On Tue, Aug 5, 2008 at 7:32 AM, Tatyana V. Tokareva <[EMAIL PROTECTED]> wrote: > I've uploaded a second Roller-OpenID patch to the JIRA > https://issues.apache.org/roller/browse/ROL-1733
Hi Tatyana, I reviewed the code yesterday, tried it out and my comments are below. > Here is the description of what has been done so far: > I've managed to make openid url an editable option for user. > I've also accounted of comments to the previous patch and made some changes > in the code. And you're using generic user attributes for storing each user's OpenID URI and have no OpenID specific methods, which is good. Here are a couple of comments about the new UI elements that you've added: - The OpenID user fields do not allow enough characters for a URL Make it size="40" maxlength="255" - The help text does not explain what to enter in the field, maybe this is better: "Your OpenID username in the form of a URL (optional)" - The OpenID UI elements should only be shown when OpenID is enabled Add a property to roller.properties so OpenID can be enabled/disabled: # Enable/disable OpenID (requires Spring Security, will not work with CMA) authentication.openid.enabled = false - The login page layout could use some work, but we can take care of that later. > When the new user is logging via openID url after successful login on the > provider's website he is redirected to the registration page (I had to > specify exception mappings in the security.xml to make it work) I want to > prefill fields on this page with data, retrieved from the openid provider > with help of Simple Registration Extension. It is not supported officially > in the spring security library yet, so I had to made it by myself. > By this moment they've created a patch in response to my issue ( jira > http://jira.springframework.org/browse/SEC-935 ) and I've switched to an > official version, but I had to change code a little bit to make the library > it working. I don't understand this part. Do we need new Spring Security jars to make the patch work? Or, is the new schema file enough? > User attributes are saved in the OpenIDAuthenticationToken as a > User object and it's method getPrincipal() returns this object. > Right now I'm trying to find a way how to retrieve this object in the > Register action to prefill fields. > Could someone suggest the right approach? I don't know enough about OpenID4Java to make a suggestion here. > I also had to put an openid-specific code into the RollerSession - I can't > make up my mind right now how to get rid of it. > Also maybe it will be better to put user attributes list in some kind of > properties file. (right now this list is stored as an enumeration) I don't think we need to have a fixed list of property names, so I guess I don't think we need an enumeration or property. > Note if you are gonna use the patch you'll need to change the schema file > reference in the security.xml > ( http://jira.springframework.org/browse/SEC-927 ) I tried that, but I'm running in to a problem on OpenID login I see this in the roller.log file. INFO 2008-08-09 23:04:11,792 HtmlResolver:discover - HTML discovery succeeded on: http://rollerweblogger.org/roller INFO 2008-08-09 23:04:11,793 Discovery:discover - Discovered 1 OpenID endpoints. INFO 2008-08-09 23:04:11,794 ConsumerManager:associate - Trying to associate with http://openid.claimid.com/server attempts left: 4 INFO 2008-08-09 23:04:11,794 ConsumerManager:associate - Found an existing association. INFO 2008-08-09 23:04:11,794 ConsumerManager:associate - Trying to associate with http://openid.claimid.com/server attempts left: 4 INFO 2008-08-09 23:04:11,795 ConsumerManager:associate - Found an existing association. INFO 2008-08-09 23:04:11,795 ConsumerManager:authenticate - Creating authentication request for OP-endpoint: http://openid.claimid.com/server claimedID: http://rollerweblogger.org/roller/ OP-specific ID: http://openid.claimid.com/snoopdave INFO 2008-08-09 23:04:11,796 RealmVerifier:match - Return URL: http://localhost:8080/roller/roller_j_openid_security_check matches realm: http://localhost:8080/roller/roller_j_openid_security_check ERROR 2008-08-09 23:04:11,806 RealmVerifier:validate - Discovery failed on realm: http://localhost:8080/roller/roller_j_openid_security_check org.openid4java.discovery.yadis.YadisException: 1798: GET failed on http://localhost:8080/roller/roller_j_openid_security_check at org.openid4java.discovery.yadis.YadisResolver.getXrds(YadisResolver.java:295) at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:251) ... ERROR 2008-08-09 23:04:11,807 OpenIDAuthenticationProcessingFilter:determineFailureUrl - Unable to consume claimedIdentity [http://rollerweblogger.org/roller] org.springframework.security.ui.openid.OpenIDConsumerException: Error processing ConumerManager authentication at org.springframework.security.ui.openid.consumers.OpenID4JavaConsumer.beginConsumption(OpenID4JavaConsumer.java:83) at org.springframework.security.ui.openid.OpenIDAuthenticationProcessingFilter.determineFailureUrl(OpenIDAuthenticationProcessingFilter.java:107) ... Caused by: org.openid4java.message.MessageException: 769: Realm verification failed for: http://localhost:8080/roller/roller_j_openid_security_check at org.openid4java.message.AuthRequest.validate(AuthRequest.java:358) at org.openid4java.message.AuthRequest.createAuthRequest(AuthRequest.java:101) at org.openid4java.consumer.ConsumerManager.authenticate(ConsumerManager.java:1000) at org.openid4java.consumer.ConsumerManager.authenticate(ConsumerManager.java:937) at org.springframework.security.ui.openid.consumers.OpenID4JavaConsumer.beginConsumption(OpenID4JavaConsumer.java:81) ... 35 more Could this be becuase I do not have the right Spring jars? - Dave
