Senior Member
Definitely it's a proxy issue. I've uploaded right now the latest build of my sample app to CloudFoundry and I was able to login via OpenID (proxy is turned off). I've updated the HttpClient from 3.1 to 4.1.1 but it didn't make any difference. (Spring Security 3.1.0.RC1 has dependencies to HttpClient 3.1)
Web App Development Lead
Spring Team
Is the problem limited to your OpenID connections, and your Spring Social connections work fine with proxy settings picked up correctly? As you mentioned, we haven't made any changes there other than isolating the HttpComponents 4.x class imports in a inner class to account for eager class verification environments when Http Components 4.x is not on the classpath. The proxy configuration we apply in ClientHttpRequestFactorySelector is local to Spring Social usages (OAuthOperations and API bindings), and is not picked up anywhere else. So I don't think Spring Social could effect Spring Security in this area.
You may want to consider ruling out Spring Social as the culprit by turning on your debugger inside ClientHttpRequestFactorySelector and verifying proxyHost/proxyPort is set properly.
Keith
Keith Donald
Core Spring Development Team
Senior Member
Sadly, it's Friday night here and no workThat means I have no access to an environment with proxy. It will take until Monday before I can confirm any. But what I noticed is that the Spring Social does indeed pickup the proxy settings. I'm able to retrieve the proxy values and able to login and connect to Facebook via Spring Social. So I know that works.
It appears the problem is with the Spring Security's dependency to HttpClient 3.1. The proxy values are not being picked up. It started appearing right after I used the Spring Social snapshot builds. But again, I can't confirm until Monday. For the meantime I'm gonna work on some other parts of my app. By the way the app I'm doing is a scheduler that allows you to post to schedule messages to social networks. And it's based on the following:
- Spring 3.1.0.M1
- Spring Security 3.1.0.RC2
- Spring Social 1.0.0.M3
- Spring JPA 1.0.0.M2
- Spring Scheduler
- jQuery, jqGrid
And it's deployed to CloudFoundry.
Web App Development Lead
Spring Team
You might want to check with Spring Security team about their dependency on Http Client 3.1 and see if it can be upgraded to 4.x. Spring Framework 3.1 now has HttpComponents 4.x support and 3.x really is old school at this point. The two libraries are entirely independent of one another so there should be no conflict or other relation to them. You'd have to check with v3.1 and Spring Security to see how to customize proxy settings there ... what we're doing (applying http.proxyHost & http.proxyPort System.properties) in Spring Social for both standard J2SE and HttpComponents 4 clients is nice and convenient, but it's just limited to our library and what we can control.
Your scheduler app sounds cool btw. Looking forward to trying it out.
Keith
Last edited by Keith Donald; May 13th, 2011 at 09:30 AM.
Keith Donald
Core Spring Development Team
Web App Development Lead
Spring Team
I spoke to Luke Taylor (Spring Security Lead) on this issue. Luke indicates that the OpenID integration does not depend on HttpClient 3.1; rather, it depends on 4.1. See below:
You might want to inspect your Maven dependency hierarchy and see who is pulling down that HttpClient 3.1 dependency. According to Luke, Spring Security should not be. If it is, it is a bug.Code:Luke Taylor 10:33 AM If I build our OpenID sample, I get: WEB-INF/lib/guice-2.0.jar WEB-INF/lib/httpclient-4.1.1.jar WEB-INF/lib/httpcore-4.1.jar WEB-INF/lib/commons-codec-1.4.jar ... in the jar... Keith Donald 10:33 AM Do you know how he can apply proxy settings there for that module? Luke Taylor 10:34 AM No. I guess he'd have to configure the http client implementation used by OpenID4Java. Perhaps check the OpenID4Java docs?
Keith
Keith Donald
Core Spring Development Team
Web App Development Lead
Spring Team
Here's another lead:
Code:http://groups.google.com/group/openid4java/browse_thread/thread/521c68a2b9e92e4b They have made some substantial changes between 0.9.5 and 0.9.6 (e.g. httpclient 3->4 update)
Keith Donald
Core Spring Development Team
Senior Member
Thanks for the info. Right now I'm at home (no proxy) and Spring Security 3.1.0.RC2 is showing it has dependency on HttpClient 4.1.1. This is based on the m2 Eclipse plugin Dependency Hierarchy tab. But I'm 100% at my work environment, the same tab and same project shows Spring Security has dependency to HttpClient 3.1. I tried excluding that jar from Spring Security but Spring Security throws a no class found exception...pointing to HttpClient 3.1. Again I can only verify this until Monday when I get back to work.
Thanks for the lead. I think it's making sense now.
Posting Permissions
Reply With Quote