Closed GoogleCodeExporter closed 8 years ago
Oh. I've found exception.
I didn't see, because there was no logging in my catch block.
Here it is:
org.openid4java.discovery.yadis.YadisException: 0x704: I/O transport error:
at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:432)
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:229)
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:221)
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:179)
at org.openid4java.discovery.Discovery.discover(Discovery.java:134)
at org.openid4java.discovery.Discovery.discover(Discovery.java:114)
at org.openid4java.consumer.ConsumerManager.discover(ConsumerManager.java:527)
at org.apache.jsp.consumer_005fredirect_jsp._jspService(consumer_005fredirect_jsp.java from :82)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:389)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:486)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:380)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:427)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:315)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:287)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:98)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:222)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:166)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:288)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:647)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:579)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:831)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Caused by: java.net.UnknownHostException: http
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:177)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at java.net.Socket.connect(Socket.java:478)
at java.net.Socket.<init>(Socket.java:375)
at java.net.Socket.<init>(Socket.java:249)
at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:79)
at org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory$1.doit(ControllerThreadSocketFactory.java:90)
at org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory$SocketTask.run(ControllerThreadSocketFactory.java:157)
at java.lang.Thread.run(Thread.java:619)
Original comment by nnn...@gmail.com
on 17 Sep 2010 at 10:52
Ok. Last version (build from sources) returns another exception.
But LiveJournal and StackOverflow works fine with specified Id.
org.openid4java.discovery.yadis.YadisException: 0x705: A Yadis Resource
Descriptor URL MUST be an absolute URL and it must be HTTP or HTTPS; found:
yadis.xrds
at org.openid4java.discovery.yadis.YadisResult.setXrdsLocation(YadisResult.java:113)
at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:407)
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:245)
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:229)
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:163)
at org.openid4java.discovery.Discovery.discover(Discovery.java:147)
at org.openid4java.discovery.Discovery.discover(Discovery.java:129)
at org.openid4java.consumer.ConsumerManager.discover(ConsumerManager.java:542)
at org.apache.jsp.consumer_005fredirect_jsp._jspService(consumer_005fredirect_jsp.java from :82)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:389)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:486)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:380)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:427)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:315)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:287)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:98)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:222)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:166)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:288)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:647)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:579)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:831)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.portunif.PortUnificationPipeline$PUTask.doTask(PortUnificationPipeline.java:380)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Original comment by nnn...@gmail.com
on 17 Sep 2010 at 11:46
I've investigated the problem and it seems that there are some issues on the
both sides - openid4java library and Virtuoso Server.
Fire Bug says that Virtuoso Server
for "http://kingsley.idehen.net/dataspace/person/kidehen"
returns this header:
-----------------
Server Virtuoso/06.02.3128 (Linux) x86_64-unknown-linux-gnu VDB
Connection Keep-Alive
Date Sat, 18 Sep 2010 00:24:54 GMT
Accept-Ranges bytes
X-XRDS-Location yadis.xrds
Link <http://kingsley.idehen.net/dataspace/person/kidehen#this>;
rel="http://xmlns.com/foaf/0.1/primaryTopic",
<http://kingsley.idehen.net/dataspace/person/kidehen#this>; rev="describedby",
<http://kingsley.idehen.net/activities/feeds/activities/user/kidehen>;
rel="http://schemas.google.com/g/2010#updates-from";
type="application/atom+xml",
<http://kingsley.idehen.net/sparql?default-graph-uri=http://kingsley.idehen.net/
dataspace>; title="Public SPARQL Service";
rel="http://ontologi.es/sparql#fingerpoint",
<http://kingsley.idehen.net/dataspace/person/kidehen/about.rdf>;
rel="alternate"; type="application/rdf+xml"; title="Structured Descriptor
Document (RDF/XML format)",
<http://kingsley.idehen.net/dataspace/person/kidehen/about.nt>;
rel="alternate"; type="text/n3"; title="Structured Descriptor Document
(N3/Turtle format)",
<http://kingsley.idehen.net/dataspace/person/kidehen/about.n3>;
rel="alternate"; type="text/rdf+n3"; title="Structured Descriptor Document
(N3/Turtle format)",
<http://kingsley.idehen.net/dataspace/person/kidehen/about.json>;
rel="alternate"; type="application/json"; title="Structured Descriptor Document
(RDF/JSON format)",
<http://kingsley.idehen.net/ods/describe?uri=acct%3Akidehen@kingsley.idehen.net>
; rel="webfinger"
Content-Type text/html; charset=UTF-8
Content-Length 56327
-----------------
As you see X-XRDS-Location is "yadis.xrds".
