You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@roller.apache.org by "Tatyana V. Tokareva" <to...@cs.vsu.ru> on 2008/08/05 13:32:35 UTC
Roller - OpenID
Hello,
I've uploaded a second Roller-OpenID patch to the JIRA
https://issues.apache.org/roller/browse/ROL-1733
Here is the description of what has been done so far:
I've managed to make openid url an editable option for user.
I've also accounted of comments to the previous patch and made some changes
in the code.
When the new user is logging via openID url after successful login on the
provider's website he is redirected to the registration page (I had to
specify exception mappings in the security.xml to make it work) I want to
prefill fields on this page with data, retrieved from the openid provider
with help of Simple Registration Extension.
It is not supported officially in the spring security library yet, so I had
to made it by myself.
By this moment they've created a patch in response to my issue ( jira
http://jira.springframework.org/browse/SEC-935 ) and I've switched to an
official version, but I had to change code a little bit to make the library
it working. User attributes are saved in the OpenIDAuthenticationToken as a
User object and it's method getPrincipal() returns this object.
Right now I'm trying to find a way how to retrieve this object in the
Register action to prefill fields.
Could someone suggest the right approach?
I also had to put an openid-specific code into the RollerSession - I can't
make up my mind right now how to get rid of it.
Also maybe it will be better to put user attributes list in some kind of
properties file. (right now this list is stored as an enumeration)
Note if you are gonna use the patch you'll need to change the schema file
reference in the security.xml
( http://jira.springframework.org/browse/SEC-927 )
Your feedback is welcome!
Tatyana
Re: Roller - OpenID
Posted by "Tatyana V. Tokareva" <to...@cs.vsu.ru>.
Hello,
I've created a new patch, which allows Roller to support OpenID login and
registration using simple registration extension. It is available here:
https://issues.apache.org/roller/browse/ROL-1733
Your feedback is very welcome!
Best regards,
Tatyana
Re: Roller - OpenID
Posted by Dave <sn...@gmail.com>.
On Sun, Aug 10, 2008 at 5:12 PM, Tatyana V. Tokareva <to...@cs.vsu.ru> wrote:
>> > Also maybe it will be better to put user attributes list in some kind of
>> > properties file. (right now this list is stored as an enumeration)
>>
>> I don't think we need to have a fixed list of property names,
>> so I guess I don't think we need an enumeration or property.
>
> This question is still actual for me.
> Will it be better to add another one database table
> to define all attribute names or just hardcode them?
I missed this question eariler: I would simply define "public static
final ..." fields for each attribute name you use.
How are you doing with your latest patch? I believe we have a
dead-line coming up.
- Dave
Re: Roller - OpenID
Posted by "Tatyana V. Tokareva" <to...@cs.vsu.ru>.
Hi Dave,
I've managed to make fields prefilling with user SREG attributes on the user
registration page.
I'm going to tide up code a little bit, test it and create a new patch in a
couple of days.
There are also some comments below.
Best regards,
Tatyana
On Sun, 10 Aug 2008 00:46:01 -0400
Dave <sn...@gmail.com> wrote:
> On Tue, Aug 5, 2008 at 7:32 AM, Tatyana V. Tokareva <to...@cs.vsu.ru>
> wrote:
> > I've uploaded a second Roller-OpenID patch to the JIRA
> > https://issues.apache.org/roller/browse/ROL-1733
>
> Hi Tatyana,
>
> I reviewed the code yesterday, tried it out and my comments are below.
>
>
> > Here is the description of what has been done so far:
> > I've managed to make openid url an editable option for user.
> > I've also accounted of comments to the previous patch and made some
> changes
> > in the code.
>
> And you're using generic user attributes for storing each user's
> OpenID URI and have no OpenID specific methods, which is good.
>
> Here are a couple of comments about the new UI elements that you've added:
>
> - The OpenID user fields do not allow enough characters for a URL
> Make it size="40" maxlength="255"
>
> - The help text does not explain what to enter in the field, maybe
> this is better:
> "Your OpenID username in the form of a URL (optional)"
>
> - The OpenID UI elements should only be shown when OpenID is enabled
> Add a property to roller.properties so OpenID can be enabled/disabled:
>
> # Enable/disable OpenID (requires Spring Security, will not work with
> CMA)
> authentication.openid.enabled = false
>
> - The login page layout could use some work, but we can take care
> of that later.
