OpenId4Java on Google App Engine

[Spines]

I got OpenId4Java working on the Google App Engine by using the
pluggable HttpFetcher of the latest build.

However, according to the documentation: The Consumer site needs to
have the same instance of the ConsumerManager class throughout the
lifecycle of a OpenID authentication session.

So it seems that if one JVM instance on the google app engine sends
the openId request to the user's provider, and the response from the
provider gets handled by a different JVM instance, then it would fail.

Does anyone know a way to get around this, or a way for me to modify
ConsumerManager to not have that requirement?

Is there some member variable that needs to be shared? If so could I
store it in the memCache for another ConsumerManager on a different
JVM instance to use?

[渡健太]

hi Spines,

It would be instance of NonceVerifier and ConsumerAssociationStore that uses
default implementation InMemoryXXX.
It needs another implementation for AppEngine shared with memcache or session.
then, you can instanciate ConsumerManager at every request and have to
call setter below
ConsumerManager#setAssociations,
ConsumerManager#setNonceVerifier,
ConsumerManager#setPrivateAssociationStore,

fyi, I made some hacks for appengine based on release 0.9.5.593, it
works for me.

thx.

WdWeaver

2010/2/5 Spines <kwst...@gmail.com>:

> --
> You received this message because you are subscribed to the Google Groups "OpenID4Java" group.
> To post to this group, send email to openi...@googlegroups.com.
> To unsubscribe from this group, send email to openid4java...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/openid4java?hl=en.
>
>

[Spines]

Thanks WdWeaver. This is very helpful. I will probably end up doing
a similar hack to what you did, do you have any code samples or
anything you could share?

On Feb 5, 7:47 am, 渡健太 <kenta.wat...@gmail.com> wrote:
> hi Spines,
>
> It would be instance of NonceVerifier and ConsumerAssociationStore that uses
>  default implementation InMemoryXXX.
> It needs another implementation for AppEngine shared with memcache or session.
> then, you can instanciate ConsumerManager at every request and have to
> call setter below
>  ConsumerManager#setAssociations,
>  ConsumerManager#setNonceVerifier,
>  ConsumerManager#setPrivateAssociationStore,
>
> fyi, I made some hacks for appengine based on release 0.9.5.593, it
> works for me.
>
> thx.
>
> WdWeaver
>

> 2010/2/5 Spines <kwste...@gmail.com>:

[WdWeaver]

Hi Spines,

I send you my github codes below,
http://bit.ly/d8aq9R http://bit.ly/9AZUwG http://bit.ly/cMEcRp
( * just a toy level code :/ )
Maybe they don't fit with latest version, but I hope these help
you :)

If you use SampleConsumer, you need to change it to make
instance of ConsumerManger at every request.
(* Head of authRequest and verifyResponse )

Thanks,

WdWeaver

[Seung]

I was able to make openid work in GAE/J by replacing
org.openid4java.util.HttpCache.java with the following file

http://code.google.com/p/step2/source/browse/code/java/trunk/example-consumer/src/main/java/com/google/step2/example/consumer/appengine/Openid4javaFetcher.java

It uses google urlfetch to replace org.apache.http.client.*.

Withe a couple line changes, it seems to work well.

[nacho3d]

Hi, I'm trying to use openid4java in appengine.

But I'm totally loose, can you help me?

Seung can you share your org.openid4java.util.HttpCache.java file after the changes that you have done to it?

[Sven Jacobs]

I finally managed to get it working on GAE but OpenID4Java doesn't really make it simple...

First of all let me say that I really recommend using Google Guice (dependency injection) because it makes "overwriting" of default implementations and binding of custom implementations much easier. Fortunately the necessary classes of OpenID4Java already provide injectable constructors (annotated with @Inject).

OpenID4Java uses Apache's HttpClient but direct HTTP calls are not possible in the AppEngine environment. I've been using the customized HttpFetcher from this (https://code.google.com/p/openid4java/source/browse/trunk/samples/appengine-consumer/) example, see class AppEngineHttpFetcher (and module AppEngineGuiceModule if you are using Guice).

Since the ConsumerManager keeps a state which must be obtained during the request/response phase but unfortunately is not serializable, we cannot just put it into GAE's memache. WdWeaver mentioned the solution which are customized versions of NonceVerifier and ConsumerAssociationStore, see his MemcachedNonceVerifier and MemcachedAssociationStore. I built my own versions which are more suited for dependency injection.

When you create the ConsumerManager make sure to pass your custom implementations, for example:

public ConsumerManager create(Provider<ConsumerManager> provider) {

    ConsumerManager manager = provider.get();

 

    manager.setNonceVerifier(nonceVerifier);

    manager.setAssociations(consumerAssociationStore);

    try {

        manager.setPrivateAssociationStore(consumerAssociationStore);

    } catch (ConsumerException e) {

        throw new RuntimeException(e);

    }

    return manager;

}

Luckily DiscoveryInformation from the request which is also required in the response (the callback called by the OpenID provider) is serializable and can be put into the Memcache service.

Am Mittwoch, 5. Dezember 2012 09:12:25 UTC+1 schrieb Alex martin:

hi, Could you pls give me detail steps? I tried many times, but it seems it does work.

I really need it works, thank you very much!

在 2010年3月23日星期二UTC+8上午4时28分10秒，Seung写道：

[Shaun J]

Sven,

I am running into the serializable issue on app engine, can you post a more full example of how you got around this issue? Thanks!

[Sven Jacobs]

Hi Shaun,

see my classes here.