Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.3
    • Fix Version/s: 3.0.0 M1
    • Component/s: OpenID
    • Labels:
      None

      Description

      I'm trying to create a remember-me cookie with an OpenID authentication. Since OpenIDAuthenticationToken doesn't support password, it's causing a NullPointerException in TokenBasedRememberMeServices.retrievePassword() - it calls toString() on the null password ("return authentication.getCredentials().toString();" line 202).

      How am I supposed to use cookies with OpenID? If I create my own RememberMeServices and leave out the password then anyone can create a cookie with my OpenID and log in as me.

        Activity

        Hide
        Luke Taylor added a comment -

        Thanks for the report. I've updated TokenBasedRememberMeServices to return null from the retrievePassword() method if it is presented with an Authentication object which has null credentials. This will just prevent it from setting the remember-me cookie. By definition TokenBasedRMS requires a password, so you can't use it in this scenario. Consider using the persistent token implementation instead.

        Show
        Luke Taylor added a comment - Thanks for the report. I've updated TokenBasedRememberMeServices to return null from the retrievePassword() method if it is presented with an Authentication object which has null credentials. This will just prevent it from setting the remember-me cookie. By definition TokenBasedRMS requires a password, so you can't use it in this scenario. Consider using the persistent token implementation instead.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Burt Beckwith
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: