MemCached StoragesService Compatibility

Douglas E. Engert deengert at
Wed Jan 11 16:56:08 GMT 2012

On 1/11/2012 10:31 AM, Manuel Haim wrote:
> Hi Esmeralda,
> reading your $subject.toString() call, I think I now have found the
> problem and a possible solution...
> In, a is
> added to the Subject by this line:
> principals.add(cert.getSubjectX500Principal());
> Though I said the X500Principal was serializable, it turns out that the
> contained X500Name is marked transient and thus will not be stored
> within Memcache (see [1]). Thus, your $subject.toString() fails or
> returns an empty string when using Memcached.
> To work around this issue, you would need to write a wrapper class (e.g.
> MyX500Principal) which will store the principal name. Then modify
> and replace the
> principals.add(cert.getSubjectX500Principal()); line by something like:
> principals.add(new
> MyX500Principal(cert.getSubjectX500Principal().getName()));
> Also remember to edit the x500Principal attribute definition in your
> attribute-resolver.xml (replace X500Principal("").getClass() with
> something like myPackage.MyX500Principal("").getClass() ).
> (the same may apply for a Kerberos login handler and
>, as there is also
> transient data within)
> A different approach would be to modify the Memcached StorageService and
> provide a way to store the transient data in an extra field. (This is
> already done with the publicCredentials, if
> retainSubjectsPublicCredentials in your web.xml is set to true.) I may
> have a look at this in a few weeks (being out of office just now).

If this would solve the problem, this looks like a better approce then
to having to change the other two packages. We are using both, but have
not tried the memcache yet.

> -Manuel
> [1]
> --
> To unsubscribe from this list send an email to users-unsubscribe at


  Douglas E. Engert  <DEEngert at>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the users mailing list