search

jetty / jetty.project

Eclipse Jetty® - Web Container & Clients - supports HTTP/2, HTTP/1.1, HTTP/1.0, websocket, servlets, and more
https://eclipse.dev/jetty
Other
3.84k stars 1.91k forks source link

OpenId core authentication is storing a non-serializable attribute in a session #12307

Closed janbartel closed 3 days ago

janbartel commented 3 days ago

Jetty version(s) jetty-12.0.x

Jetty Environment core

There is a bug in the core SessionHandler that has revealed that a session won't be written out as the response exits. See PR #12303. This has revealed a problem in the core OpenId authentication - I'm not sure if this is just a problem with the test setup or a problem in the implementation, but once #12303 is fixed so the session will be saved on the way out of the response, the OpenId tests start to fail with java.io.NotSerializableException when the session is serialized. So there must be a session attribute that is non-serializable.

See:

https://jenkins.webtide.net/blue/organizations/jenkins/jetty.project/detail/PR-12303/3/pipeline

janbartel commented 3 days ago

Closing in favour of opening a corrected issue - found the problem in SessionAuthentication.