-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SEC-1220: Google App Engine compatibility issues #1471
Comments
Luke Taylor said: Removing the Collections.unmodifiableList call would make the authorities list mutable and it's a basic assumption that the Authenticaition object is immutable with respect to the key security data it contains. Is there a particular reason why this class isn't available in GAE? |
Guido García said: I do not know the reason why java.lang.String$CaseInsensitiveComparator and Collections$UnmodifiableXXX classes are not available in GAE. Is there any alternative to make a collection inmutable? I modified SavedRequest and java.lang.String$CaseInsensitiveComparator class not found exception disapears when deployed in GAE. I was not able to modify the rest of code to check in GAE that the other exception (Collections$UnmodifiableXXX class not found) also goes away, as there are a lot of dependencies in Spring Security and I was not able to compile the whole project and regenerate the jars following the steps in http://static.springsource.org/spring-security/site/build.html. |
Guido García said: It is documented as a bug in GAE : http://code.google.com/p/googleappengine/issues/detail?id=1290 (do not forget to vote for it :) Seems to be an object serialization issue with some JRE classes, so the only workaround in the short term is to modify Spring Security source to avoid using that JRE classes in Spring Security classes intended to be serialized. |
Luke Taylor said: Realistically this will have to wait for Google to sort things out. Changing core design or adding substitute classes to the framework to compensate for those missing from the JDK isn't really a viable option. |
jimbo said: Hi, Thanks for the info on this issue, I managed to get spring security working by amending the source as suggested. If anyone would like a link to the re-compiled core jar I created please feel free to download at: http://www.google-app-engine.com/blog/post/Spring-security-fix-for-google-app-engine.aspx Jim |
Guido García said: Google guys say it has been fixed in GAE 1.2.5 Just in case anyone here is interested. |
Guido García (Migrated from SEC-1220) said:
Currently, Spring Security 3 is not compatible with Google App Engine (GAE), as it uses classes not listed in the JRE Class White List (http://code.google.com/intl/en/appengine/docs/java/jrewhitelist.html).
It would be great to have at least a compatibility mode.
The changes to be done :
STRING COMPARATIONS
UNMODIFIABLE COLLECTIONS
For example, in AbstractAuthenticationToken.java, use
this.authorities = authorities
instead of
this.authorities = Collections.unmodifiableList(authorities)
The text was updated successfully, but these errors were encountered: