search

joscha / play-authenticate

An authentication plugin for Play Framework 2.x (Java)
http://joscha.github.com/play-authenticate/
Other
807 stars 369 forks source link

fixed serialisation issues for the LinkedIn #333

Open gkovbasenko opened 7 years ago

gkovbasenko commented 7 years ago
  1. Added additional parent for the SerializableRequestToken, that would allow us to have non-parameters constructor.
  2. Changed loading from the cache.
joscha commented 7 years ago

I don't fully understand why this change is needed, can you elaborate, please? Also, I don't think we should log the secret out.

gkovbasenko commented 7 years ago

Hi, I have done this changes, since even after adding default constructor for the RequestToken, I keep getting error:

[error] m.plugin - An error has occured while getting the value from memcached. ct=Any java.util.concurrent.ExecutionException: java.io.InvalidClassException: com.feth.play.module.pa.providers.oauth1.OAuth1AuthProvider$SerializableRequestToken; no valid constructor at java.util.concurrent.FutureTask.report(FutureTask.java:122) ~[na:1.8.0_31] at java.util.concurrent.FutureTask.get(FutureTask.java:192) ~[na:1.8.0_31] at net.spy.memcached.transcoders.TranscodeService$Task.get(TranscodeService.java:97) ~[AmazonElastiCacheClusterClient-1.0.0.jar:1.0.0] at net.spy.memcached.internal.GetFuture.get(GetFuture.java:63) ~[AmazonElastiCacheClusterClient-1.0.0.jar:1.0.0] at com.github.mumoshu.play2.memcached.MemcachedCacheApi.get(MemcachedCacheApi.scala:42) ~[play2-memcached-play24_2.11-0.7.0.jar:0.7.0] Caused by: java.io.InvalidClassException: com.feth.play.module.pa.providers.oauth1.OAuth1AuthProvider$SerializableRequestToken; no valid constructor at java.io.ObjectStreamClass$ExceptionInfo.newInvalidClassException(ObjectStreamClass.java:150) ~[na:1.8.0_31] at java.io.ObjectStreamClass.checkDeserialize(ObjectStreamClass.java:768) ~[na:1.8.0_31] at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1775) ~[na:1.8.0_31] at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1351) ~[na:1.8.0_31] at java.io.ObjectInputStream.readObject(ObjectInputStream.java:371) ~[na:1.8.0_31]

So I have added additional class, which is non-Serialazable with empty constructor. After this I have got an error that class is serialazable, but contains empty details. That's why I load from the cache SerializableRequestToken instead of RequestToken. After all these changes, login with LinkedId account on our system was successful.

I might miss to remove logs. Let me check and push code without them.