Spring Security
  1. Spring Security
  2. SEC-1337

Cannot serialize session attribute SPRING_SECURITY_CONTEXT for session java.io.NotSerializableException: org.springframework.security.core.userdetails.User$1

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0.RC2
    • Fix Version/s: 3.0.0
    • Component/s: Core
    • Labels:
      None
    • Environment:
      Clustered tomcat

      Description

      Exception while storing session to disk or database.
      Comparator in User.java should be serializable, see attached patch for implementation idea.

        Activity

        Hide
        Nikolay Gorylenko added a comment -

        please remove first attachment

        Show
        Nikolay Gorylenko added a comment - please remove first attachment
        Hide
        Nikolay Gorylenko added a comment -

        Unable to delete attached files by myself, so please keep "User.java-patch-2" only and delete "User.java-patch" files.

        Show
        Nikolay Gorylenko added a comment - Unable to delete attached files by myself, so please keep "User.java-patch-2" only and delete "User.java-patch" files.
        Hide
        Luke Taylor added a comment -

        Thanks for spotting this. I've updated the code to remove the inline comparator class.

        Show
        Luke Taylor added a comment - Thanks for spotting this. I've updated the code to remove the inline comparator class.
        Hide
        Nikolay Gorylenko added a comment -

        Luke, thanks for quick response.

        Please remove attached "User.java-patch" files

        Show
        Nikolay Gorylenko added a comment - Luke, thanks for quick response. Please remove attached "User.java-patch" files
        Hide
        Nikolay Gorylenko added a comment -

        Luke, please substitute
        private static class GrantedAuthorityComparator implements Comparator<GrantedAuthority>
        with
        private static class GrantedAuthorityComparator implements java.io.Serializable, Comparator<GrantedAuthority>

        Inner class should also be serializable

        Show
        Nikolay Gorylenko added a comment - Luke, please substitute private static class GrantedAuthorityComparator implements Comparator<GrantedAuthority> with private static class GrantedAuthorityComparator implements java.io.Serializable, Comparator<GrantedAuthority> Inner class should also be serializable
        Hide
        Luke Taylor added a comment -

        Yeah, I already did. I'm using an intermediate git repository though, so the changes aren't always pushed to svn immediately.

        Show
        Luke Taylor added a comment - Yeah, I already did. I'm using an intermediate git repository though, so the changes aren't always pushed to svn immediately.
        Hide
        Nikolay Gorylenko added a comment -

        Okay, got it.
        Can you now remove two attached files "User.java-patch", please?

        Show
        Nikolay Gorylenko added a comment - Okay, got it. Can you now remove two attached files "User.java-patch", please?

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Nikolay Gorylenko
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: