2. 질의 응답
  3. Java GAE, google에서 검색하는 동안 openid4java가 실패 함, 사용 권한이 거부 됨

Java GAE, google에서 검색하는 동안 openid4java가 실패 함, 사용 권한이 거부 됨

2013-10-11 3 views
0

OpenID4Java를 사용하여 GAE에서 내 응용 프로그램 용 Openid를 구현하고 있습니다. Shiro도 보안을 위해 사용하고 있습니다. 그 전날 자격 증명 일치 (예 : 검색, 인증 요청, claim_id 가져 오기)에 실패한 단계에 도달했습니다. 어제 모든 지옥이 끊어졌으며 Google 검색이 실패했습니다. 내가 확인한 일 :Java GAE, google에서 검색하는 동안 openid4java가 실패 함, 사용 권한이 거부 됨

  • 야후는 미세 (종단)과 구글에 대한
  • 발견을하고있다가 내 로컬 dev에 상자에 잘 작동 (내 로컬 호스트 URL로 돌아가는 동안은 당연히 실패).
  • appengine의 애플리케이션에서 청구 기능을 사용할 수 있으므로 내부적으로 Yadis가 소켓 연결을 열 수 있습니다. (i가 2 개 이상의 링크를 게시하지 못할 때문에 일부 URL 아래에 공백이) :

나는 구글에 대해 다음 검색 URL을 시도했습니다. 그렇지 않으면 괜찮습니다.

몇 가지를 :

  • HTTPS를 //www.google.com/accounts/o8/id 스택 추적 전에 흥미로운 로그 :

    org.openid4java.discovery.Discovery discover: Starting discovery on URL identifier: https: //www.google.com/accounts/o8/id 

org.openid4java.discovery.yadis.YadisResolver retrieveXrdsLocation: Performing HTTP HEAD on: https://www.google.com/accounts/o8/id ... 

org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager$1 getConnection: Get connection: {s}->https://www.google.com, timeout = 3000 

org.apache.http.impl.conn.tsccm.ConnPoolByRoute getEntryBlocking: [{s}->https://www.google.com] total kept alive: 0, total issued: 0, total allocated: 0 out of 20 

org.apache.http.impl.conn.tsccm.ConnPoolByRoute getFreeEntry: No free connections [{s}->https://www.google.com][null] 

org.apache.http.impl.conn.tsccm.ConnPoolByRoute getEntryBlocking: Available capacity: 2 out of 2 [{s}->https://www.google.com][null] 

org.apache.http.impl.conn.tsccm.ConnPoolByRoute createEntry: Creating new connection [{s}->https://www.google.com] 

org.apache.http.impl.conn.DefaultClientConnectionOperator openConnection: Connecting to www.google.com:443 

org.apache.http.impl.conn.DefaultClientConnection close: Connection [email protected] closed

    스택 추적은 다음과 같다 :

    org.apache.shiro.openid4j.DiscoveryException: Unable to discover OpenId Provider based on resolved discoveryId 'https://www.google.com/accounts/o8/id' (specified providerId 'null') 
at org.apache.shiro.openid4j.DefaultOpenIdService.getDiscoveryInfo(DefaultOpenIdService.java:182) 
at org.apache.shiro.openid4j.DefaultOpenIdService.constructRequestFromOpenIdUrl(DefaultOpenIdService.java:123) 
at org.apache.shiro.openid4j.authc.Open4jFilter.constructOpenIdRequest(Open4jFilter.java:344) 
at org.apache.shiro.openid4j.authc.Open4jFilter.executeOpenidLogin(Open4jFilter.java:327) 
at org.apache.shiro.openid4j.authc.Open4jFilter.onAccessDenied(Open4jFilter.java:304) 
at org.apache.shiro.web.filter.AccessControlFilter.onAccessDenied(AccessControlFilter.java:133) 
at org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162) 
at org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:203) 
at org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:178) 
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131) 
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) 
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) 
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) 
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) 
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) 
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) 
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383) 
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) 
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) 
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) 
at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125) 
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) 
at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:35) 
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) 
at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60) 
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) 
at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43) 
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) 
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) 
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) 
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) 
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) 
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) 
at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:266) 
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) 
at org.mortbay.jetty.Server.handle(Server.java:326) 
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) 
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) 
at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) 
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) 
at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:146) 
at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:446) 
at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:435) 
at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:442) 
at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:186) 
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:306) 
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:298) 
at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:439) 
at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:251) 
at java.lang.Thread.run(Thread.java:724) 
Caused by: org.openid4java.discovery.yadis.YadisException: 0x704: I/O transport error: Permission denied: Attempt to access a blocked recipient without permission. (mapped-IPv4) 
at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:479) 
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:249) 
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:233) 
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:167) 
at org.openid4java.discovery.Discovery.discover(Discovery.java:147) 
at org.openid4java.discovery.Discovery.discover(Discovery.java:129) 
at org.openid4java.consumer.ConsumerManager.discover(ConsumerManager.java:568) 
at org.apache.shiro.openid4j.DefaultOpenIdService.getDiscoveryInfo(DefaultOpenIdService.java:178) 
... 49 more 
Caused by: java.net.SocketException: Permission denied: Attempt to access a blocked recipient without permission. (mapped-IPv4) 
at com.google.appengine.api.socket.SocketApiHelper.translateError(SocketApiHelper.java:107) 
at com.google.appengine.api.socket.SocketApiHelper.translateError(SocketApiHelper.java:118) 
at com.google.appengine.api.socket.SocketApiHelper.makeSyncCall(SocketApiHelper.java:82) 
at com.google.appengine.api.socket.AppEngineSocketImpl.connectSocket(AppEngineSocketImpl.java:421) 
at com.google.appengine.api.socket.AppEngineSocketImpl.connectToAddress(AppEngineSocketImpl.java:366) 
at com.google.appengine.api.socket.AppEngineSocketImpl.connect(AppEngineSocketImpl.java:352) 
at java.net.Socket.connect(Socket.java:600) 
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:623) 
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:549) 
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) 
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:151) 
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:125) 
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645) 
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480) 
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) 
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) 
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784) 
at org.openid4java.util.HttpCache.head(HttpCache.java:336) 
at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:401) 
... 56 more
    ,536,913,632 10

    의존 당사자 코드는 SampleConsumer (openid4java의 일부)와 매우 비슷하지만 실제로는 shiro (openid4j)의 패치입니다. 그것은 샘플 소비자에 따른 것 같습니다.

    저는 여기에 기본적인 것을 놓치고 있다고 생각합니다. 모든 포인터가 실제로 도움이 될 것입니다.

    • 출처

    2013-10-11 GWahi

    답변

    0

    www.google.com:443에 연결할 때 사용하는 라이브러리가 작동하지 않는 것으로 보입니다.

    소켓 API는 quite a few limitations이며, 특히 일부 예외는 있지만 이메일 (& DNS)을 제외하고는 Google 서버에 연결할 수 없습니다. 이것은 귀하의 오류의 근원입니다.

    앱은 다음 인증을위한 오픈 ID를 사용하려면 단지 GAE는 API를 제공 사용 https://developers.google.com/appengine/articles/openid

    출처

    2013-10-11 17:09:55

    +0

    감사 베드로! 당신은 나를 올바른 길로 보냈습니다. 더 이상의 허가가 거부되었습니다. 나는 비 소켓 접근법을 사용했다. 보다 간단한 솔루션을 시도해 봅니다. – GWahi

    관련 문제

     관련 문제