();
return u;
}
public User loadUserByLoginName(String loginName) {
Session session = factory.openSession();
User u = (User) session.createCriteria(User.class).add(Restrictions.eq("loginName", loginName)).uniqueResult();
session.close();
return u;
}
@SuppressWarnings("unchecked")
public List<User> loadAllUser() {
Session session = factory.openSession();
List<User> list = session.createCriteria(User.class).list();
session.close();
return list;
}
}
Moreover I wrote added some lines in the AppModule:
in the binder method:
binder.bind(UserDAO.class, UserDAOImpl.class);
... the method as it is described here
public static void contributeSecurityConfiguration(Configuration<SecurityFilterChain> configuration,
SecurityFilterChainFactory factory)
... and a the addRealms method that adds my own UserRalm to the configs.
@Contribute(WebSecurityManager.class)
public static void addRealms(Configuration<Realm> configuration) {
UserRealm realm = new UserRealm();
configuration.add(realm);
}
I took the example class for UserRealm from here and modified it as follows
package com.example.tynamo.security;
import java.util.HashSet;
import java.util.Set;
import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.crypto.hash.Sha1Hash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.SimpleByteSource;
import org.apache.tapestry5.ioc.annotations.Inject;
import org.hibernate.Session;
import org.hibernate.criterion.Restrictions;
import com.example.tynamo.dao.UserDAO;
import com.example.tynamo.entities.User;
public class UserRealm extends AuthorizingRealm {
@Inject
UserDAO userDAO;
public UserRealm() {
super(new MemoryConstrainedCacheManager());
setName("localaccounts");
setAuthenticationTokenClass(UsernamePasswordToken.class);
setCredentialsMatcher(new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME));
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
if (principals == null) throw new AuthorizationException("PrincipalCollection was null, which should not happen");
if (principals.isEmpty()) return null;
if (principals.fromRealm(getName()).size() <= 0) return null;
String username = (String) principals.fromRealm(getName()).iterator().next();
if (username == null) return null;
User user = findByUsername(username);
// if (user == null) return null;
// Set<String> roles = new HashSet<String>(user.getRoles().size());
// for (Role role : user.getRoles())
// roles.add(role.name());
//return new SimpleAuthorizationInfo(roles);
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
// Null username is invalid
if (username == null) { throw new AccountException("Null usernames are not allowed by this realm."); }
User user = findByUsername(username);
//if (user.isAccountLocked()) { throw new LockedAccountException("Account [" + username + "] is locked."); }
//if (user.isCredentialsExpired()) {
// String msg = "The credentials for account [" + username + "] are expired";
// throw new ExpiredCredentialsException(msg);
//}
//return new SimpleAuthenticationInfo(username, user.getEncodedPassword(), new SimpleByteSource(user.getPasswordSalt()), getName());
return null;
}
private User findByUsername(String username) {
return userDAO.loadUserByLoginName(username);
}
}
I commented out the parts that don't work yet. The user entity that I implemented myself doesn't have the methods asked here and I can't find any user interface (just the federated) that helps me with implementing these methods. What am I doing wrong? Can anybody help me with that?
Does tynamo-security also provide pages (and so on) for signup?
解决方案
Did you get this to work ?
One of the things that I noticed is that you have instantiated UserRealm by yourself and so @Inject won't work in there. You can either allow tapestry to instantiate it by using configuration.addInstance(UserRealm.class) or pass a reference to the UserDAO using constructor.
As you have not mentioned what kind of error you are facing it is difficult to answer it.