I've made openid fields enabling/disabling and fixed fields sizes
>
>
> > When the new user is logging via openID url after successful login on the
> > provider's website he is redirected to the registration page (I had to
> > specify exception mappings in the security.xml to make it work) I want to
> > prefill fields on this page with data, retrieved from the openid provider
> > with help of Simple Registration Extension. It is not supported
> officially
> > in the spring security library yet, so I had to made it by myself.
> > By this moment they've created a patch in response to my issue ( jira
> > http://jira.springframework.org/browse/SEC-935 ) and I've switched to an
> > official version, but I had to change code a little bit to make the
> library
> > it working.
>
> I don't understand this part. Do we need new Spring Security jars to
> make the patch work? Or, is the new schema file enough?
>
Firstly, you need a spring-security-openid library, which is attached to the
issue.
I've made a new one with the help of official patch from
http://jira.springframework.org/browse/SEC-935
The patch allows to retrive Simple Registration Extension user attributes.
The schema file includes openid filter defenition and will be located on the
spring security web site by the next release, but just for now you need to
use a local copy.
You should specify file path in the security.xml
>
> > User attributes are saved in the OpenIDAuthenticationToken as a
> > User object and it's method getPrincipal() returns this object.
> > Right now I'm trying to find a way how to retrieve this object in the
> > Register action to prefill fields.
> > Could someone suggest the right approach?
>
> I don't know enough about OpenID4Java to make a suggestion here.
>
>
> > I also had to put an openid-specific code into the RollerSession - I
> can't
> > make up my mind right now how to get rid of it.
> > Also maybe it will be better to put user attributes list in some kind of
> > properties file. (right now this list is stored as an enumeration)
>
> I don't think we need to have a fixed list of property names,
> so I guess I don't think we need an enumeration or property.
>
This question is still actual for me.
Will it be better to add another one database table
to define all attribute names or just hardcode them?
>
> > Note if you are gonna use the patch you'll need to change the schema file
> > reference in the security.xml
> > ( http://jira.springframework.org/browse/SEC-927 )
>
> I tried that, but I'm running in to a problem on OpenID login
> I see this in the roller.log file.
>
> INFO 2008-08-09 23:04:11,792 HtmlResolver:discover - HTML discovery
> succeeded on: http://rollerweblogger.org/roller
> INFO 2008-08-09 23:04:11,793 Discovery:discover - Discovered 1 OpenID
> endpoints.
> INFO 2008-08-09 23:04:11,794 ConsumerManager:associate - Trying to
> associate with http://openid.claimid.com/server attempts left: 4
> INFO 2008-08-09 23:04:11,794 ConsumerManager:associate - Found an
> existing association.
> INFO 2008-08-09 23:04:11,794 ConsumerManager:associate - Trying to
> associate with http://openid.claimid.com/server attempts left: 4
> INFO 2008-08-09 23:04:11,795 ConsumerManager:associate - Found an
> existing association.
> INFO 2008-08-09 23:04:11,795 ConsumerManager:authenticate - Creating
> authentication request for OP-endpoint:
> http://openid.claimid.com/server claimedID:
> http://rollerweblogger.org/roller/ OP-specific ID:
> http://openid.claimid.com/snoopdave
> INFO 2008-08-09 23:04:11,796 RealmVerifier:match - Return URL:
> http://localhost:8080/roller/roller_j_openid_security_check matches
> realm: http://localhost:8080/roller/roller_j_openid_security_check
> ERROR 2008-08-09 23:04:11,806 RealmVerifier:validate - Discovery
> failed on realm:
> http://localhost:8080/roller/roller_j_openid_security_check
> org.openid4java.discovery.yadis.YadisException: 1798: GET failed on
> http://localhost:8080/roller/roller_j_openid_security_check
> at
>
org.openid4java.discovery.yadis.YadisResolver.getXrds(YadisResolver.java:295)
> at
>
org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:251)
> ...
> ERROR 2008-08-09 23:04:11,807
> OpenIDAuthenticationProcessingFilter:determineFailureUrl
> - Unable to consume claimedIdentity [http://rollerweblogger.org/roller]
> org.springframework.security.ui.openid.OpenIDConsumerException: Error
> processing ConumerManager authentication
> at
>
org.springframework.security.ui.openid.consumers.OpenID4JavaConsumer.beginConsumption(OpenID4JavaConsumer.java:83)
> at
>
org.springframework.security.ui.openid.OpenIDAuthenticationProcessingFilter.determineFailureUrl(OpenIDAuthenticationProcessingFilter.java:107)
> ...
