google-app-engine


Restoring session objects after migration to Spring Security 4.1.0.RELEASE


After migration from Spring Security 4.0.x to Spring Security 4.1.0.RELEASE i cannot restore SecurityContext from session because of different serialVersionUID.
public class SecurityContextImpl implements SecurityContext {
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
...
}
exception:
Exception while loading session data
java.lang.RuntimeException: java.io.InvalidClassException: org.springframework.security.core.context.SecurityContextImpl; local class incompatible: stream classdesc serialVersionUID = 400, local class serialVersionUID = 410
at com.google.apphosting.runtime.SessionManagerUtil.deserialize(SessionManagerUtil.java:58)
at com.google.apphosting.runtime.DatastoreSessionStore.createSessionFromEntity(DatastoreSessionStore.java:58)
at com.google.apphosting.runtime.DatastoreSessionStore.getSession(DatastoreSessionStore.java:85)
at com.google.apphosting.runtime.jetty.SessionManager.loadSession(SessionManager.java:330)
at com.google.apphosting.runtime.jetty.SessionManager.getSession(SessionManager.java:303)
at org.mortbay.jetty.servlet.AbstractSessionManager.getHttpSession(AbstractSessionManager.java:237)
at org.mortbay.jetty.servlet.SessionHandler.setRequestedId(SessionHandler.java:246)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:136)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:260)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:78)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:148)
at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:468)
at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:439)
at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:446)
at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:256)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:310)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:302)
at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:443)
at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:235)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.InvalidClassException: org.springframework.security.core.context.SecurityContextImpl; local class incompatible: stream classdesc serialVersionUID = 400, local class serialVersionUID = 410
at java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:617)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1746)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1630)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1907)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1462)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:417)
at java.util.HashMap.readObject(HashMap.java:1182)
at sun.reflect.GeneratedMethodAccessor65.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1017)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2040)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1936)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1462)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:417)
at com.google.apphosting.runtime.SessionManagerUtil.deserialize(SessionManagerUtil.java:56)
... 26 more
I encountered the same issue. For my case, it was due to the XML schema version of web security configuration.
It was
http://www.springframework.org/schema/security/spring-security-4.0.xsd
It was fixed after I set it to
http://www.springframework.org/schema/security/spring-security-4.1.xsd
You cannot restore those sessions given the Spring security update, as suggested by M. Deinum. They must be cleared to begin using sessions properly again. You can do this, as Igor suggested, by deleting _ah_SESSION entities in the Datastore.

Related Links

Is there API for setting TLS certificates for Google App Engine?
GAE printing same log statement multiple times
Adding multiple accounts for “You do not have permission to modify this app” error
Logs are Not Nested Under Requests in Flexible VM
How to create an equivalent of a background thread for an auto-scaling instance
Communication between modules locally
Technology for realtime messaging to mobile apps
how to apply date filter on ancestor query
How to enable speech api higher quota
Google App Engine standard environment to Cloud-SQL Second Generation instance
GAE: Restore ah-builtin-python-bundle and ah-builtin-datastoreservice
Google Cloud Storage Force Download
Importing data into 2nd generation google cloud sql
App Engine: What is the Maximum URLFetch Timeout Deadline in a Taskqueue / Backend
Using URL-safe keys in Google Cloud Datastore
AttributeError on google cloud datastore entity object

Categories

HOME
google-app-engine
gdb
polymer
merge
battery
oracle-apex-5
gradient
alarm
tivoli
zip
bookmarks
code-coverage
openbugs
google-form
libc
speech-synthesis
flash-player
esoteric-languages
google-content-api
soci
production
cfml
apache2.4
visual-glitch
named-entity-recognition
react-toolbox
epsilon
xunit
draft-js-plugins
maze
slidetoggle
underscore.js
android-things
winexe
sinch
sqlpackage
finagle
nsurl
indy10
baidu-map
sim-toolkit
diacritics
apache-stanbol
skylink
softmax
outputcache
wc
x++
ntvs
opennms
openrasta
twilio-click-to-call
spring-data-couchbase
colorbar
libjpeg
donations
mapxtreme
wso2developerstudio
synonym
avspeechsynthesizer
simevents
nservicebus5
boost-serialization
false-sharing
kendo-upload
cycle2
jparsec
relativelayout
qt5.2
video-player
rubaxa-sortable
pax-exam
.bash-profile
sony-lifelog-api
cakephp-2.7
phpldapadmin
dbaccess
filesplitting
ghcjs
post-commit-hook
imagefilter
unix-socket
multitasking
embedded-fonts
away3d
beaker-testing
wimax
android-loadermanager
qtconcurrent
cakephp-1.2
subgraph
paginator
apache-whirr
jdb
urlrewriter
convention
jquery-tools
workflow-services
dataform
mtu
echo3
lxr
lalr
xpsdocument
business-model

Resources

Encrypt Message