DefaultSamlAuthentication is not serializable despite being implementing Serializable interface

[gnom7]

I'd like to store authentication in redis, but it fails to serialize object despite java.io.Serializable interface is implemented by org.springframework.security.saml.spi.DefaultSamlAuthentication.

Caused by: java.io.NotSerializableException: org.springframework.security.saml.saml2.authentication.Assertion
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348)

From java.io.Serializable javadoc:

The writeObject method is responsible for writing the state of the object for its particular class so that the corresponding readObject method can restore it.

When traversing a graph, an object may be encountered that does not support the Serializable interface. In this case the NotSerializableException will be thrown and will identify the class of the non-serializable object.

So, I would need to customize serialization on my own, at least for now.

[cbgr]

org.springframework.security.saml.saml2.Saml2Object Must be serializable

[hello-josh]

@gnom7 did you resolve this?

[gnom7]

@hello-josh my workaround was custom (de)serialization to json string, although I would expect this to be implemented by spring

So, I would need to customize serialization on my own, at least for now.