GData 请求令牌的问题
我们已成功使用 GData 库来访问用户的 Google 文档。但是,当许多用户同时或相继登录我们的网站并授权我们的网络应用程序时,我们遇到了问题。
发生的情况如下:
第一个用户成功登录,通过 OAuth 授权我们的网络应用程序,并且能够添加标题(或谷歌电子表格)。
第二个用户在第一个用户添加标题后立即成功登录,然后 webapp 授权失败(未给出令牌。我尝试记录它。)
第三个用户登录失败。
第四个用户能够登录、通过 OAuth 授权并成功创建评分细则。
第五个用户能够登录,但与第二个用户一样,在授权时获得无效令牌(未给出令牌)。
这样的例子不胜枚举。结果是不可预测的。
以下是失败场景发生时我们得到的堆栈跟踪的摘录:
Nested in org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException:
java.lang.NullPointerException
at com.google.gdata.client.authn.oauth.OAuthUtil.normalizeParameters(OAuthUtil.java:158)
at com.google.gdata.client.authn.oauth.OAuthUtil.getSignatureBaseString(OAuthUtil.java:81)
at com.google.gdata.client.authn.oauth.OAuthHelper.addCommonRequestParameters(OAuthHelper.java:649)
at com.google.gdata.client.authn.oauth.OAuthHelper.getOAuthUrl(OAuthHelper.java:592)
at com.google.gdata.client.authn.oauth.OAuthHelper.getUnauthorizedRequestToken(OAuthHelper.java:276)
at com.projectrix.controller.OAuthController.authorize(OAuthController.java:59)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:40)
救命!
We have successfully used GData libraries to access a user's Google Docs. But we encountered problems when many users log in to our site and authorize our web app at the same time or successively.
Here's what happens:
First user successful logs in, authorizes our web app via OAuth and is able to add rubric (or google spreadsheet).
Second user, immediately after first user adds a rubric, successfully logs in then webapp fails on authorize (Token not given. I tried to log it.)
Third user fails on login.
Fourth user was able to log in, authorize via OAuth, and create rubrics successfully.
Fifth user was able to log in but like the second user, gets an invalid token on authorize (Token not given.)
And the list goes on. Results were unpredicatable.
Below is an excerpt of the stack trace we get when the fail scenario happens:
Nested in org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException:
java.lang.NullPointerException
at com.google.gdata.client.authn.oauth.OAuthUtil.normalizeParameters(OAuthUtil.java:158)
at com.google.gdata.client.authn.oauth.OAuthUtil.getSignatureBaseString(OAuthUtil.java:81)
at com.google.gdata.client.authn.oauth.OAuthHelper.addCommonRequestParameters(OAuthHelper.java:649)
at com.google.gdata.client.authn.oauth.OAuthHelper.getOAuthUrl(OAuthHelper.java:592)
at com.google.gdata.client.authn.oauth.OAuthHelper.getUnauthorizedRequestToken(OAuthHelper.java:276)
at com.projectrix.controller.OAuthController.authorize(OAuthController.java:59)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Method.java:40)
Help!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
很难从中看出,但我的预感是某个地方存在并发错误,并且一些用于 OAuth 的非线程安全对象正在多个请求处理线程中使用。
Difficult to tell from that, but my hunch is that there's a concurrency bug in there somewhere and some object used for OAuth that isn't threadsafe is being used across multiple request handling threads.