[jboss-jira] [JBoss JIRA] (WFLY-13619) Elytron: org.wildfly.security.auth.server.SecurityIdentity not Serializable
Andrej Kolontai (Jira)
issues at jboss.org
Thu Jun 25 04:34:16 EDT 2020
[ https://issues.redhat.com/browse/WFLY-13619?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrej Kolontai updated WFLY-13619:
-----------------------------------
Description:
Since the old security subsystem has been deprecated for a while I decided to move my applications to elytron which worked just fine up to the point where I tried to migrate an application that is:
* distributed
* uses Jaspic in form of a JSR375 HttpAuthenticationMechanism which has \{{@AutoApplySession }}
In the logs I see stacktraces like this:
{noformat}
09:37:22,045 WARN [org.infinispan.PERSISTENCE] (default task-1) ISPN000559: Cannot marshall 'class org.infinispan.marshall.protostream.impl.MarshallableUserObject': java.io.NotSerializableException: org.wildfly.security.auth.server.SecurityIdentity
at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteObject(RiverMarshaller.java:272)}}
at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteFields(RiverMarshaller.java:1141)}}
at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteSerializableObject(RiverMarshaller.java:1099)}}
at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteObject(RiverMarshaller.java:266)}}
at org.jboss.marshalling at 2.0.9.Final//org.jboss.marshalling.AbstractObjectOutput.writeObject(AbstractObjectOutput.java:58)}}
at org.jboss.marshalling at 2.0.9.Final//org.jboss.marshalling.AbstractMarshaller.writeObject(AbstractMarshaller.java:111)}}
.....
Caused by: an exception which occurred:
in field org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer.securityIdentity
in object org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer at 7bf2af9a
in object org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer at 7bf2af9a
in object java.util.concurrent.ConcurrentHashMap at d02a9ca2
in object org.wildfly.clustering.marshalling.jboss.SimpleMarshalledValue at d02a9ca2
{noformat}
Looks to me like it's trying to serialize the session to replicate it to the other nodes in the cluster and fails because the user identity, which is part of the session because of AutoApplySession, is not serializable. I have checked the source and it is really not serializable.
I had no problems with the old security subsystem (i.e. jaspitest).
was:
Since the old security subsystem has been deprecated for a while I decided to move my applications to elytron which worked just fine up to the point where I tried to migrate an application that is:
* distributed
* uses Jaspic in form of a JSR375 HttpAuthenticationMechanism which has {{@AutoApplySession }}
In the logs I see stacktraces like this:
{{09:37:22,045 WARN [org.infinispan.PERSISTENCE] (default task-1) ISPN000559: Cannot marshall 'class org.infinispan.marshall.protostream.impl.MarshallableUserObject': java.io.NotSerializableException: org.wildfly.security.auth.server.SecurityIdentity}}
{{ at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteObject(RiverMarshaller.java:272)}}
{{ at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteFields(RiverMarshaller.java:1141)}}
{{ at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteSerializableObject(RiverMarshaller.java:1099)}}
{{ at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteObject(RiverMarshaller.java:266)}}
{{ at org.jboss.marshalling at 2.0.9.Final//org.jboss.marshalling.AbstractObjectOutput.writeObject(AbstractObjectOutput.java:58)}}
{{ at org.jboss.marshalling at 2.0.9.Final//org.jboss.marshalling.AbstractMarshaller.writeObject(AbstractMarshaller.java:111)}}
{{.....}}
{{Caused by: an exception which occurred:}}
{{ in field org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer.securityIdentity}}
{{ in object org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer at 7bf2af9a}}
{{ in object org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer at 7bf2af9a}}
{{ in object java.util.concurrent.ConcurrentHashMap at d02a9ca2}}
{{ in object org.wildfly.clustering.marshalling.jboss.SimpleMarshalledValue at d02a9ca2}}
Looks to me like it's trying to serialize the session to replicate it to the other nodes in the cluster and fails because the user identity, which is part of the session because of AutoApplySession, is not serializable. I have checked the source and it is really not serializable.
I had no problems with the old security subsystem (i.e. jaspitest).
> Elytron: org.wildfly.security.auth.server.SecurityIdentity not Serializable
> ---------------------------------------------------------------------------
>
> Key: WFLY-13619
> URL: https://issues.redhat.com/browse/WFLY-13619
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 20.0.0.Final
> Reporter: Andrej Kolontai
> Assignee: Darran Lofthouse
> Priority: Minor
>
> Since the old security subsystem has been deprecated for a while I decided to move my applications to elytron which worked just fine up to the point where I tried to migrate an application that is:
> * distributed
> * uses Jaspic in form of a JSR375 HttpAuthenticationMechanism which has \{{@AutoApplySession }}
> In the logs I see stacktraces like this:
>
> {noformat}
> 09:37:22,045 WARN [org.infinispan.PERSISTENCE] (default task-1) ISPN000559: Cannot marshall 'class org.infinispan.marshall.protostream.impl.MarshallableUserObject': java.io.NotSerializableException: org.wildfly.security.auth.server.SecurityIdentity
> at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteObject(RiverMarshaller.java:272)}}
> at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteFields(RiverMarshaller.java:1141)}}
> at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteSerializableObject(RiverMarshaller.java:1099)}}
> at org.jboss.marshalling.river at 2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteObject(RiverMarshaller.java:266)}}
> at org.jboss.marshalling at 2.0.9.Final//org.jboss.marshalling.AbstractObjectOutput.writeObject(AbstractObjectOutput.java:58)}}
> at org.jboss.marshalling at 2.0.9.Final//org.jboss.marshalling.AbstractMarshaller.writeObject(AbstractMarshaller.java:111)}}
> .....
> Caused by: an exception which occurred:
> in field org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer.securityIdentity
> in object org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer at 7bf2af9a
> in object org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer at 7bf2af9a
> in object java.util.concurrent.ConcurrentHashMap at d02a9ca2
> in object org.wildfly.clustering.marshalling.jboss.SimpleMarshalledValue at d02a9ca2
> {noformat}
>
>
> Looks to me like it's trying to serialize the session to replicate it to the other nodes in the cluster and fails because the user identity, which is part of the session because of AutoApplySession, is not serializable. I have checked the source and it is really not serializable.
>
> I had no problems with the old security subsystem (i.e. jaspitest).
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list