Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

After upgrading to boot 3.2.1, a serialization error occurred in the security module. #38959

Closed
asasas234 opened this issue Jan 3, 2024 · 2 comments
Closed

After upgrading to boot 3.2.1, a serialization error occurred in the security module. #38959

asasas234 opened this issue Jan 3, 2024 · 2 comments
Labels
for: external-project For an external project and not something we can fix status: duplicate A duplicate of another issue

Comments

@asasas234
Copy link

asasas234 commented Jan 3, 2024
edited

After upgrading the Spring Boot version from 3.1.5 to 3.2.1, I encountered the following exception. It seems that there is a serialization exception when the security intercepts the request to access Redis.

13:26:40.263 ERROR [youtube-dubbing-proxy,4eca1ddebe749744bebac0aaa9ea01a5,f61d48039d707710,] : [d778bac7-11]  500 Server Error for HTTP GET "/api/v2/membership/getMembership"
org.springframework.data.redis.serializer.SerializationException: Cannot deserialize
        at org.springframework.data.redis.serializer.JdkSerializationRedisSerializer.deserialize(JdkSerializationRedisSerializer.java:108)
        Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 
Error has been observed at the following site(s):
        *__checkpoint ⇢ ServerRequestCacheWebFilter [DefaultWebFilterChain]
        *__checkpoint ⇢ SecurityContextServerWebExchangeWebFilter [DefaultWebFilterChain]
        *__checkpoint ⇢ AuthenticationWebFilter [DefaultWebFilterChain]
        *__checkpoint ⇢ ReactorContextWebFilter [DefaultWebFilterChain]
        *__checkpoint ⇢ CorsWebFilter [DefaultWebFilterChain]
        *__checkpoint ⇢ HttpHeaderWriterWebFilter [DefaultWebFilterChain]
        *__checkpoint ⇢ ServerWebExchangeReactorContextWebFilter [DefaultWebFilterChain]
        *__checkpoint ⇢ org.springframework.security.web.server.WebFilterChainProxy [DefaultWebFilterChain]
        *__checkpoint ⇢ com.youtube.dubbing.proxy.youtubedubbingproxy.user.filter.RateLimiterWithResendEmailWebFilter [DefaultWebFilterChain]
        *__checkpoint ⇢ com.youtube.dubbing.proxy.youtubedubbingproxy.subtitles.filter.RateLimiterWithSubtitleWebFilter [DefaultWebFilterChain]
        *__checkpoint ⇢ HTTP GET "/api/v2/membership/getMembership" [ExceptionHandlingWebHandler]
Original Stack Trace:
                at org.springframework.data.redis.serializer.JdkSerializationRedisSerializer.deserialize(JdkSerializationRedisSerializer.java:108)
                at org.springframework.data.redis.serializer.DefaultRedisElementReader.read(DefaultRedisElementReader.java:46)
                at org.springframework.data.redis.serializer.RedisSerializationContext$SerializationPair.read(RedisSerializationContext.java:277)
                at org.springframework.data.redis.core.DefaultReactiveHashOperations.readHashValue(DefaultReactiveHashOperations.java:292)
                at org.springframework.data.redis.core.DefaultReactiveHashOperations.deserializeHashEntry(DefaultReactiveHashOperations.java:307)
                at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:106)
                at reactor.core.publisher.FluxFlatMap$FlatMapMain.tryEmit(FluxFlatMap.java:547)
                at reactor.core.publisher.FluxFlatMap$FlatMapInner.onNext(FluxFlatMap.java:988)
                at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:122)
                at reactor.core.publisher.MonoFlatMapMany$FlatMapManyInner.onNext(MonoFlatMapMany.java:250)
                at reactor.core.publisher.FluxContextWriteRestoringThreadLocals$ContextWriteRestoringThreadLocalsSubscriber.onNext(FluxContextWriteRestoringThreadLocals.java:118)
                at io.lettuce.core.RedisPublisher$ImmediateSubscriber.onNext(RedisPublisher.java:890)
                at io.lettuce.core.RedisPublisher$RedisSubscription.onNext(RedisPublisher.java:291)
                at io.lettuce.core.output.StreamingOutput$Subscriber.onNext(StreamingOutput.java:64)
                at io.lettuce.core.output.KeyValueListOutput.set(KeyValueListOutput.java:76)
                at io.lettuce.core.protocol.RedisStateMachine.safeSet(RedisStateMachine.java:806)
                at io.lettuce.core.protocol.RedisStateMachine.handleBytes(RedisStateMachine.java:577)
                at io.lettuce.core.protocol.RedisStateMachine$State$Type.handle(RedisStateMachine.java:205)
                at io.lettuce.core.protocol.RedisStateMachine.doDecode(RedisStateMachine.java:339)
                at io.lettuce.core.protocol.RedisStateMachine.decode(RedisStateMachine.java:300)
                at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:840)
                at io.lettuce.core.protocol.CommandHandler.decode0(CommandHandler.java:791)
                at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:765)
                at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:657)
                at io.lettuce.core.protocol.CommandHandler.channelRead(CommandHandler.java:597)
                at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
                at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
                at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
                at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
                at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
                at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
                at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
                at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
                at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:509)
                at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:407)
                at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
                at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
                at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
                at java.base/java.lang.Thread.run(Unknown Source)
Caused by: org.springframework.core.serializer.support.SerializationFailedException: Failed to deserialize payload. Is the byte array a result of corresponding serialization for DefaultDeserializer?
        at org.springframework.core.serializer.support.DeserializingConverter.convert(DeserializingConverter.java:80)
        at org.springframework.core.serializer.support.DeserializingConverter.convert(DeserializingConverter.java:37)
        at org.springframework.data.redis.serializer.JdkSerializationRedisSerializer.deserialize(JdkSerializationRedisSerializer.java:106)
        at org.springframework.data.redis.serializer.DefaultRedisElementReader.read(DefaultRedisElementReader.java:46)
        at org.springframework.data.redis.serializer.RedisSerializationContext$SerializationPair.read(RedisSerializationContext.java:277)
        at org.springframework.data.redis.core.DefaultReactiveHashOperations.readHashValue(DefaultReactiveHashOperations.java:292)
        at org.springframework.data.redis.core.DefaultReactiveHashOperations.deserializeHashEntry(DefaultReactiveHashOperations.java:307)
        at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:106)
        at reactor.core.publisher.FluxFlatMap$FlatMapMain.tryEmit(FluxFlatMap.java:547)
        at reactor.core.publisher.FluxFlatMap$FlatMapInner.onNext(FluxFlatMap.java:988)
        at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:122)
        at reactor.core.publisher.MonoFlatMapMany$FlatMapManyInner.onNext(MonoFlatMapMany.java:250)
        at reactor.core.publisher.FluxContextWriteRestoringThreadLocals$ContextWriteRestoringThreadLocalsSubscriber.onNext(FluxContextWriteRestoringThreadLocals.java:118)
        at io.lettuce.core.RedisPublisher$ImmediateSubscriber.onNext(RedisPublisher.java:890)
        at io.lettuce.core.RedisPublisher$RedisSubscription.onNext(RedisPublisher.java:291)
        at io.lettuce.core.output.StreamingOutput$Subscriber.onNext(StreamingOutput.java:64)
        at io.lettuce.core.output.KeyValueListOutput.set(KeyValueListOutput.java:76)
        at io.lettuce.core.protocol.RedisStateMachine.safeSet(RedisStateMachine.java:806)
        at io.lettuce.core.protocol.RedisStateMachine.handleBytes(RedisStateMachine.java:577)
        at io.lettuce.core.protocol.RedisStateMachine$State$Type.handle(RedisStateMachine.java:205)
        at io.lettuce.core.protocol.RedisStateMachine.doDecode(RedisStateMachine.java:339)
        at io.lettuce.core.protocol.RedisStateMachine.decode(RedisStateMachine.java:300)
        at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:840)
        at io.lettuce.core.protocol.CommandHandler.decode0(CommandHandler.java:791)
        at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:765)
        at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:657)
        at io.lettuce.core.protocol.CommandHandler.channelRead(CommandHandler.java:597)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
        at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
        at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:509)
        at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:407)
        at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
        at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.io.InvalidClassException: org.springframework.security.core.context.SecurityContextImpl; local class incompatible: stream classdesc serialVersionUID = 610, local class serialVersionUID = 620
        at java.base/java.io.ObjectStreamClass.initNonProxy(Unknown Source)
        at java.base/java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
        at java.base/java.io.ObjectInputStream.readClassDesc(Unknown Source)
        at java.base/java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
        at java.base/java.io.ObjectInputStream.readObject0(Unknown Source)
        at java.base/java.io.ObjectInputStream.readObject(Unknown Source)
        at java.base/java.io.ObjectInputStream.readObject(Unknown Source)
        at org.springframework.core.serializer.DefaultDeserializer.deserialize(DefaultDeserializer.java:71)
        at org.springframework.core.serializer.support.DeserializingConverter.convert(DeserializingConverter.java:75)
        ... 40 common frames omitted
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jan 3, 2024
@wilkinsona
Copy link
Member

It would appear that org.springframework.security.core.context.SecurityContextImpl from Spring Security 6.1.0 has been serialised and an attempt is then being made to deserialise it using the class from Spring Security 6.2.0. This fails due to a different serialVersionUID and no custom readObject and writeObject methods.

Spring Security users have faced similar problems in the past. spring-projects/spring-security#9204 is probably the closest match to your problem although it would appear you're not using Spring Session. Other similar issues include:

I would recommend reading spring-projects/spring-security#9204 and following its advice. If that does not help, you may want to open a new Spring Security issue. If you do so, please take the time to explain why none of the existing recommendations solve your problem.

@wilkinsona wilkinsona closed this as not planned Won't fix, can't repro, duplicate, stale Jan 3, 2024
@wilkinsona wilkinsona added status: duplicate A duplicate of another issue for: external-project For an external project and not something we can fix and removed status: waiting-for-triage An issue we've not yet triaged labels Jan 3, 2024
@asasas234
Copy link
Author

Thank you, spring-projects/spring-security#9204 is the issue I encountered.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
for: external-project For an external project and not something we can fix status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wilkinsona @asasas234 @spring-projects-issues