Announcement Announcement Module
Collapse
No announcement yet.
serialization incompatibility from 0.6 -> 0.6.1 Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • serialization incompatibility from 0.6 -> 0.6.1

    The UsernamePasswordAuthenticationToken serializable class is not versioned. I upgraded from version 0.6 to 0.6.1 and get the following error.

    -----------------------------------------------------------------

    004-10-19 11:54:42 StandardManager[/tbr] IOException while loading persisted sessions: java.io.InvalidClassException: net.sf.acegisecurity.providers.UsernamePasswordAut henticationToken; local class incompatible: stream classdesc serialVersionUID = -7294159914012923185, local class serialVersionUID = 2383602471895018131
    java.io.InvalidClassException: net.sf.acegisecurity.providers.UsernamePasswordAut henticationToken; local class incompatible: stream classdesc serialVersionUID = -7294159914012923185, local class serialVersionUID = 2383602471895018131
    at java.io.ObjectStreamClass.initNonProxy(ObjectStrea mClass.java:459)
    at java.io.ObjectInputStream.readNonProxyDesc(ObjectI nputStream.java:1521)
    at java.io.ObjectInputStream.readClassDesc(ObjectInpu tStream.java:1435)
    at java.io.ObjectInputStream.readOrdinaryObject(Objec tInputStream.java:1626)
    at java.io.ObjectInputStream.readObject0(ObjectInputS tream.java:1274)
    at java.io.ObjectInputStream.defaultReadFields(Object InputStream.java:1845)
    at java.io.ObjectInputStream.readSerialData(ObjectInp utStream.java:1769)
    at java.io.ObjectInputStream.readOrdinaryObject(Objec tInputStream.java:1646)
    at java.io.ObjectInputStream.readObject0(ObjectInputS tream.java:1274)
    at java.io.ObjectInputStream.readObject(ObjectInputSt ream.java:324)

  • #2
    You're persisting the Authentication token in the HttpSession? This is not a use case I can think of a good reason for. Could you please elaborate on why this is necessary?

    Comment


    • #3
      I didn't explicitly persist the Authentication token in the HttpSession, but the web container must have. I stopped my web app, upgraded Acegi and restarted when I ran into this issue. This might not be a legitimate use case however in a clustered web app, this could happen during session synchronization if the nodes of the cluster are running different versions of Acegi.

      Comment


      • #4
        Originally posted by sjivan
        This might not be a legitimate use case however in a clustered web app, this could happen during session synchronization if the nodes of the cluster are running different versions of Acegi.
        I'm not sure I agree this is a common requirement.

        My reluctance to simply put a
        Code:
        static final long serialVersionUID
        into the class is it will have a flow-on effect from Authentication to GrantedAuthority implementations and UserDetails implementations. Both of these interfaces (especially the latter) are implemented by users and I don't want to impose an additional requirement on them, especially for a use case I personally can't see as being needed.

        If people disagree with me on this, please speak up and I'll add it.

        Let's not also forget you're free to implement your own Authentication object (and related objects) which can use the serialVersionUID. The joys of everything being a interface!

        Comment

        Working...
        X