Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1337: Cannot serialize session attribute SPRING_SECURITY_CONTEXT for session java.io.NotSerializableException: org.springframework.security.core.userdetails.User$1 #1583

spring-issuemaster opened this Issue Dec 17, 2009 · 7 comments


None yet
1 participant

Nikolay Gorylenko (Migrated from SEC-1337) said:

Exception while storing session to disk or database.
Comparator in User.java should be serializable, see attached patch for implementation idea.

Nikolay Gorylenko said:

please remove first attachment

Nikolay Gorylenko said:

Unable to delete attached files by myself, so please keep "User.java-patch-2" only and delete "User.java-patch" files.

Luke Taylor said:

Thanks for spotting this. I've updated the code to remove the inline comparator class.

Nikolay Gorylenko said:

Luke, thanks for quick response.

Please remove attached "User.java-patch" files

Nikolay Gorylenko said:

Luke, please substitute
private static class GrantedAuthorityComparator implements Comparator
private static class GrantedAuthorityComparator implements java.io.Serializable, Comparator

Inner class should also be serializable

Luke Taylor said:

Yeah, I already did. I'm using an intermediate git repository though, so the changes aren't always pushed to svn immediately.

Nikolay Gorylenko said:

Okay, got it.
Can you now remove two attached files "User.java-patch", please?

@spring-issuemaster spring-issuemaster added this to the 3.0.0 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment