Spring Security
  1. Spring Security
  2. SEC-1595

OpenID4JavaConsumer needs way to inject custom ConsumerManager - Currently Not AppEngine compatible

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.3, 3.1.0.M1
    • Fix Version/s: 3.1.0.M2
    • Component/s: OpenID
    • Labels:
      None

      Description

      Provide a new way of setting a custom ConsumerManager

      Currently, the only constructor that allows you to set a custom ConsumerManager is @Deprecated

      @Deprecated
      public OpenID4JavaConsumer(ConsumerManager consumerManager, final List<OpenIDAttribute> attributes)
      throws ConsumerException {
      this.consumerManager = consumerManager;
      this.attributesToFetchFactory = new AxFetchListFactory() {
      private final List<OpenIDAttribute> fetchAttrs = Collections.unmodifiableList(attributes);

      public List<OpenIDAttribute> createAttributeList(String identifier)

      { return fetchAttrs; }

      };
      }

      In order to run on AppEngine with OpenID4Java, you need to instantiate a ConsumerManager with a custom HttpFetcher.

      http://code.google.com/p/openid4java/issues/detail?id=111

      http://code.google.com/p/openid4java/source/browse/trunk/src/org/openid4java/consumer/ConsumerManager.java

      Otherwise you will get the following exception:

      ava.security.AccessControlException: access denied (java.lang.RuntimePermission modifyThreadGroup)
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
      at java.security.AccessController.checkPermission(AccessController.java:546)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
      at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166)
      at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkAccess(DevAppServerFactory.java:191)
      at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:299)
      at java.lang.Thread.init(Thread.java:332)
      at java.lang.Thread.<init>(Thread.java:379)
      at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$ReferenceQueueThread.<init>(MultiThreadedHttpConnectionManager.java:1080)
      at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.storeReferenceToConnection(MultiThreadedHttpConnectionManager.java:173)
      at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.access$900(MultiThreadedHttpConnectionManager.java:65)
      at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$ConnectionPool.createConnection(MultiThreadedHttpConnectionManager.java:771)
      at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.doGetConnection(MultiThreadedHttpConnectionManager.java:476)
      at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.getConnectionWithTimeout(MultiThreadedHttpConnectionManager.java:416)
      at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:153)
      at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
      at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
      at org.openid4java.util.HttpCache.head(HttpCache.java:296)
      at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:360)
      at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:229)
      at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:221)
      at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:179)
      at org.openid4java.discovery.Discovery.discover(Discovery.java:134)
      at org.openid4java.discovery.Discovery.discover(Discovery.java:114)
      at org.openid4java.consumer.ConsumerManager.discover(ConsumerManager.java:527)
      at org.springframework.security.openid.OpenID4JavaConsumer.beginConsumption(OpenID4JavaConsumer.java:98)
      at org.springframework.security.openid.OpenIDAuthenticationFilter.attemptAuthentication(OpenIDAuthenticationFilter.java:132)

      ...

        Activity

        Hide
        Luke Taylor added a comment -

        I've added an extra constructor which takes the ConsumerManager and an AxFetchListFactory.

        Show
        Luke Taylor added a comment - I've added an extra constructor which takes the ConsumerManager and an AxFetchListFactory.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Scott Murphy
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: