[openid4java] r738 committed - Updated API documentation for private/shared association stores.
24 views
Skip to first unread message
codesite...@google.com
May 13, 2013, 3:12:22 PM5/13/13
to openid4java-...@googlegroups.com
Revision: 738
Author: johnny.bufu
Date: Mon May 13 12:12:09 2013
Log: Updated API documentation for private/shared association stores.
http://code.google.com/p/openid4java/source/detail?r=738
Modified:
/trunk/src/org/openid4java/server/ServerManager.java
=======================================
--- /trunk/src/org/openid4java/server/ServerManager.java Fri May 10
19:50:33 2013
+++ /trunk/src/org/openid4java/server/ServerManager.java Mon May 13
12:12:09 2013
@@ -31,12 +31,18 @@
/**
* Keeps track of the associations established with consumer sites.
+ *
+ * MUST be a different store than
ServerAssociationStore#_privateAssociations,
+ * otherwise openid responses can be forged and user accounts hijacked.
*/
private ServerAssociationStore _sharedAssociations = new
InMemoryServerAssociationStore();
/**
* Keeps track of private (internal) associations created for signing
* authentication responses for stateless consumer sites.
+ *
+ * MUST be a different store than
ServerAssociationStore#_sharedAssociations,
+ * otherwise openid responses can be forged and user accounts hijacked.
*/
private ServerAssociationStore _privateAssociations = new
InMemoryServerAssociationStore();
@@ -44,7 +50,9 @@
* Flag for checking that shared associations are not accepted as or
mixed with
* the private ones.
*
- * Default true - check is performed at the expense of one extra
association store query.
+ * Default true: check is performed at the expense of one extra
association store query
+ * to ensure that ServerManager#_sharedAssociations and
ServerManager#_privateAssociations
+ * are different store/instances.
*/
private boolean _checkPrivateSharedAssociations = true;
@@ -894,7 +902,8 @@
if (_checkPrivateSharedAssociations &&
_sharedAssociations.load(handle) != null)
{
_log.warn("association for handle: " + handle + " expected
to be private " +
- "but was found in shared association store, denying direct
verification request");
+ "but was found in shared association store, denying direct
verification request; " +
+ "please configure different association store/instances
for private vs shared associations");
}
else if (assoc != null)
{
Author: johnny.bufu
Date: Mon May 13 12:12:09 2013
Log: Updated API documentation for private/shared association stores.
http://code.google.com/p/openid4java/source/detail?r=738
Modified:
/trunk/src/org/openid4java/server/ServerManager.java
=======================================
--- /trunk/src/org/openid4java/server/ServerManager.java Fri May 10
19:50:33 2013
+++ /trunk/src/org/openid4java/server/ServerManager.java Mon May 13
12:12:09 2013
@@ -31,12 +31,18 @@
/**
* Keeps track of the associations established with consumer sites.
+ *
+ * MUST be a different store than
ServerAssociationStore#_privateAssociations,
+ * otherwise openid responses can be forged and user accounts hijacked.
*/
private ServerAssociationStore _sharedAssociations = new
InMemoryServerAssociationStore();
/**
* Keeps track of private (internal) associations created for signing
* authentication responses for stateless consumer sites.
+ *
+ * MUST be a different store than
ServerAssociationStore#_sharedAssociations,
+ * otherwise openid responses can be forged and user accounts hijacked.
*/
private ServerAssociationStore _privateAssociations = new
InMemoryServerAssociationStore();
@@ -44,7 +50,9 @@
* Flag for checking that shared associations are not accepted as or
mixed with
* the private ones.
*
- * Default true - check is performed at the expense of one extra
association store query.
+ * Default true: check is performed at the expense of one extra
association store query
+ * to ensure that ServerManager#_sharedAssociations and
ServerManager#_privateAssociations
+ * are different store/instances.
*/
private boolean _checkPrivateSharedAssociations = true;
@@ -894,7 +902,8 @@
if (_checkPrivateSharedAssociations &&
_sharedAssociations.load(handle) != null)
{
_log.warn("association for handle: " + handle + " expected
to be private " +
- "but was found in shared association store, denying direct
verification request");
+ "but was found in shared association store, denying direct
verification request; " +
+ "please configure different association store/instances
for private vs shared associations");
}
else if (assoc != null)
{
Reply all
Reply to author
Forward
0 new messages