#33 Google App Engine Compatibility Issue

[Anonymous]

Class DefaultPersistentLoginManager.java uses sun.misc package for Base64 encoding (lines 502 and 531). This package is forbidden by Google App Engine.

org.apache.commons.codec.binary.Base64 can be used instead and is available without including other libraries (its also being used in BasicAuthenticator.java)

Here is the stacktrace from a GAE app:

HTTP ERROR 500

Problem accessing /j_security_check. Reason:

access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc)
Caused by:

java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
at java.security.AccessController.checkPermission(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512)
at java.lang.ClassLoader$1.run(ClassLoader.java:331)
at java.security.AccessController.doPrivileged(Native Method)
at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:329)
at org.securityfilter.authenticator.persistent.DefaultPersistentLoginManager.encryptText(DefaultPersistentLoginManager.java:502)
at org.securityfilter.authenticator.persistent.DefaultPersistentLoginManager.rememberLogin(DefaultPersistentLoginManager.java:122)
at org.securityfilter.authenticator.FormAuthenticator.processLogin(FormAuthenticator.java:193)
at org.securityfilter.filter.SecurityFilter.doFilter(SecurityFilter.java:138)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.appengine.api.blobstore.dev.ServeBlobFilter.doFilter(ServeBlobFilter.java:51)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:122)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:70)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:349)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:938)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:755)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Powered by Jetty://

[Anonymous]

DefaultPersistentLoginManager.java

[Anonymous]

Attached file with changes, note that this should also correct issue 1597199 but requires an upgrade of the commons-codec.jar to commons-codec-1.4.jar