Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixing NotSerializableException: org.acegisecurity.context.SecurityContext$1 #8918

Merged
merged 1 commit into from
Feb 1, 2024
Merged

Fixing NotSerializableException: org.acegisecurity.context.SecurityContext$1 #8918

merged 1 commit into from
Feb 1, 2024

Conversation

jglick
Copy link
Member

@jglick jglick commented Jan 29, 2024

While testing some CloudBees CI code in a non-production context involving serialized web sessions, I noticed an error

java.io.NotSerializableException: org.acegisecurity.context.SecurityContext$1

Looking into #4848 I noticed that I had forgotten implements Serializable in a spot:

$ javap -classpath ~/.m2/repository/org/acegisecurity/acegi-security/1.0.7/acegi-security-1.0.7.jar org.acegisecurity.context.SecurityContext
Compiled from "SecurityContext.java"
public interface org.acegisecurity.context.SecurityContext extends java.io.Serializable {
  public abstract org.acegisecurity.Authentication getAuthentication();
  public abstract void setAuthentication(org.acegisecurity.Authentication);
}

Testing done

Test without patch:

java.io.NotSerializableException: org.acegisecurity.context.SecurityContext$1
	at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1175)
	at java.base/java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:345)
	at org.acegisecurity.context.SecurityContextTest.serDeser(SecurityContextTest.java:61)
	at org.acegisecurity.context.SecurityContextTest.serializabilityFromSpring(SecurityContextTest.java:44)
java.io.NotSerializableException: org.acegisecurity.context.SecurityContextImpl
	at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1175)
	at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1543)
	at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1500)
	at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1423)
	at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1169)
	at java.base/java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:345)
	at org.acegisecurity.context.SecurityContextTest.serDeser(SecurityContextTest.java:61)
	at org.acegisecurity.context.SecurityContextTest.serializabilityToSpring(SecurityContextTest.java:54)

Proposed changelog entries

  • N/A, not known to affect production code

Before the changes are marked as ready-for-merge:

Maintainer checklist

Edit tasklist title
Beta Give feedback Tasklist Maintainer checklist, more options

Delete tasklist

Delete tasklist block?
Are you sure? All relationships in this tasklist will be removed.
  1. There are at least two (2) approvals for the pull request and no outstanding requests for change.
    Options
  2. Conversations in the pull request are over, or it is explicit that a reviewer is not blocking the change.
    Options
  3. Changelog entries in the pull request title and/or Proposed changelog entries are accurate, human-readable, and in the imperative mood.
    Options
  4. Proper changelog labels are set so that the changelog can be generated automatically.
    Options
  5. If the change needs additional upgrade steps from users, the upgrade-guide-needed label is set and there is a Proposed upgrade guidelines section in the pull request title (see example).
    Options
  6. If it would make sense to backport the change to LTS, a Jira issue must exist, be a Bug or Improvement, and be labeled as lts-candidate to be considered (see query).
    Options
Loading

@jglick jglick requested a review from Vlatombe January 29, 2024 22:47
jglick
jglick commented Jan 29, 2024
View reviewed changes
core/src/main/java/org/acegisecurity/context/SecurityContext.java
}

@Override
public Authentication getAuthentication() {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ignore ws

@MarkEWaite MarkEWaite added the skip-changelog Should not be shown in the changelog label Jan 29, 2024
@timja
Copy link
Member

timja commented Jan 30, 2024

/label ready-for-merge

This PR is now ready for merge, after ~24 hours, we will merge it if there's no negative feedback.

Thanks!

@comment-ops-bot comment-ops-bot bot added the ready-for-merge The PR is ready to go, and it will be merged soon if there is no negative feedback label Jan 30, 2024
jglick
jglick commented Jan 30, 2024
View reviewed changes
core/src/main/java/org/acegisecurity/context/SecurityContext.java

/**
* @deprecated Use {@link ACL#as(User)} or {@link org.springframework.security.core.context.SecurityContext}
*/
@Deprecated
public interface SecurityContext {
public interface SecurityContext extends Serializable {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that just this line suffices to make the tests pass. I refactored the inner classes to member classes since it is not a good practice to use inner classes for anything that might be serialized.

@NotMyFault NotMyFault merged commit ddf68d3 into jenkinsci:master Feb 1, 2024
16 checks passed
@jglick jglick deleted the SecurityContext branch February 1, 2024 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Vlatombe Vlatombe Vlatombe approved these changes

@timja timja timja approved these changes

@julieheard julieheard julieheard approved these changes

Assignees
No one assigned
Labels
ready-for-merge The PR is ready to go, and it will be merged soon if there is no negative feedback skip-changelog Should not be shown in the changelog
Projects
None yet
Milestone
No milestone
6 participants
@jglick @timja @Vlatombe @julieheard @MarkEWaite @NotMyFault