Andrej Kolontai created WFLY-13619: -------------------------------------- Summary: Elytron: org.wildfly.security.auth.server.SecurityIdentity not Serializable Key: WFLY-13619 URL: https://issues.redhat.com/browse/WFLY-13619 Project: WildFly Issue Type: Bug Components: Security Affects Versions: 20.0.0.Final Reporter: Andrej Kolontai Assignee: Darran Lofthouse Since the old security subsystem has been deprecated for a while I decided to move my applications to elytron which worked just fine up to the point where I tried to migrate an application that is: * distributed * uses Jaspic in form of a JSR375 HttpAuthenticationMechanism which has {{@AutoApplySession }} In the logs I see stacktraces like this: {{09:37:22,045 WARN [org.infinispan.PERSISTENCE] (default task-1) ISPN000559: Cannot marshall 'class org.infinispan.marshall.protostream.impl.MarshallableUserObject': java.io.NotSerializableException: org.wildfly.security.auth.server.SecurityIdentity}} {{ at org.jboss.marshalling.river@2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteObject(RiverMarshaller.java:272)}} {{ at org.jboss.marshalling.river@2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteFields(RiverMarshaller.java:1141)}} {{ at org.jboss.marshalling.river@2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteSerializableObject(RiverMarshaller.java:1099)}} {{ at org.jboss.marshalling.river@2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteObject(RiverMarshaller.java:266)}} {{ at org.jboss.marshalling@2.0.9.Final//org.jboss.marshalling.AbstractObjectOutput.writeObject(AbstractObjectOutput.java:58)}} {{ at org.jboss.marshalling@2.0.9.Final//org.jboss.marshalling.AbstractMarshaller.writeObject(AbstractMarshaller.java:111)}} {{.....}} {{Caused by: an exception which occurred:}} {{ in field org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer.securityIdentity}} {{ in object org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer@7bf2af9a}} {{ in object org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer@7bf2af9a}} {{ in object java.util.concurrent.ConcurrentHashMap@d02a9ca2}} {{ in object org.wildfly.clustering.marshalling.jboss.SimpleMarshalledValue@d02a9ca2}}   Looks to me like it's trying to serialize the session to replicate it to the other nodes in the cluster and fails because the user identity, which is part of the session because of AutoApplySession, is not serializable. I have checked the source and it is really not serializable.   I had no problems with the old security subsystem (i.e. jaspitest). -- This message was sent by Atlassian Jira (v7.13.8#713008)