Announcement Announcement Module
Collapse
No announcement yet.
Spring Security & Tomcat memcache-session-manager = Kryo SerializationException Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security & Tomcat memcache-session-manager = Kryo SerializationException

    Hello,

    I am having trouble with a Spring Application that uses Spring Security. Everything works fine within a normal Tomcat 6 environment. But when using the Tomcat via memcache-session-manager, the Applications login is not working anymore. Something with Kryo serializing seems not to work. The following error occurs in the logfile:


    WARNING: Could not load session with id CCB3EFEFBAE330CFF7CFDB27362C5EA5-devapp1 from memcached.
    com.esotericsoftware.kryo.SerializationException: Unable to deserialize object of type: java.util.concurrent.ConcurrentHashMap
    at com.esotericsoftware.kryo.Kryo.readObject(Kryo.jav a:584)
    at com.esotericsoftware.kryo.ObjectBuffer.readObject( ObjectBuffer.java:209)
    at de.javakaffee.web.msm.serializer.kryo.KryoTranscod er.deserializeAttributes(KryoTranscoder.java:256)
    at de.javakaffee.web.msm.TranscoderService.deserializ eAttributes(TranscoderService.java:159)
    at de.javakaffee.web.msm.TranscoderService.deserializ e(TranscoderService.java:116)
    at de.javakaffee.web.msm.MemcachedSessionService.load FromMemcached(MemcachedSessionService.java:900)
    at de.javakaffee.web.msm.MemcachedSessionService.find Session(MemcachedSessionService.java:498)
    at de.javakaffee.web.msm.MemcachedBackupSessionManage r.findSession(MemcachedBackupSessionManager.java:2 10)
    at org.apache.catalina.connector.Request.doGetSession (Request.java:2419)
    at org.apache.catalina.connector.Request.getSession(R equest.java:2157)
    at org.apache.catalina.connector.RequestFacade.getSes sion(RequestFacade.java:833)
    at org.apache.catalina.connector.RequestFacade.getSes sion(RequestFacade.java:844)
    at javax.servlet.http.HttpServletRequestWrapper.getSe ssion(HttpServletRequestWrapper.java:224)
    at javax.servlet.http.HttpServletRequestWrapper.getSe ssion(HttpServletRequestWrapper.java:224)
    at org.springframework.security.web.savedrequest.Http SessionRequestCache.saveRequest(HttpSessionRequest Cache.java:40)
    at org.springframework.security.web.access.ExceptionT ranslationFilter.sendStartAuthentication(Exception TranslationFilter.java:184)
    at org.springframework.security.web.access.ExceptionT ranslationFilter.handleSpringSecurityException(Exc eptionTranslationFilter.java:168)
    at org.springframework.security.web.access.ExceptionT ranslationFilter.doFilter(ExceptionTranslationFilt er.java:131)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.session.SessionMa nagementFilter.doFilter(SessionManagementFilter.ja va:103)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.authentication.An onymousAuthenticationFilter.doFilter(AnonymousAuth enticationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.servletapi.Securi tyContextHolderAwareRequestFilter.doFilter(Securit yContextHolderAwareRequestFilter.java:54)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.savedrequest.Requ estCacheAwareFilter.doFilter(RequestCacheAwareFilt er.java:45)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.authentication.Ab stractAuthenticationProcessingFilter.doFilter(Abst ractAuthenticationProcessingFilter.java:183)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.authentication.lo gout.LogoutFilter.doFilter(LogoutFilter.java:105)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.session.Concurren tSessionFilter.doFilter(ConcurrentSessionFilter.ja va:125)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.context.SecurityC ontextPersistenceFilter.doFilter(SecurityContextPe rsistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.FilterChainProxy. doFilterInternal(FilterChainProxy.java:192)
    at org.springframework.security.web.FilterChainProxy. doFilter(FilterChainProxy.java:160)
    at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:237)
    at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:167)
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:191)
    at de.javakaffee.web.msm.SessionTrackerValve.invoke(S essionTrackerValve.java:126)
    at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:293)
    at org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:859)
    at org.apache.coyote.http11.Http11Protocol$Http11Conn ectionHandler.process(Http11Protocol.java:602)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run( JIoEndpoint.java:489)
    at java.lang.Thread.run(Thread.java:662)
    Caused by: com.esotericsoftware.kryo.SerializationException: Unable to deserialize object of type: org.springframework.security.core.context.Security ContextImpl
    at com.esotericsoftware.kryo.Kryo.readClassAndObject( Kryo.java:562)
    at com.esotericsoftware.kryo.serialize.MapSerializer. readObjectData(MapSerializer.java:129)
    at com.esotericsoftware.kryo.Serializer.readObject(Se rializer.java:61)
    at com.esotericsoftware.kryo.Kryo.readObject(Kryo.jav a:580)
    ... 51 more
    Caused by: com.esotericsoftware.kryo.SerializationException: Serialization trace:
    authorities (org.springframework.security.core.userdetails.Use r)
    principal (org.springframework.security.authentication.Usern amePasswordAuthenticationToken)
    authentication (org.springframework.security.core.context.Securit yContextImpl)
    at com.esotericsoftware.kryo.serialize.FieldSerialize r.readObjectData(FieldSerializer.java:230)
    at com.esotericsoftware.kryo.serialize.ReferenceField Serializer.readObjectData(ReferenceFieldSerializer .java:81)
    at com.esotericsoftware.kryo.serialize.FieldSerialize r.readObjectData(FieldSerializer.java:212)
    at com.esotericsoftware.kryo.serialize.ReferenceField Serializer.readObjectData(ReferenceFieldSerializer .java:81)
    at com.esotericsoftware.kryo.serialize.FieldSerialize r.readObjectData(FieldSerializer.java:212)
    at com.esotericsoftware.kryo.serialize.ReferenceField Serializer.readObjectData(ReferenceFieldSerializer .java:81)
    at com.esotericsoftware.kryo.Kryo.readClassAndObject( Kryo.java:557)
    ... 54 more
    Caused by: java.lang.ClassCastException: org.springframework.security.core.authority.Simple GrantedAuthority cannot be cast to java.lang.Comparable
    at java.util.TreeMap.put(TreeMap.java:542)
    at java.util.TreeSet.add(TreeSet.java:238)
    at com.esotericsoftware.kryo.serialize.CollectionSeri alizer.readObjectData(CollectionSerializer.java:11 3)
    at com.esotericsoftware.kryo.Kryo.readClassAndObject( Kryo.java:557)
    at de.javakaffee.kryoserializers.UnmodifiableCollecti onsSerializer.readObjectData(UnmodifiableCollectio nsSerializer.java:84)
    at com.esotericsoftware.kryo.serialize.FieldSerialize r.readObjectData(FieldSerializer.java:212)
    ... 60 more


    The core message for me are the following 2 lines:
    - Unable to deserialize object of type: java.util.concurrent.ConcurrentHashMap and
    - Unable to deserialize object of type: org.springframework.security.core.context.Security ContextImpl


    Unfortunately, there is no documentation to find about how to use or configure Spring Security to get it work with a memcache-session-manager environment. And also i can not find anything clear that would help me out with this issue. Maybe there is someone who is familar with spring security memcache-session-manager issues and can help with this?

  • #2
    Hi, I'm the author of memcached-session-manager and I'd like to see what's the issue. Can you do me the favor and put together a simple example project with spring security that allows me to reproduce this? I'd drop the project/war file into a tomcat with msm and debug. E.g. you could share it on github.

    Comment


    • #3
      Hello Martin,

      Thank you for the fast answer. I will try to create a little example project tomorrow. Hopefully it will help finding out where the issue is related to.

      Comment


      • #4
        Great, looking forward to it!

        Comment


        • #5
          Hello Martin,

          I did create an example application today, but strangely, the example app works ok with login via msm. So all i can do for now is to check where the differences are between this both apps, hopefully finding anything...

          Also, i found some japanese? sites where the same issuy seems to be adressed:

          http://blog.zkname.com/post/2013/05/...lie-hua-wen-ti
          http://www.oschina.net/question/3270_20436
          http://yvonxiao.iteye.com/blog/968797

          Unfortunately its not readable because are asian letters, but they do create a CustomKryoRegistration class there which gets registered somehow to a manager xml... maybe this would be a solution? The question i have to this is, where is the class "CustomKryoRegistration" related to, where i would have to add this class in my project?

          Comment


          • #6
            You register the CustomKryoRegistration (tells kryo to use standard java serialization for the User class) via the customConverter attribute at the manager, as shown by the blog post. This class must be available in the classpath of your app, so you can put the java source besides your application code.
            Last edited by martin.grotzke; Jun 21st, 2013, 01:42 PM.

            Comment


            • #7
              Thank you for the tip Martin, i will trying out this during the next week.

              Comment

              Working...
              X