Welcome to dyuproject. Feel free to ask
3 views
Skip to first unread message
dyupr...@gmail.com
May 28, 2009, 5:06:18 AM5/28/09
to dyuproject
If anyone has any questions/suggestions, this is the place for them.
Cheers
Cheers
Alberto Gimeno
May 28, 2009, 5:25:03 AM5/28/09
to dyupr...@googlegroups.com
Hi!
My team and I are working on an application and we're interested on
using OpenID for the user authentication. We have choosen dyuproject
becuase it works on Google App Engine.
However we are using a web framework that hides completly the
underlying JavaEE classes. It is, we have no access to
HttpServletRequest, HttpServletResponse or HttpSession. We have
created or own wrappers for these classes and it works. But this is a
big hack :P
We want to ask if could be implemented some kind of abstraction,
something non dependant on JavaEE.
A big issue on imlementing our hack was the HttpSession object. The
framework we are using is completly stateless, there is no session,
there is just a session-like mechanism based on cookies. We like this
approach, so we tried to implement our HttpSession using this cookie
mechanism. We serialized the OpenIdUser object as JSON into the
cookie. It worked, but when deploying it to Google App Engine it
failed because GAE has a limit on the cookie size. So our final "hack"
was to store the OpenIdUser object into the App Engine's datastore,
and the cookie just has the identifier of the datastore record that
stores his OpenIdUser.
There could be a way to use dyuproject OpenID on an JavaEE-agnostic
and stateless environment?
On Thu, May 28, 2009 at 11:06 AM, <dyupr...@gmail.com> wrote:
>
> If anyone has any questions/suggestions, this is the place for them.
>
> Cheers
> >
>
--
Alberto Gimeno Brieba
email y gtalk: gime...@gmail.com
blog: http://gimenete.net
web favorita: http://www.debugmodeon.com
teléfono móvil: +34 625 24 64 81
My team and I are working on an application and we're interested on
using OpenID for the user authentication. We have choosen dyuproject
becuase it works on Google App Engine.
However we are using a web framework that hides completly the
underlying JavaEE classes. It is, we have no access to
HttpServletRequest, HttpServletResponse or HttpSession. We have
created or own wrappers for these classes and it works. But this is a
big hack :P
We want to ask if could be implemented some kind of abstraction,
something non dependant on JavaEE.
A big issue on imlementing our hack was the HttpSession object. The
framework we are using is completly stateless, there is no session,
there is just a session-like mechanism based on cookies. We like this
approach, so we tried to implement our HttpSession using this cookie
mechanism. We serialized the OpenIdUser object as JSON into the
cookie. It worked, but when deploying it to Google App Engine it
failed because GAE has a limit on the cookie size. So our final "hack"
was to store the OpenIdUser object into the App Engine's datastore,
and the cookie just has the identifier of the datastore record that
stores his OpenIdUser.
There could be a way to use dyuproject OpenID on an JavaEE-agnostic
and stateless environment?
On Thu, May 28, 2009 at 11:06 AM, <dyupr...@gmail.com> wrote:
>
> If anyone has any questions/suggestions, this is the place for them.
>
> Cheers
> >
>
Alberto Gimeno Brieba
email y gtalk: gime...@gmail.com
blog: http://gimenete.net
web favorita: http://www.debugmodeon.com
teléfono móvil: +34 625 24 64 81
David
May 28, 2009, 6:01:39 AM5/28/09
to dyuproject
I'm assuming you're using some kind of REST framework (restlet maybe).
The CookieBasedUserManager works well for these type of environments
(stateless).
As you mentioned, the problem is that GAE has a limit on the cookie
size.
So I'm guessing you implemented a custom OpenIdUserManager to store to
appengine datastore.
Initially this project was designed to make the core components work
without the servlet stuff.
The RelyingParty and OpenIdUserManager are basically helper classes
that manage the openid lifecycle for you.
Openid requires heavily on request parameters being tossed back and
forth.
If you can get all the request parameters without the
HttpServletRequest, then its doable.
You only need:
DiffieHellmanAssociation
SimpleHttpConnector
DefaultDiscovery
Identifier
OpenIdContext
I'll have to refactor OpenIdContext to move the AuthRedirection to
RelyingParty. (overlooked this)
With all those components, you try to mimic what the RelyingParty does
with it .... but without the HttpServletRequest.
