[jboss-dev] JBoss-5.0 GA and JBoss-5.0.1 GA incompatible?

Dimitris Andreadis dandread at redhat.com
Wed Feb 11 01:43:48 EST 2009 

Ok. 4.x compatibility is more important in this regard. If you're on 5.0 you can just move 
to 5.0.1

Anil Saldhana wrote:
> Dimitris,  I do not think there is an easy fix for this unless we can 
> can replace the security libraries in JBAS5.0.GA.  I suggest that we 
> retain the current suid fix that we did for 5.0.1.GA which matches the 
> suid for 4.x
> 
> Maybe we can have a wiki page with instructions to replace jbosssx.jar 
> and jbosssx-client.jar in 5.0.0.GA if someone encounters the 
> serialization incompatibility.
> 
> Anil Saldhana wrote:
>> The compatibility tests we ran before AS5.0.GA release should have 
>> caught this.  It did not.
>> One way to fix this is:
>> If the loading platform is non-JBAS 5.x,  then use the longer suid.   
>> If the loading platform is JBAS5.x, then suid = 1L.  This way versions 
>> 5.xGA onwards will be fine.
>>
>> Dimitris Andreadis wrote:
>>> Well Jaikiran really means that changing the serialVersionUID for 
>>> SimplePrincipal breaks serialization compatibility with AS 5.0.1.GA
>>> https://jira.jboss.org/jira/browse/SECURITY-341
>>>
>>> But I understand what is fixed here is having serialVersionUID 
>>> compatibility with older 4.2.x releases. The only way to have both is 
>>> using special flags to switch IDs at load time, there is no other way.
>>>
>>> Obviously the mistake was that serialVersionUID for SimplePrincipal 
>>> changed in AS 5.0 but I'm curious how we didn't catch this in the 
>>> SerialVersionUIDUnitTestCase.
>>>
>>> It turns out we didn't check for libs in JBOSS_HOME/lib and 
>>> JBOSS_HOME/server/all, so when JBOSS_HOME/common/lib was added we've 
>>> missed the libs in there.
>>>
>>> Also, shouldn't errors of this type show in some of the compatibility 
>>> matrix tests?
>>>
>>> Anil Saldhana wrote:
>>>> https://jira.jboss.org/jira/browse/JBAS-6410 is fixed in 
>>>> Branch_5_0.  That is where this was done.
>>>>
>>>> I still have jira issues open for 5.1 and trunk.
>>>>
>>>> Jaikiran Pai wrote:
>>>>> While working on a unrelated issue, i noticed that the 
>>>>> serialVersionUID of org.jboss.security.SimplePrincipal (in 
>>>>> jbosssx.jar) has changed between JBossAS5.0 GA and the current 5.0 
>>>>> branch. The 5.0 branch uses 2.0.2.SP6 version of jbosssx.jar 
>>>>> whereas JBossAS5.0 GA uses 2.0.2.SP3. Between these versions, the 
>>>>> serialVersionUID of the SimplePrincipal class has changed from
>>>>>
>>>>> private static final long serialVersionUID = 1L; // In 2.0.2.SP3
>>>>>
>>>>> to
>>>>>
>>>>> private static final long serialVersionUID = 7701951188631723261L; 
>>>>> // In 2.0.2.SP6
>>>>>
>>>>> As a result JBossAS-5.0 GA clients (ex: servlets on JBossAS-5.0 GA) 
>>>>> fail against JBossAS-5.0.1.GA server (current 5.0 branch) when 
>>>>> doing the following:
>>>>>
>>>>> import org.jboss.security.client.SecurityClient;
>>>>> import org.jboss.security.client.SecurityClientFactory;
>>>>>
>>>>> // psuedo code - do login
>>>>>          SecurityClient securityClient = 
>>>>> SecurityClientFactory.getSecurityClient();
>>>>>         securityClient.setSimple("jai", "pass");
>>>>>         securityClient.login();
>>>>>
>>>>>    // lookup bean hosted on 5.0.1 GA
>>>>>         Properties props = new Properties();
>>>>>         props.put(Context.INITIAL_CONTEXT_FACTORY, 
>>>>> "org.jnp.interfaces.NamingContextFactory");
>>>>>         props.put(Context.PROVIDER_URL,"jnp://localhost:1199");
>>>>>         Context ctx = new InitialContext(props);
>>>>>
>>>>>         MySecureBean bean = (MySecureBean) ctx.lookup("MySecureBean");
>>>>>         System.out.println("Got bean");
>>>>>         bean.doSomethingSecure("jai", 2);
>>>>>
>>>>>
>>>>> 12:33:51,261 ERROR [STDERR] Caused by: 
>>>>> java.io.InvalidClassException: org.jboss.security.SimplePrincipal; 
>>>>> local class incompatible: stream classdesc serialVersionUID = 1, 
>>>>> local class serialVersionUID = 7701951188631723261
>>>>> 12:33:51,261 ERROR [STDERR]     at 
>>>>> java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:546)
>>>>> 12:33:51,261 ERROR [STDERR]     at 
>>>>> java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1552) 
>>>>>
>>>>> 12:33:51,261 ERROR [STDERR]     at 
>>>>> java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1466)
>>>>> 12:33:51,261 ERROR [STDERR]     at 
>>>>> java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1699) 
>>>>>
>>>>> 12:33:51,261 ERROR [STDERR]     at 
>>>>> java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
>>>>> 12:33:51,261 ERROR [STDERR]     at 
>>>>> java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1908) 
>>>>>
>>>>> 12:33:51,261 ERROR [STDERR]     at 
>>>>> java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1832)
>>>>> 12:33:51,261 ERROR [STDERR]     at 
>>>>> java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1719) 
>>>>>
>>>>> 12:33:51,261 ERROR [STDERR]     at 
>>>>> java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
>>>>>
>>>>> ... // trimmed most of the unrelevant logs
>>>>> 12:33:51,264 ERROR [STDERR]     at 
>>>>> org.jboss.ejb3.proxy.handler.ProxyInvocationHandlerBase.invoke(ProxyInvocationHandlerBase.java:261) 
>>>>>
>>>>> 12:33:51,264 ERROR [STDERR]     at 
>>>>> org.jboss.ejb3.proxy.handler.session.SessionSpecProxyInvocationHandlerBase.invoke(SessionSpecProxyInvocationHandlerBase.java:101) 
>>>>>
>>>>> 12:33:51,264 ERROR [STDERR]     at $Proxy95.doSomething(Unknown 
>>>>> Source)
>>>>> 12:33:51,264 ERROR [STDERR]     at 
>>>>> org.myapp.servlet.SimpleServlet.doPost(SimpleServlet.java:40)
>>>>>
>>>>> The other way (5.0.1 GA clients against 5.0 GA server) fails too. 
>>>>> From SVN logs, it appears that the serialVersionUID change was 
>>>>> meant for compatibility with external tools like JBoss Tools. Any 
>>>>> way to make 5.0.1.GA and 5.0 GA compatible?
>>>>>
>>>>> On a related note, in the component-matrix for Branch_5_x is see 
>>>>> that the jbosssx package is still at 2.0.2.SP3:
>>>>>
>>>>> <version.org.jboss.security>2.0.2.SP3</version.org.jboss.security>
>>>>>
>>>>> It's only upgraded to 2.0.2.SP6 in 5.0 branch.
>>>>>
>>>>> regards,
>>>>> -Jaikiran
> _______________________________________________
> jboss-development mailing list
> jboss-development at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-development

More information about the jboss-development mailing list