Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UnknownContentTypeException is not Serializable #31283

Closed
marcusdacoregio opened this issue Sep 20, 2023 · 4 comments
Closed

UnknownContentTypeException is not Serializable #31283

marcusdacoregio opened this issue Sep 20, 2023 · 4 comments
Assignees
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement
Milestone

Comments

@marcusdacoregio
Copy link
Contributor

In Spring Security, when there is an AuthenticationException, there are some AuthenticationFailureHandler implementations that save that exception as a session attribute for future use if needed.
Spring Session uses, by default, the JDK mechanism to serialize the Session attributes.

In a scenario where the user-info-uri does not return the expected Content-Type (application/json), the RestOperations throws a UnknownContentTypeException that is handled by Spring Security and transformed into an AuthenticationException.

The problem is, when Spring Session tries to serialize the UnknownContentTypeException it fails because the type property inside it is not serializable.

A simple test can verify the behavior:

@Test
void shouldBeSerializable() throws IOException {
	Type type = new ParameterizedTypeReference<Map<String, Object>>() {
	}.getType();
	UnknownContentTypeException cause = new UnknownContentTypeException(type, MediaType.APPLICATION_JSON, 200, "OK", null, "body".getBytes());
	try (ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
		 ObjectOutputStream objectOutputStream = new ObjectOutputStream(outputStream)) {
		objectOutputStream.writeObject(cause);
	}
}

Is that expected that the exception cannot be serialized?

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Sep 20, 2023
@sbrannen sbrannen added the in: web Issues in web modules (web, webmvc, webflux, websocket) label Sep 21, 2023
@sbrannen
Copy link
Member

Is that expected that the exception cannot be serialized?

Given that UnknownContentTypeException explicitly declares a serialVersionUID field, I assume it is unintentional that the exception cannot be serialized.

FWIW, none of the java.lang.reflect types are Serializable.

Perhaps we could make use of the internal SerializableTypeWrapper utility.

@sbrannen sbrannen changed the title UnknownContentTypeException is not Serializable UnknownContentTypeException is not Serializable Sep 21, 2023
@Pushpa-Mali

This comment was marked as off-topic.

@sbrannen

This comment was marked as off-topic.

@rstoyanchev rstoyanchev self-assigned this Sep 29, 2023
@rstoyanchev rstoyanchev added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Sep 29, 2023
@rstoyanchev rstoyanchev added this to the 6.0.13 milestone Sep 29, 2023
@rstoyanchev
Copy link
Contributor

We'll make the field transient.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement
Projects
None yet
Development

No branches or pull requests

5 participants