[jboss-dev] JBoss-5.0 GA and JBoss-5.0.1 GA incompatible?

Dimitris Andreadis dandread at redhat.com
Tue Feb 10 09:27:36 EST 2009 

Well Jaikiran really means that changing the serialVersionUID for SimplePrincipal breaks 
serialization compatibility with AS 5.0.1.GA
https://jira.jboss.org/jira/browse/SECURITY-341

But I understand what is fixed here is having serialVersionUID compatibility with older 
4.2.x releases. The only way to have both is using special flags to switch IDs at load time, 
there is no other way.

Obviously the mistake was that serialVersionUID for SimplePrincipal changed in AS 5.0 but 
I'm curious how we didn't catch this in the SerialVersionUIDUnitTestCase.

It turns out we didn't check for libs in JBOSS_HOME/lib and JBOSS_HOME/server/all, so when 
JBOSS_HOME/common/lib was added we've missed the libs in there.

Also, shouldn't errors of this type show in some of the compatibility matrix tests?

Anil Saldhana wrote:
> https://jira.jboss.org/jira/browse/JBAS-6410 is fixed in Branch_5_0.  
> That is where this was done.
> 
> I still have jira issues open for 5.1 and trunk.
> 
> Jaikiran Pai wrote:
>> While working on a unrelated issue, i noticed that the 
>> serialVersionUID of org.jboss.security.SimplePrincipal (in 
>> jbosssx.jar) has changed between JBossAS5.0 GA and the current 5.0 
>> branch. The 5.0 branch uses 2.0.2.SP6 version of jbosssx.jar whereas 
>> JBossAS5.0 GA uses 2.0.2.SP3. Between these versions, the 
>> serialVersionUID of the SimplePrincipal class has changed from
>>
>> private static final long serialVersionUID = 1L; // In 2.0.2.SP3
>>
>> to
>>
>> private static final long serialVersionUID = 7701951188631723261L; // 
>> In 2.0.2.SP6
>>
>> As a result JBossAS-5.0 GA clients (ex: servlets on JBossAS-5.0 GA) 
>> fail against JBossAS-5.0.1.GA server (current 5.0 branch) when doing 
>> the following:
>>
>> import org.jboss.security.client.SecurityClient;
>> import org.jboss.security.client.SecurityClientFactory;
>>
>> // psuedo code - do login
>>          SecurityClient securityClient = 
>> SecurityClientFactory.getSecurityClient();
>>         securityClient.setSimple("jai", "pass");
>>         securityClient.login();
>>
>>    // lookup bean hosted on 5.0.1 GA
>>         Properties props = new Properties();
>>         props.put(Context.INITIAL_CONTEXT_FACTORY, 
>> "org.jnp.interfaces.NamingContextFactory");
>>         props.put(Context.PROVIDER_URL,"jnp://localhost:1199");
>>         Context ctx = new InitialContext(props);
>>
>>         MySecureBean bean = (MySecureBean) ctx.lookup("MySecureBean");
>>         System.out.println("Got bean");
>>         bean.doSomethingSecure("jai", 2);
>>
>>
>> 12:33:51,261 ERROR [STDERR] Caused by: java.io.InvalidClassException: 
>> org.jboss.security.SimplePrincipal; local class incompatible: stream 
>> classdesc serialVersionUID = 1, local class serialVersionUID = 
>> 7701951188631723261
>> 12:33:51,261 ERROR [STDERR]     at 
>> java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:546)
>> 12:33:51,261 ERROR [STDERR]     at 
>> java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1552)
>> 12:33:51,261 ERROR [STDERR]     at 
>> java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1466)
>> 12:33:51,261 ERROR [STDERR]     at 
>> java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1699)
>> 12:33:51,261 ERROR [STDERR]     at 
>> java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
>> 12:33:51,261 ERROR [STDERR]     at 
>> java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1908)
>> 12:33:51,261 ERROR [STDERR]     at 
>> java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1832)
>> 12:33:51,261 ERROR [STDERR]     at 
>> java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1719)
>> 12:33:51,261 ERROR [STDERR]     at 
>> java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
>>
>> ... // trimmed most of the unrelevant logs
>> 12:33:51,264 ERROR [STDERR]     at 
>> org.jboss.ejb3.proxy.handler.ProxyInvocationHandlerBase.invoke(ProxyInvocationHandlerBase.java:261) 
>>
>> 12:33:51,264 ERROR [STDERR]     at 
>> org.jboss.ejb3.proxy.handler.session.SessionSpecProxyInvocationHandlerBase.invoke(SessionSpecProxyInvocationHandlerBase.java:101) 
>>
>> 12:33:51,264 ERROR [STDERR]     at $Proxy95.doSomething(Unknown Source)
>> 12:33:51,264 ERROR [STDERR]     at 
>> org.myapp.servlet.SimpleServlet.doPost(SimpleServlet.java:40)
>>
>> The other way (5.0.1 GA clients against 5.0 GA server) fails too. From 
>> SVN logs, it appears that the serialVersionUID change was meant for 
>> compatibility with external tools like JBoss Tools. Any way to make 
>> 5.0.1.GA and 5.0 GA compatible?
>>
>> On a related note, in the component-matrix for Branch_5_x is see that 
>> the jbosssx package is still at 2.0.2.SP3:
>>
>> <version.org.jboss.security>2.0.2.SP3</version.org.jboss.security>
>>
>> It's only upgraded to 2.0.2.SP6 in 5.0 branch.
>>
>> regards,
>> -Jaikiran
>>
> 
> _______________________________________________
> jboss-development mailing list
> jboss-development at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-development

More information about the jboss-development mailing list