Details
-
Bug
-
Resolution: Cannot Reproduce
-
Minor
-
None
-
20.0.0.Final
-
None
-
-
Compatibility/Configuration
Description
Since the old security subsystem has been deprecated for a while I decided to move my applications to elytron which worked just fine up to the point where I tried to migrate an application that is:
- distributed
- uses Jaspic in form of a JSR375 HttpAuthenticationMechanism which has@AutoApplySession
In the logs I see stacktraces like this:
09:37:22,045 WARN [org.infinispan.PERSISTENCE] (default task-1) ISPN000559: Cannot marshall 'class org.infinispan.marshall.protostream.impl.MarshallableUserObject': java.io.NotSerializableException: org.wildfly.security.auth.server.SecurityIdentity at org.jboss.marshalling.river@2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteObject(RiverMarshaller.java:272)}} at org.jboss.marshalling.river@2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteFields(RiverMarshaller.java:1141)}} at org.jboss.marshalling.river@2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteSerializableObject(RiverMarshaller.java:1099)}} at org.jboss.marshalling.river@2.0.9.Final//org.jboss.marshalling.river.RiverMarshaller.doWriteObject(RiverMarshaller.java:266)}} at org.jboss.marshalling@2.0.9.Final//org.jboss.marshalling.AbstractObjectOutput.writeObject(AbstractObjectOutput.java:58)}} at org.jboss.marshalling@2.0.9.Final//org.jboss.marshalling.AbstractMarshaller.writeObject(AbstractMarshaller.java:111)}} ..... Caused by: an exception which occurred: in field org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer.securityIdentity in object org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer@7bf2af9a in object org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl$IdentityContainer@7bf2af9a in object java.util.concurrent.ConcurrentHashMap@d02a9ca2 in object org.wildfly.clustering.marshalling.jboss.SimpleMarshalledValue@d02a9ca2
Looks to me like it's trying to serialize the session to replicate it to the other nodes in the cluster and fails because the user identity, which is part of the session because of AutoApplySession, is not serializable. I have checked the source and it is really not serializable.
I had no problems with the old security subsystem (i.e. jaspitest).