SEC-1595: OpenID4JavaConsumer needs way to inject custom ConsumerManager - Currently Not AppEngine compatible #1834

Closed
spring-issuemaster opened this Issue Oct 19, 2010 · 1 comment

1 participant

@spring-issuemaster

Scott Murphy (Migrated from SEC-1595) said:

Provide a new way of setting a custom ConsumerManager

Currently, the only constructor that allows you to set a custom ConsumerManager is @Deprecated

@Deprecated
public OpenID4JavaConsumer(ConsumerManager consumerManager, final List<OpenIDAttribute> attributes)
        throws ConsumerException {
    this.consumerManager = consumerManager;
    this.attributesToFetchFactory = new AxFetchListFactory() {
        private final List<OpenIDAttribute> fetchAttrs = Collections.unmodifiableList(attributes);

        public List<OpenIDAttribute> createAttributeList(String identifier) {
            return fetchAttrs;
        }
    };
}

In order to run on AppEngine with OpenID4Java, you need to instantiate a ConsumerManager with a custom HttpFetcher.

http://code.google.com/p/openid4java/issues/detail?id=111

http://code.google.com/p/openid4java/source/browse/trunk/src/org/openid4java/consumer/ConsumerManager.java

Otherwise you will get the following exception:

ava.security.AccessControlException: access denied (java.lang.RuntimePermission modifyThreadGroup)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166)
at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkAccess(DevAppServerFactory.java:191)
at java.lang.ThreadGroup.checkAccess(ThreadGroup.java:299)
at java.lang.Thread.init(Thread.java:332)
at java.lang.Thread.(Thread.java:379)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$ReferenceQueueThread.(MultiThreadedHttpConnectionManager.java:1080)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.storeReferenceToConnection(MultiThreadedHttpConnectionManager.java:173)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.access$900(MultiThreadedHttpConnectionManager.java:65)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$ConnectionPool.createConnection(MultiThreadedHttpConnectionManager.java:771)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.doGetConnection(MultiThreadedHttpConnectionManager.java:476)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.getConnectionWithTimeout(MultiThreadedHttpConnectionManager.java:416)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:153)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at org.openid4java.util.HttpCache.head(HttpCache.java:296)
at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:360)
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:229)
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:221)
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:179)
at org.openid4java.discovery.Discovery.discover(Discovery.java:134)
at org.openid4java.discovery.Discovery.discover(Discovery.java:114)
at org.openid4java.consumer.ConsumerManager.discover(ConsumerManager.java:527)
at org.springframework.security.openid.OpenID4JavaConsumer.beginConsumption(OpenID4JavaConsumer.java:98)
at org.springframework.security.openid.OpenIDAuthenticationFilter.attemptAuthentication(OpenIDAuthenticationFilter.java:132)

...

@spring-issuemaster

Luke Taylor said:

I've added an extra constructor which takes the ConsumerManager and an AxFetchListFactory.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment