search

benlucchesi / grails-cookie-session

cookie sessions for grails applications
28 stars 32 forks source link

SimpleGrantedAuthority cannot be serialized by Kryo #54

Open jaredjstewart opened 9 years ago

jaredjstewart commented 9 years ago

It looks like there is a known issue with some versions of Kryo when serializing Spring's SimpleGrantedAuthority due to an issue serializing TreeMap. I believe this may be fixed in more current versions of Kryo.

(See http://code.google.com/p/kryo/issues/detail?id=74 and http://grepcode.com/file/repo1.maven.org/maven2/de.javakaffee.msm/msm-kryo-serializer/1.8.1/de/javakaffee/web/msm/serializer/kryo/SpringSecurityUserRegistration.java)

2015-05-19 16:36:52,049 [ERROR] plugins.cookiesession.CookieSessionRepository - An error occurred while deserializing a session.
com.esotericsoftware.kryo.KryoException: java.lang.ClassCastException: org.springframework.security.core.authority.SimpleGrantedAuthority cannot be cast to java.lang.Comparable
Serialization trace:
authorities (com.jaredstewartconfig.authentication.userDetails.CustomUserDetails)
authentication (org.springframework.security.core.context.SecurityContextImpl)
attributes (com.granicus.grails.plugins.cookiesession.SerializableSession)
at com.esotericsoftware.kryo.serializers.ObjectField.read(ObjectField.java:125)
at com.esotericsoftware.kryo.serializers.FieldSerializer.read(FieldSerializer.java:507)
at com.esotericsoftware.kryo.Kryo.readClassAndObject(Kryo.java:776)
at com.esotericsoftware.kryo.Kryo$readClassAndObject$3.call(Unknown Source)
at com.granicus.grails.plugins.cookiesession.UsernamePasswordAuthenticationTokenSerializer.read(KryoSessionSerializer.groovy:402)
at com.esotericsoftware.kryo.Kryo.readObject(Kryo.java:694)
at com.esotericsoftware.kryo.serializers.ObjectField.read(ObjectField.java:106)
at com.esotericsoftware.kryo.serializers.FieldSerializer.read(FieldSerializer.java:507)
at com.esotericsoftware.kryo.Kryo.readClassAndObject(Kryo.java:776)
at com.esotericsoftware.kryo.serializers.MapSerializer.read(MapSerializer.java:139)
at com.esotericsoftware.kryo.serializers.MapSerializer.read(MapSerializer.java:17)
at com.esotericsoftware.kryo.Kryo.readObject(Kryo.java:694)
at com.esotericsoftware.kryo.serializers.ObjectField.read(ObjectField.java:106)
at com.esotericsoftware.kryo.serializers.FieldSerializer.read(FieldSerializer.java:507)
at com.esotericsoftware.kryo.Kryo.readObject(Kryo.java:672)
at com.esotericsoftware.kryo.Kryo$readObject$2.call(Unknown Source)
at com.granicus.grails.plugins.cookiesession.KryoSessionSerializer.deserialize(KryoSessionSerializer.groovy:85)
at com.granicus.grails.plugins.cookiesession.SessionSerializer$deserialize$0.call(Unknown Source)
at com.granicus.grails.plugins.cookiesession.CookieSessionRepository.deserializeSession(CookieSessionRepository.groovy:443)
at com.granicus.grails.plugins.cookiesession.CookieSessionRepository$deserializeSession$4.callCurrent(Unknown Source)
at com.granicus.grails.plugins.cookiesession.CookieSessionRepository.restoreSession(CookieSessionRepository.groovy:314)
at com.granicus.grails.plugins.cookiesession.SessionRepositoryRequestWrapper.restoreSession(SessionRepositoryRequestWrapper.java:58)
at com.granicus.grails.plugins.cookiesession.CookieSessionFilter.doFilterInternal(CookieSessionFilter.java:74)
at com.jaredstewart.NoAssetsCookieSessionFilter.super$4$doFilterInternal(NoAssetsCookieSessionFilter.groovy)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.springsource.loaded.ri.OriginalClassInvoker.invoke(OriginalClassInvoker.java:47)
at org.springsource.loaded.ri.ReflectiveInterceptor.jlrMethodInvoke(ReflectiveInterceptor.java:1299)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:324)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1206)
at groovy.lang.ExpandoMetaClass.invokeMethod(ExpandoMetaClass.java:1120)
at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeMethodOnSuperN(ScriptBytecodeAdapter.java:130)
at com.jaredstewart.NoAssetsCookieSessionFilter.doFilterInternal(NoAssetsCookieSessionFilter.groovy:22)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.codehaus.groovy.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:67)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ClassCastException: org.springframework.security.core.authority.SimpleGrantedAuthority cannot be cast to java.lang.Comparable
at java.util.TreeMap.compare(TreeMap.java:1290)
at java.util.TreeMap.put(TreeMap.java:538)
at java.util.TreeSet.add(TreeSet.java:255)
at com.esotericsoftware.kryo.serializers.CollectionSerializer.read(CollectionSerializer.java:112)
at com.esotericsoftware.kryo.serializers.CollectionSerializer.read(CollectionSerializer.java:18)
at com.esotericsoftware.kryo.Kryo.readClassAndObject(Kryo.java:776)
at de.javakaffee.kryoserializers.UnmodifiableCollectionsSerializer.read(UnmodifiableCollectionsSerializer.java:71)
at com.esotericsoftware.kryo.Kryo.readObject(Kryo.java:694)
at com.esotericsoftware.kryo.serializers.ObjectField.read(ObjectField.java:106)
... 62 more
benlucchesi commented 9 years ago

There's some challenges upgrading the version of kryo because I'm using the kryo-serializers library to assist with serializing some of the collections. Last time I checked, the kryo-serializers library hadn't been upgraded to account for the namespace changes that have occurred in the kryo library. If you want to experiment with the upgrade, I'd appreciate the help, otherwise, I'll get to it when I can.

I haven't looked into using the msm-kryo-serializer library yet.

-ben

On Tue, May 19, 2015 at 2:46 PM, jaredjstewart notifications@github.com wrote:

It looks like there is a known issue with some versions of Kryo when serializing Spring's SimpleGrantedAuthority due to an issue serializing TreeMap. I believe this may be fixed in more current versions of Kryo.

(See http://code.google.com/p/kryo/issues/detail?id=74 and http://grepcode.com/file/repo1.maven.org/maven2/de.javakaffee.msm/msm-kryo-serializer/1.8.1/de/javakaffee/web/msm/serializer/kryo/SpringSecurityUserRegistration.java )

2015-05-19 16:36:52,049 [ERROR] plugins.cookiesession.CookieSessionRepository - An error occurred while deserializing a session. com.esotericsoftware.kryo.KryoException: java.lang.ClassCastException: org.springframework.security.core.authority.SimpleGrantedAuthority cannot be cast to java.lang.Comparable Serialization trace: authorities (com.jaredstewartconfig.authentication.userDetails.CustomUserDetails) authentication (org.springframework.security.core.context.SecurityContextImpl) attributes (com.granicus.grails.plugins.cookiesession.SerializableSession) at com.esotericsoftware.kryo.serializers.ObjectField.read(ObjectField.java:125) at com.esotericsoftware.kryo.serializers.FieldSerializer.read(FieldSerializer.java:507) at com.esotericsoftware.kryo.Kryo.readClassAndObject(Kryo.java:776) at com.esotericsoftware.kryo.Kryo$readClassAndObject$3.call(Unknown Source) at com.granicus.grails.plugins.cookiesession.UsernamePasswordAuthenticationTokenSerializer.read(KryoSessionSerializer.groovy:402) at com.esotericsoftware.kryo.Kryo.readObject(Kryo.java:694) at com.esotericsoftware.kryo.serializers.ObjectField.read(ObjectField.java:106) at com.esotericsoftware.kryo.serializers.FieldSerializer.read(FieldSerializer.java:507) at com.esotericsoftware.kryo.Kryo.readClassAndObject(Kryo.java:776) at com.esotericsoftware.kryo.serializers.MapSerializer.read(MapSerializer.java:139) at com.esotericsoftware.kryo.serializers.MapSerializer.read(MapSerializer.java:17) at com.esotericsoftware.kryo.Kryo.readObject(Kryo.java:694) at com.esotericsoftware.kryo.serializers.ObjectField.read(ObjectField.java:106) at com.esotericsoftware.kryo.serializers.FieldSerializer.read(FieldSerializer.java:507) at com.esotericsoftware.kryo.Kryo.readObject(Kryo.java:672) at com.esotericsoftware.kryo.Kryo$readObject$2.call(Unknown Source) at com.granicus.grails.plugins.cookiesession.KryoSessionSerializer.deserialize(KryoSessionSerializer.groovy:85) at com.granicus.grails.plugins.cookiesession.SessionSerializer$deserialize$0.call(Unknown Source) at com.granicus.grails.plugins.cookiesession.CookieSessionRepository.deserializeSession(CookieSessionRepository.groovy:443) at com.granicus.grails.plugins.cookiesession.CookieSessionRepository$deserializeSession$4.callCurrent(Unknown Source) at com.granicus.grails.plugins.cookiesession.CookieSessionRepository.restoreSession(CookieSessionRepository.groovy:314) at com.granicus.grails.plugins.cookiesession.SessionRepositoryRequestWrapper.restoreSession(SessionRepositoryRequestWrapper.java:58) at com.granicus.grails.plugins.cookiesession.CookieSessionFilter.doFilterInternal(CookieSessionFilter.java:74) at com.jaredstewart.NoAssetsCookieSessionFilter.super$4$doFilterInternal(NoAssetsCookieSessionFilter.groovy) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at org.springsource.loaded.ri.OriginalClassInvoker.invoke(OriginalClassInvoker.java:47) at org.springsource.loaded.ri.ReflectiveInterceptor.jlrMethodInvoke(ReflectiveInterceptor.java:1299) at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90) at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:324) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1206) at groovy.lang.ExpandoMetaClass.invokeMethod(ExpandoMetaClass.java:1120) at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.invokeMethodOnSuperN(ScriptBytecodeAdapter.java:130) at com.jaredstewart.NoAssetsCookieSessionFilter.doFilterInternal(NoAssetsCookieSessionFilter.groovy:22) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.codehaus.groovy.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:67) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.ClassCastException: org.springframework.security.core.authority.SimpleGrantedAuthority cannot be cast to java.lang.Comparable at java.util.TreeMap.compare(TreeMap.java:1290) at java.util.TreeMap.put(TreeMap.java:538) at java.util.TreeSet.add(TreeSet.java:255) at com.esotericsoftware.kryo.serializers.CollectionSerializer.read(CollectionSerializer.java:112) at com.esotericsoftware.kryo.serializers.CollectionSerializer.read(CollectionSerializer.java:18) at com.esotericsoftware.kryo.Kryo.readClassAndObject(Kryo.java:776) at de.javakaffee.kryoserializers.UnmodifiableCollectionsSerializer.read(UnmodifiableCollectionsSerializer.java:71) at com.esotericsoftware.kryo.Kryo.readObject(Kryo.java:694) at com.esotericsoftware.kryo.serializers.ObjectField.read(ObjectField.java:106) ... 62 more

— Reply to this email directly or view it on GitHub https://github.com/benlucchesi/grails-cookie-session-v2/issues/54.

double16 commented 7 years ago

@benlucchesi Are you still maintaining this plugin? I'd be interested in getting it working with the latest kyro and Grails.

benlucchesi commented 7 years ago

I haven't had time. Been busy with work. You're welcome to take the project over.

If you need any input on issues you may face with modern grails, I'd be happy to share my thoughts.

-ben

On Fri, Sep 22, 2017 at 8:37 AM, Patrick Double notifications@github.com wrote:

@benlucchesi https://github.com/benlucchesi Are you still maintaining this plugin? I'd be interested in getting it working with the latest kyro and Grails.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/benlucchesi/grails-cookie-session/issues/54#issuecomment-331482294, or mute the thread https://github.com/notifications/unsubscribe-auth/AAwojPNLGpDBg9HLkna0vQajHfIdsc1Tks5sk9RHgaJpZM4Eg6xE .

double16 commented 7 years ago

I'll give it a go. I am thinking of changes that would require a major version update. I'd like to use Kryo 4.0 and optimizations that would make the Spring Security support take less space. Did you want to communicate in this issue or another channel?

double16 commented 7 years ago

Fixed in https://github.com/double16/grails-cookie-session/tree/release/4.0.0

dependencies { compile 'org.grails.plugins:cookie-session:4.0.0.RC1' }