The Association accepts the parameters as Map<String,String>.
If you go ahead with this approach and encounter problems, let me
know.
Cheers
On May 28, 5:25 pm, Alberto Gimeno <gimen...@gmail.com> wrote:
> Hi!
>
> My team and I are working on an application and we're interested on
> using OpenID for the user authentication. We have choosen dyuproject
> becuase it works on Google App Engine.
>
> However we are using a web framework that hides completly the
> underlying JavaEE classes. It is, we have no access to
> HttpServletRequest, HttpServletResponse or HttpSession. We have
> created or own wrappers for these classes and it works. But this is a
> big hack :P
>
> We want to ask if could be implemented some kind of abstraction,
> something non dependant on JavaEE.
>
> A big issue on imlementing our hack was the HttpSession object. The
> framework we are using is completly stateless, there is no session,
> there is just a session-like mechanism based on cookies. We like this
> approach, so we tried to implement our HttpSession using this cookie
> mechanism. We serialized the OpenIdUser object as JSON into the
> cookie. It worked, but when deploying it to Google App Engine it
> failed because GAE has a limit on the cookie size. So our final "hack"
> was to store the OpenIdUser object into the App Engine's datastore,
> and the cookie just has the identifier of the datastore record that
> stores his OpenIdUser.
>
> There could be a way to use dyuproject OpenID on an JavaEE-agnostic
> and stateless environment?
>
The CookieBasedUserManager works well for these type of environments
(stateless).
As you mentioned, the problem is that GAE has a limit on the cookie
size.
So I'm guessing you implemented a custom OpenIdUserManager to store to
appengine datastore.
Initially this project was designed to make the core components work
without the servlet stuff.
The RelyingParty and OpenIdUserManager are basically helper classes
that manage the openid lifecycle for you.
Openid requires heavily on request parameters being tossed back and
forth.
If you can get all the request parameters without the
HttpServletRequest, then its doable.
You only need:
DiffieHellmanAssociation
SimpleHttpConnector
DefaultDiscovery
Identifier
OpenIdContext
I'll have to refactor OpenIdContext to move the AuthRedirection to
RelyingParty. (overlooked this)
With all those components, you try to mimic what the RelyingParty does
with it .... but without the HttpServletRequest.
The Association accepts the parameters as Map<String,String>.
If you go ahead with this approach and encounter problems, let me
know.
Cheers
On May 28, 5:25 pm, Alberto Gimeno <gimen...@gmail.com> wrote:
> Hi!
>
> My team and I are working on an application and we're interested on
> using OpenID for the user authentication. We have choosen dyuproject
> becuase it works on Google App Engine.
>
> However we are using a web framework that hides completly the
> underlying JavaEE classes. It is, we have no access to
> HttpServletRequest, HttpServletResponse or HttpSession. We have
> created or own wrappers for these classes and it works. But this is a
> big hack :P
>
> We want to ask if could be implemented some kind of abstraction,
> something non dependant on JavaEE.
>
> A big issue on imlementing our hack was the HttpSession object. The
> framework we are using is completly stateless, there is no session,
> there is just a session-like mechanism based on cookies. We like this
> approach, so we tried to implement our HttpSession using this cookie
> mechanism. We serialized the OpenIdUser object as JSON into the
> cookie. It worked, but when deploying it to Google App Engine it
> failed because GAE has a limit on the cookie size. So our final "hack"
> was to store the OpenIdUser object into the App Engine's datastore,
> and the cookie just has the identifier of the datastore record that
> stores his OpenIdUser.
>
> There could be a way to use dyuproject OpenID on an JavaEE-agnostic
> and stateless environment?
>
> On Thu, May 28, 2009 at 11:06 AM, <dyuproj...@gmail.com> wrote:
>
> > If anyone has any questions/suggestions, this is the place for them.
>
> > Cheers
>
> --
> Alberto Gimeno Brieba
> email y gtalk: gimen...@gmail.com
>
> > If anyone has any questions/suggestions, this is the place for them.
>
> > Cheers
>
> --
> Alberto Gimeno Brieba
Reply all
Reply to author
Forward
0 new messages