Spring Session and Dev Tools Cause ClassCastException

[rwinch]

If Spring Session Redis and Spring Boot Dev Tools are being used and a user defined class is persisted into HttpSession a ClassCastException will occur when trying to load it.

The problem is that Spring Session uses Spring Data Redis to load the class on each request. Spring Data Redis eventually uses DefaultDeserializer which uses an ObjectInputStream to load the class from the system ClassLoader.

This means that the value restored from session has a class defined by the system ClassLoader. The application itself loads the same class from Spring Boot's RestartClassLoader. Since the two classes are loaded from different ClassLoaders they cannot be cast from one to the other.

One possible solution is for Spring Redis to use a mechanism to customize the ObjectInputStream ClassLoader to use the ThreadLocal.getThread().getContextClassLoader(). For example, it could use ConfigurableObjectInputStream

I believe one alternative is that if DefaultDeserializer were loaded using RestartClassLoader, then the ObjectInputStream should use the RestartClassLoader.

Related (possibly replaces this issue): SPR-13409

[snicoll]

Similar problem with other caches whose content survive the application refresh.

[rwinch]

@snicoll Would SPR-13409 help with cache too?

[snicoll]

probably not. Each cache implementation has its own way of deserializing cached data but I guess we could maybe tune the config when devtools runs. I am not sure if that's a huge problem though, persistent caching in dev mode seems like a lousy option.

We had an issue with our SpringOne demo that I need to dig a bit more. I'll create a separate issue if necessary. Thanks!

[philwebb]

Unfortunately I've not found a way to work around this type of issue without making changes in the things that call ObjectInputStream. For now we're probably going to need to leave this as a known limitation.