> Caused by: org.openid4java.message.MessageException: 769: Realm
> verification failed for:
> http://localhost:8080/roller/roller_j_openid_security_check
> at org.openid4java.message.AuthRequest.validate(AuthRequest.java:358)
> at
> org.openid4java.message.AuthRequest.createAuthRequest(AuthRequest.java:101)
> at
>
org.openid4java.consumer.ConsumerManager.authenticate(ConsumerManager.java:1000)
> at
>
org.openid4java.consumer.ConsumerManager.authenticate(ConsumerManager.java:937)
> at
>
org.springframework.security.ui.openid.consumers.OpenID4JavaConsumer.beginConsumption(OpenID4JavaConsumer.java:81)
> ... 35 more
>
> Could this be becuase I do not have the right Spring jars?
I can also attach openid specific libraries that I'm using now.
Actually, I've tried logging via my claimid account and I didn't meet any
problems.
>
> - Dave
Re: Roller - OpenID
Posted by Dave <sn...@gmail.com>.
On Tue, Aug 5, 2008 at 7:32 AM, Tatyana V. Tokareva <to...@cs.vsu.ru> wrote:
> I've uploaded a second Roller-OpenID patch to the JIRA
> https://issues.apache.org/roller/browse/ROL-1733
Hi Tatyana,
I reviewed the code yesterday, tried it out and my comments are below.
> Here is the description of what has been done so far:
> I've managed to make openid url an editable option for user.
> I've also accounted of comments to the previous patch and made some changes
> in the code.
And you're using generic user attributes for storing each user's
OpenID URI and have no OpenID specific methods, which is good.
Here are a couple of comments about the new UI elements that you've added:
- The OpenID user fields do not allow enough characters for a URL
Make it size="40" maxlength="255"
- The help text does not explain what to enter in the field, maybe
this is better:
"Your OpenID username in the form of a URL (optional)"
- The OpenID UI elements should only be shown when OpenID is enabled
Add a property to roller.properties so OpenID can be enabled/disabled:
# Enable/disable OpenID (requires Spring Security, will not work with CMA)
authentication.openid.enabled = false
- The login page layout could use some work, but we can take care
of that later.
> When the new user is logging via openID url after successful login on the
> provider's website he is redirected to the registration page (I had to
> specify exception mappings in the security.xml to make it work) I want to
> prefill fields on this page with data, retrieved from the openid provider
> with help of Simple Registration Extension. It is not supported officially
> in the spring security library yet, so I had to made it by myself.
> By this moment they've created a patch in response to my issue ( jira
> http://jira.springframework.org/browse/SEC-935 ) and I've switched to an
> official version, but I had to change code a little bit to make the library
> it working.
I don't understand this part. Do we need new Spring Security jars to
make the patch work? Or, is the new schema file enough?
> User attributes are saved in the OpenIDAuthenticationToken as a
> User object and it's method getPrincipal() returns this object.
> Right now I'm trying to find a way how to retrieve this object in the
> Register action to prefill fields.
> Could someone suggest the right approach?
I don't know enough about OpenID4Java to make a suggestion here.
> I also had to put an openid-specific code into the RollerSession - I can't
> make up my mind right now how to get rid of it.
> Also maybe it will be better to put user attributes list in some kind of
> properties file. (right now this list is stored as an enumeration)
I don't think we need to have a fixed list of property names,
so I guess I don't think we need an enumeration or property.
> Note if you are gonna use the patch you'll need to change the schema file
> reference in the security.xml
> ( http://jira.springframework.org/browse/SEC-927 )
I tried that, but I'm running in to a problem on OpenID login
I see this in the roller.log file.
INFO 2008-08-09 23:04:11,792 HtmlResolver:discover - HTML discovery
succeeded on: http://rollerweblogger.org/roller
INFO 2008-08-09 23:04:11,793 Discovery:discover - Discovered 1 OpenID
endpoints.
INFO 2008-08-09 23:04:11,794 ConsumerManager:associate - Trying to
associate with http://openid.claimid.com/server attempts left: 4
INFO 2008-08-09 23:04:11,794 ConsumerManager:associate - Found an
existing association.
