search

eclipse-ee4j / soteria

Soteria, a Jakarta Security implementation
Other
58 stars 30 forks source link

<distributable/> app: AccessTokenImpl is not serializable #379

Open bjorndown opened 8 months ago

bjorndown commented 8 months ago

I am trying to get the OIDC mechanism to work in a clustered wildfly (31) setup but it appears to be impossible at the moment:

10:13:44,620 WARN  [org.infinispan.PERSISTENCE] (default task-2) ISPN000559: Cannot marshall 'class org.infinispan.marshall.protostream.impl.MarshallableUserObject': java.io.NotSerializableException: org.glassfish.soteria.mechanisms.openid.domain.AccessTokenImpl
    at org.jboss.marshalling.river@2.1.3.SP1//org.jboss.marshalling.river.RiverMarshaller.doWriteObject(RiverMarshaller.java:278)
    at org.jboss.marshalling.river@2.1.3.SP1//org.jboss.marshalling.river.RiverMarshaller.doWriteFields(RiverMarshaller.java:1182)
[SNIP]
Caused by: an exception which occurred:
    in field org.wildfly.security.soteria.original.OpenIdContextImpl.accessToken
    in object org.wildfly.security.soteria.original.OpenIdContextImpl@36da2ead
    in field org.jboss.weld.contexts.SerializableContextualInstanceImpl.instance
    in object org.jboss.weld.contexts.SerializableContextualInstanceImpl@3d87e427
    in object org.jboss.weld.contexts.SerializableContextualInstanceImpl@3d87e427
    in object java.util.concurrent.ConcurrentHashMap@4fed9dbc

Is that an oversight or am I using it the wrong way?

bjorndown commented 1 month ago

Coming back to this, after a while. It seems I got a working protostream marshaller for AccessTokenImp, but I am now stuck with serializing OpenIdContextImpl:

org.infinispan.protostream.annotations.ProtoSchemaBuilderException: The class org.glassfish.soteria.mechanisms.openid.domain.IdentityTokenImpl must be instantiable using an accessible no-argument constructor.

I don't know a lot about java serialization, but from what I have read it is a problem that OpenIdContext implements Serializable but references objects which aren't.

bjorndown commented 1 month ago

Managed to work around this by creating custom marshallers for protostream: https://github.com/bjorndown/soteria-oidc-protostream-marshaller

EDIT: I spoke too soon. The field JsonObject claims of OpenIdContextImpl is not easily serializable with Protostream because it requires a concrete class.

EDIT 2: Ended up serializing the claims as JSON string. So far it seems to work.