Home/ Questions/Q 763827
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T16:37:27+00:00

I created an GWT project in eclipse. Now I tried to implement openId with

  • 0

I created an GWT project in eclipse. Now I tried to implement openId with using the openid4java library.

I imported the .jar files via properties–>java build path:

  • openid4java-0.9.5.jar
  • lib/*.jar

In addition I copied the .jar files into the war/WEB-INF/lib directory.

The problem at hand comes up when I call the authenticate() method.

Then I get a:

HTTP ERROR 500

Problem accessing /openid/openid. Reason:

    access denied (java.lang.RuntimePermission modifyThreadGroup)

Caused by:

java.security.AccessControlException: access denied (java.lang.RuntimePermission modifyThreadGroup)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166)
    at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkAccess(DevAppServerFactory.java:191)
    at java.lang.ThreadGroup.checkAccess(Unknown Source)
    at java.lang.Thread.init(Unknown Source)
    at java.lang.Thread.<init>(Unknown Source)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$ReferenceQueueThread.<init>(MultiThreadedHttpConnectionManager.java:1039)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.storeReferenceToConnection(MultiThreadedHttpConnectionManager.java:164)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.access$900(MultiThreadedHttpConnectionManager.java:64)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$ConnectionPool.createConnection(MultiThreadedHttpConnectionManager.java:750)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.doGetConnection(MultiThreadedHttpConnectionManager.java:469)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager.getConnectionWithTimeout(MultiThreadedHttpConnectionManager.java:394)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:152)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324)
    at org.openid4java.util.HttpCache.head(HttpCache.java:296)
    at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:360)
    at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:229)
    at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:221)
    at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:179)
    at org.openid4java.discovery.Discovery.discover(Discovery.java:134)
    at org.openid4java.discovery.Discovery.discover(Discovery.java:114)
    at org.openid4java.consumer.ConsumerManager.discover(ConsumerManager.java:527)
    at auth.openid.server.OpenIDServlet.authenticate(OpenIDServlet.java:138)
    at auth.openid.server.OpenIDServlet.doGet(OpenIDServlet.java:101)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
    at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
    at com.google.appengine.api.blobstore.dev.ServeBlobFilter.doFilter(ServeBlobFilter.java:51)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:122)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
    at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
    at com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:70)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:349)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
    at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
    at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:547)
    at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
    at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
    at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)

Here my servlet source:

import com.google.gwt.user.client.rpc.RemoteService;
import org.openid4java.OpenIDException;
import org.openid4java.consumer.ConsumerException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.VerificationResult;
import org.openid4java.discovery.DiscoveryInformation;
import org.openid4java.discovery.Identifier;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.ParameterList;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.text.MessageFormat;
import java.util.List;

public final class OpenIDServlet extends HttpServlet implements RemoteService {

private final ConsumerManager manager;

public OpenIDServlet() {
    try {
        manager = new ConsumerManager();
    } catch (ConsumerException e) {
        throw new RuntimeException("Error creating consumer manager", e);
    }
}


private void authenticate(HttpServletRequest request, HttpServletResponse     response) throws IOException, ServletException {
    final String loginString = request.getParameter(nameParameter);

    try {
        // perform discovery on the user-supplied identifier
        List discoveries = manager.discover(loginString);

        // attempt to associate with the OpenID provider
        // and retrieve one service endpoint for authentication
        DiscoveryInformation discovered = manager.associate(discoveries);

        // obtain a AuthRequest message to be sent to the OpenID provider
        AuthRequest authReq = manager.authenticate(discovered, "openid", null);

        // redirect to OpenID for authentication
        response.sendRedirect(authReq.getDestinationUrl(true));
    }
    catch (OpenIDException e) {
        throw new ServletException("Login string probably caused an error. loginString = " + loginString, e);
    }
}

My question now is:
What could be my fault? Did I make any mistakes in importing the openid4java library? (which?)
All other methods in the servlet which do not use the openid4java implementation work fine.

Thanks,
Andreas

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You are using Google App Engine. GAE restricts the libraries that can be used in an application. In particular, creating threads or accessing the network are prohibited.

    The stack trace you pasted shows openid creating a java, and GAE blocking it.

    If you don’t care about GAE, just disable it in eclipse settings. Once you do that, you should be able to use the library.

    If you also want to use GAE, then you will have to find an alternative to OpenId4Java. Somebody else may have an alternative to that.

    • 0