And it's wrong.
It should be "http://kingsley.idehen.net/dataspace/kidehen/yadis.xrds".
openid4java understands that something wrong in the header,
but does not make additional GET request for some reasons.
Original comment by nnn...@gmail.com
on 18 Sep 2010 at 1:07
Simple fix:
Index: test/src/org/openid4java/discovery/yadis/YadisResolverTest.java
===================================================================
--- test/src/org/openid4java/discovery/yadis/YadisResolverTest.java (revision
643)
+++ test/src/org/openid4java/discovery/yadis/YadisResolverTest.java (working
copy)
@@ -214,7 +214,9 @@
catch (DiscoveryException expected)
{
assertEquals(expected.getMessage(),
- OpenIDException.YADIS_HEAD_INVALID_RESPONSE,
expected.getErrorCode());
+ OpenIDException.YADIS_GET_INVALID_RESPONSE,
expected.getErrorCode());
+// assertEquals(expected.getMessage(),
+// OpenIDException.YADIS_HEAD_INVALID_RESPONSE,
expected.getErrorCode());
}
try
Index: src/org/openid4java/discovery/yadis/YadisResolver.java
===================================================================
--- src/org/openid4java/discovery/yadis/YadisResolver.java (revision 643)
+++ src/org/openid4java/discovery/yadis/YadisResolver.java (working copy)
@@ -358,7 +358,7 @@
private YadisResult retrieveXrdsLocation(
YadisUrl url, boolean useGet, int maxRedirects, Set serviceTypes)
throws DiscoveryException
- {
+ {
try
{
YadisResult result = new YadisResult();
@@ -403,11 +403,21 @@
}
else if (locationHeaders != null && locationHeaders.length > 0)
{
- // we have exactly one xrds location header
- result.setXrdsLocation(locationHeaders[0].getValue(),
- useGet ? OpenIDException.YADIS_GET_INVALID_RESPONSE :
- OpenIDException.YADIS_HEAD_INVALID_RESPONSE);
- result.setNormalizedUrl(resp.getFinalUri());
+ try {
+ // we have exactly one xrds location header
+ result.setXrdsLocation(locationHeaders[0].getValue(),
+ useGet ? OpenIDException.YADIS_GET_INVALID_RESPONSE :
+ OpenIDException.YADIS_HEAD_INVALID_RESPONSE);
+ result.setNormalizedUrl(resp.getFinalUri());
+ }
+ catch (YadisException e)
+ {
+ if(!useGet) {
+ return retrieveXrdsLocation(url, true, maxRedirects,
serviceTypes);
+ } else {
+ throw e;
+ }
+ }
}
else if (contentType != null && contentType.getValue() != null &&
contentType.getValue().split(";")[0].equalsIgnoreCase(YADIS_CONTENT_TYPE) &&
Original comment by nnn...@gmail.com
on 18 Sep 2010 at 1:12
> openid4java understands that something wrong in the header,
That would indicate a discovery failure, per yadis spec.
> but does not make additional GET request for some reasons
What's a valid reason (as far as discovery specs are concerned) for expecting
that additional requests are made, once an (invalid) header was provided by the
server?
Original comment by Johnny.B...@gmail.com
on 18 Sep 2010 at 1:13
Sure, you are right.
But some users have problems and they will think that it's a problem in your
library.
LiveJournal and StackOverflow works fine with Virtuoso openids.
Also it should not be usual situation, so there will be no performance issues
around patch.
Anyway I've patched my local version :)
Regards,
Nick.
Original comment by nnn...@gmail.com
on 18 Sep 2010 at 2:21
The library tells what the error is: "A Yadis Resource Descriptor URL MUST be
an absolute URL and it must be HTTP or HTTPS; found: yadis.xrds".
The patch is incompliant with the spec, which states that the xrds location
discovered from the header takes precedence. A further GET should only be made
if there is no header, not if the value is invalid.
Suppose an attacker can compromise the xrds location served from html content
but not the one from the header. The patch submitted here would aid the
attacker in this case.
The current/unpatched implementation would just fail as expected, since the
server's discovery data is misconfigured.
Original comment by Johnny.B...@gmail.com
on 18 Sep 2010 at 2:36
ok.
I've written to Virtuoso community.
I guess this bug could be fixed as invalid.
Thank you very much.
Best regards,
Nick.
Original comment by nnn...@gmail.com
on 18 Sep 2010 at 11:16
Original comment by Johnny.B...@gmail.com
on 31 Oct 2012 at 11:20
Original issue reported on code.google.com by
nnn...@gmail.com
on 16 Sep 2010 at 11:06