使用tynamo-security模块在tapestry web应用程序中实现身份验证功能时出现的问题
使用tynamo-security模块在tapestry web应用程序中实现身份验证功能时出现的问题
提问于 2012-12-04 05:28:14
我对tapestry和tynamo-security模块完全陌生,需要您的帮助。
我想使用tynamo-security和hibernate在我的web应用程序上实现一个身份验证功能。我遵循了here的说明,但这对我来说还不够让它工作。
到目前为止,我已经实现了一个用户实体及其dao:
package com.example.tynamo.entities;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import org.apache.tapestry5.beaneditor.NonVisual;
import org.apache.tapestry5.beaneditor.Validate;
@Entity
public class User {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@NonVisual
private Long id;
@Validate("required")
private String firstName;
@Validate("required")
private String lastName;
@Validate("required")
private String email;
@Validate("required")
private String loginName;
@Validate("required")
private String password;
public User(){
}
public User(String firstName, String lastName, String email, String userName, String password){
this.loginName = userName;
this.firstName = firstName;
this.lastName = lastName;
this.email = email;
this.password = password;
}
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public String getFirstName() {
return firstName;
}
public void setFirstName(String firstName) {
this.firstName = firstName;
}
public String getLastName() {
return lastName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getLoginName() {
return loginName;
}
public void setLoginName(String loginName) {
this.loginName = loginName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String toString(){
return loginName + " : " + firstName + " " + lastName + " - " + email + " : " + password;
}
}
package com.example.tynamo.dao.impl;
import java.util.List;
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.Transaction;
import org.hibernate.cfg.Configuration;
import org.hibernate.criterion.Criterion;
import org.hibernate.criterion.Restrictions;
import org.hibernate.exception.ConstraintViolationException;
import com.example.tynamo.dao.UserDAO;
import com.example.tynamo.entities.User;
public class UserDAOImpl implements UserDAO {
private SessionFactory factory = new Configuration().configure().buildSessionFactory();
public void insertUser(User user) {
Session session = factory.openSession();
Transaction tx = session.beginTransaction();
try {
System.out.println(session.save(user));
tx.commit();
session.close();
} catch (ConstraintViolationException e) {
System.out.println(e.getErrorCode());
}
}
public User loadUserById(int id) {
Session session = factory.openSession();
User u = (User) session.load(User.class, id);
session.close();
return u;
}
public User loadUserByLoginName(String loginName) {
Session session = factory.openSession();
User u = (User) session.createCriteria(User.class).add(Restrictions.eq("loginName", loginName)).uniqueResult();
session.close();
return u;
}
@SuppressWarnings("unchecked")
public List<User> loadAllUser() {
Session session = factory.openSession();
List<User> list = session.createCriteria(User.class).list();
session.close();
return list;
}
}此外,我还在AppModule中添加了一些行:
在绑定器方法中:
binder.bind(UserDAO.class, UserDAOImpl.class);..。here所描述的方法
public static void contributeSecurityConfiguration(Configuration<SecurityFilterChain> configuration,
SecurityFilterChainFactory factory)..。和一个将我自己的UserRalm添加到配置中的addRealms方法。
@Contribute(WebSecurityManager.class)
public static void addRealms(Configuration<Realm> configuration) {
UserRealm realm = new UserRealm();
configuration.add(realm);
}我从here获取了UserRealm的示例类,并对其进行了如下修改
package com.example.tynamo.security;
import java.util.HashSet;
import java.util.Set;
import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.crypto.hash.Sha1Hash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.SimpleByteSource;
import org.apache.tapestry5.ioc.annotations.Inject;
import org.hibernate.Session;
import org.hibernate.criterion.Restrictions;
import com.example.tynamo.dao.UserDAO;
import com.example.tynamo.entities.User;
public class UserRealm extends AuthorizingRealm {
@Inject
UserDAO userDAO;
public UserRealm() {
super(new MemoryConstrainedCacheManager());
setName("localaccounts");
setAuthenticationTokenClass(UsernamePasswordToken.class);
setCredentialsMatcher(new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME));
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
if (principals == null) throw new AuthorizationException("PrincipalCollection was null, which should not happen");
if (principals.isEmpty()) return null;
if (principals.fromRealm(getName()).size() <= 0) return null;
String username = (String) principals.fromRealm(getName()).iterator().next();
if (username == null) return null;
User user = findByUsername(username);
// if (user == null) return null;
// Set<String> roles = new HashSet<String>(user.getRoles().size());
// for (Role role : user.getRoles())
// roles.add(role.name());
//return new SimpleAuthorizationInfo(roles);
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String username = upToken.getUsername();
// Null username is invalid
if (username == null) { throw new AccountException("Null usernames are not allowed by this realm."); }
User user = findByUsername(username);
//if (user.isAccountLocked()) { throw new LockedAccountException("Account [" + username + "] is locked."); }
//if (user.isCredentialsExpired()) {
// String msg = "The credentials for account [" + username + "] are expired";
// throw new ExpiredCredentialsException(msg);
//}
//return new SimpleAuthenticationInfo(username, user.getEncodedPassword(), new SimpleByteSource(user.getPasswordSalt()), getName());
return null;
}
private User findByUsername(String username) {
return userDAO.loadUserByLoginName(username);
}
}我注释掉了还不能工作的部分。我自己实现的用户实体没有这里要求的方法,我也找不到任何用户界面(只有联邦用户)来帮助我实现这些方法。我做错了什么?有人能帮我吗?
tynamo-security是否也提供注册页面(等等)?
回答 1
Stack Overflow用户
回答已采纳
发布于 2013-01-03 19:26:05
你把这个弄好了吗?
我注意到的一件事是,您自己实例化了UserRealm,因此@Inject不能在其中工作。您可以允许tapestry使用configuration.addInstance(UserRealm.class)实例化它,也可以使用构造函数传递对UserDAO的引用。
由于您没有提到您面临的是哪种错误,因此很难回答它。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/13692024
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号