[jboss-jira] [JBoss JIRA] (WFLY-13619) Elytron: org.wildfly.security.auth.server.SecurityIdentity not Serializable

[Moulali Shikalwadi (Jira)]

     [ https://issues.redhat.com/browse/WFLY-13619?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Moulali Shikalwadi reassigned WFLY-13619:
-----------------------------------------

    Assignee: Moulali Shikalwadi


> Elytron: org.wildfly.security.auth.server.SecurityIdentity not Serializable
> ---------------------------------------------------------------------------
>
>                 Key: WFLY-13619
>                 URL: https://issues.redhat.com/browse/WFLY-13619
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 20.0.0.Final
>            Reporter: Andrej Kolontai
>            Assignee: Moulali Shikalwadi
>            Priority: Minor
>
> Since the old security subsystem has been deprecated for a while I decided to move my applications to elytron which worked just fine up to the point where I tried to migrate an application that is:
>  * distributed
>  * uses Jaspic in form of a JSR375 HttpAuthenticationMechanism which has at AutoApplySession
> In the logs I see stacktraces like this:
>  
> {noformat}
> 09:37:22,045 WARN [org.infinispan.PERSISTENCE] (default task-1) ISPN000559: Cannot marshall 'class org.infinispan.marshall.protostream.impl.MarshallableUserObject': java.io.NotSerializableException: org.wildfly.security.auth.server.SecurityIdentity
> at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteObject(RiverMarshaller.java:272)}}
> at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteFields(RiverMarshaller.java:1141)}}
> at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteSerializableObject(RiverMarshaller.java:1099)}}
> at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteObject(RiverMarshaller.java:266)}}
> at org.jboss.marshalling at 2.0.9.Final//org.jboss.marshalling.AbstractObjectOutput.writeObject(AbstractObjectOutput.java:58)}}
> at org.jboss.marshalling at 2.0.9.Final//org.jboss.marshalling.AbstractMarshaller.writeObject(AbstractMarshaller.java:111)}}
> .....
> Caused by: an exception which occurred:
> in field org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer.securityIdentity
> in object org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer at 7bf2af9a
> in object org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer at 7bf2af9a
> in object java.util.concurrent.ConcurrentHashMap at d02a9ca2
> in object org.wildfly.clustering.marshalling.jboss.SimpleMarshalledValue at d02a9ca2
> {noformat}
>  
>  
> Looks to me like it's trying to serialize the session to replicate it to the other nodes in the cluster and fails because the user identity, which is part of the session because of AutoApplySession, is not serializable. I have checked the source and it is really not serializable.
>  
> I had no problems with the old security subsystem (i.e. jaspitest).



--
This message was sent by Atlassian Jira
(v7.13.8#713008)