INFO 2008-08-09 23:04:11,794 ConsumerManager:associate - Trying to
associate with http://openid.claimid.com/server attempts left: 4
INFO 2008-08-09 23:04:11,795 ConsumerManager:associate - Found an
existing association.
INFO 2008-08-09 23:04:11,795 ConsumerManager:authenticate - Creating
authentication request for OP-endpoint:
http://openid.claimid.com/server claimedID:
http://rollerweblogger.org/roller/ OP-specific ID:
http://openid.claimid.com/snoopdave
INFO 2008-08-09 23:04:11,796 RealmVerifier:match - Return URL:
http://localhost:8080/roller/roller_j_openid_security_check matches
realm: http://localhost:8080/roller/roller_j_openid_security_check
ERROR 2008-08-09 23:04:11,806 RealmVerifier:validate - Discovery
failed on realm:
http://localhost:8080/roller/roller_j_openid_security_check
org.openid4java.discovery.yadis.YadisException: 1798: GET failed on
http://localhost:8080/roller/roller_j_openid_security_check
at org.openid4java.discovery.yadis.YadisResolver.getXrds(YadisResolver.java:295)
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:251)
...
ERROR 2008-08-09 23:04:11,807
OpenIDAuthenticationProcessingFilter:determineFailureUrl
- Unable to consume claimedIdentity [http://rollerweblogger.org/roller]
org.springframework.security.ui.openid.OpenIDConsumerException: Error
processing ConumerManager authentication
at org.springframework.security.ui.openid.consumers.OpenID4JavaConsumer.beginConsumption(OpenID4JavaConsumer.java:83)
at org.springframework.security.ui.openid.OpenIDAuthenticationProcessingFilter.determineFailureUrl(OpenIDAuthenticationProcessingFilter.java:107)
...
Caused by: org.openid4java.message.MessageException: 769: Realm
verification failed for:
http://localhost:8080/roller/roller_j_openid_security_check
at org.openid4java.message.AuthRequest.validate(AuthRequest.java:358)
at org.openid4java.message.AuthRequest.createAuthRequest(AuthRequest.java:101)
at org.openid4java.consumer.ConsumerManager.authenticate(ConsumerManager.java:1000)
at org.openid4java.consumer.ConsumerManager.authenticate(ConsumerManager.java:937)
at org.springframework.security.ui.openid.consumers.OpenID4JavaConsumer.beginConsumption(OpenID4JavaConsumer.java:81)
... 35 more
Could this be becuase I do not have the right Spring jars?
- Dave
Re: Roller - OpenID
Posted by Dave <sn...@gmail.com>.
Great! I'm pretty busy today, but I'll try to take a look this evening.
Thanks,
Dave
On Tue, Aug 5, 2008 at 7:32 AM, Tatyana V. Tokareva <to...@cs.vsu.ru> wrote:
> Hello,
>
> I've uploaded a second Roller-OpenID patch to the JIRA
> https://issues.apache.org/roller/browse/ROL-1733
>
> Here is the description of what has been done so far:
>
> I've managed to make openid url an editable option for user.
> I've also accounted of comments to the previous patch and made some changes
> in the code.
>
> When the new user is logging via openID url after successful login on the
> provider's website he is redirected to the registration page (I had to
> specify exception mappings in the security.xml to make it work) I want to
> prefill fields on this page with data, retrieved from the openid provider
> with help of Simple Registration Extension.
> It is not supported officially in the spring security library yet, so I had
> to made it by myself.
> By this moment they've created a patch in response to my issue ( jira
> http://jira.springframework.org/browse/SEC-935 ) and I've switched to an
> official version, but I had to change code a little bit to make the library
> it working. User attributes are saved in the OpenIDAuthenticationToken as a
> User object and it's method getPrincipal() returns this object.
> Right now I'm trying to find a way how to retrieve this object in the
> Register action to prefill fields.
> Could someone suggest the right approach?
>
> I also had to put an openid-specific code into the RollerSession - I can't
> make up my mind right now how to get rid of it.
> Also maybe it will be better to put user attributes list in some kind of
> properties file. (right now this list is stored as an enumeration)
>
> Note if you are gonna use the patch you'll need to change the schema file
> reference in the security.xml
> ( http://jira.springframework.org/browse/SEC-927 )
>
> Your feedback is welcome!
>
> Tatyana
>