SEC-1337: Cannot serialize session attribute SPRING_SECURITY_CONTEXT for session java.io.NotSerializableException: org.springframework.security.core.userdetails.User$1 #1583

Closed
spring-issuemaster opened this Issue Dec 17, 2009 · 7 comments

1 participant

@spring-issuemaster

Nikolay Gorylenko (Migrated from SEC-1337) said:

Exception while storing session to disk or database.
Comparator in User.java should be serializable, see attached patch for implementation idea.

@spring-issuemaster

Nikolay Gorylenko said:

please remove first attachment

@spring-issuemaster

Nikolay Gorylenko said:

Unable to delete attached files by myself, so please keep "User.java-patch-2" only and delete "User.java-patch" files.

@spring-issuemaster

Luke Taylor said:

Thanks for spotting this. I've updated the code to remove the inline comparator class.

@spring-issuemaster

Nikolay Gorylenko said:

Luke, thanks for quick response.

Please remove attached "User.java-patch" files

@spring-issuemaster

Nikolay Gorylenko said:

Luke, please substitute
private static class GrantedAuthorityComparator implements Comparator
with
private static class GrantedAuthorityComparator implements java.io.Serializable, Comparator

Inner class should also be serializable

@spring-issuemaster

Luke Taylor said:

Yeah, I already did. I'm using an intermediate git repository though, so the changes aren't always pushed to svn immediately.

@spring-issuemaster

Nikolay Gorylenko said:

Okay, got it.
Can you now remove two attached files "User.java-patch", please?

@spring-issuemaster spring-issuemaster added this to the 3.0.0 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment