While working on a unrelated issue, i noticed that the serialVersionUID
of org.jboss.security.SimplePrincipal (in jbosssx.jar) has changed
between JBossAS5.0 GA and the current 5.0 branch. The 5.0 branch uses
2.0.2.SP6 version of jbosssx.jar whereas JBossAS5.0 GA uses 2.0.2.SP3.
Between these versions, the serialVersionUID of the SimplePrincipal
class has changed from
private static final long serialVersionUID = 1L; // In 2.0.2.SP3
to
private static final long serialVersionUID = 7701951188631723261L; //
In 2.0.2.SP6
As a result JBossAS-5.0 GA clients (ex: servlets on JBossAS-5.0 GA)
fail against JBossAS-5.0.1.GA server (current 5.0 branch) when doing
the following:
import org.jboss.security.client.SecurityClient;
import org.jboss.security.client.SecurityClientFactory;
// psuedo code - do login
SecurityClient securityClient =
SecurityClientFactory.getSecurityClient();
securityClient.setSimple("jai", "pass");
securityClient.login();
// lookup bean hosted on 5.0.1 GA
Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY,
"org.jnp.interfaces.NamingContextFactory");
props.put(Context.PROVIDER_URL,"jnp://localhost:1199");
Context ctx = new InitialContext(props);
MySecureBean bean = (MySecureBean) ctx.lookup("MySecureBean");
System.out.println("Got bean");
bean.doSomethingSecure("jai", 2);
12:33:51,261 ERROR [STDERR] Caused by: java.io.InvalidClassException:
org.jboss.security.SimplePrincipal; local class incompatible: stream
classdesc serialVersionUID = 1, local class serialVersionUID =
7701951188631723261
12:33:51,261 ERROR [STDERR] at
java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:546)
12:33:51,261 ERROR [STDERR] at
java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1552)
12:33:51,261 ERROR [STDERR] at
java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1466)
12:33:51,261 ERROR [STDERR] at
java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1699)
12:33:51,261 ERROR [STDERR] at
java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
12:33:51,261 ERROR [STDERR] at
java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1908)
12:33:51,261 ERROR [STDERR] at
java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1832)
12:33:51,261 ERROR [STDERR] at
java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1719)
12:33:51,261 ERROR [STDERR] at
java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
... // trimmed most of the unrelevant logs
12:33:51,264 ERROR [STDERR] at
org.jboss.ejb3.proxy.handler.ProxyInvocationHandlerBase.invoke(ProxyInvocationHandlerBase.java:261)
12:33:51,264 ERROR [STDERR] at
org.jboss.ejb3.proxy.handler.session.SessionSpecProxyInvocationHandlerBase.invoke(SessionSpecProxyInvocationHandlerBase.java:101)
12:33:51,264 ERROR [STDERR] at $Proxy95.doSomething(Unknown Source)
12:33:51,264 ERROR [STDERR] at
org.myapp.servlet.SimpleServlet.doPost(SimpleServlet.java:40)
The other way (5.0.1 GA clients against 5.0 GA server) fails too. From
SVN logs, it appears that the serialVersionUID change was meant for
compatibility with external tools like JBoss Tools. Any way to make
5.0.1.GA and 5.0 GA compatible?
On a related note, in the component-matrix for Branch_5_x is see that
the jbosssx package is still at 2.0.2.SP3:
<version.org.jboss.security>2.0.2.SP3</version.org.jboss.security>
It's only upgraded to 2.0.2.SP6 in 5.0 branch.
regards,
-Jaikiran