You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Erik van Konijnenburg (Jira)" <ji...@apache.org> on 2022/08/04 12:23:00 UTC

[jira] [Created] (WICKET-6996) NotSerializableException near KeyInSessionSunJceCryptFactory

Erik van Konijnenburg created WICKET-6996:
---------------------------------------------

             Summary: NotSerializableException near KeyInSessionSunJceCryptFactory
                 Key: WICKET-6996
                 URL: https://issues.apache.org/jira/browse/WICKET-6996
             Project: Wicket
          Issue Type: Bug
          Components: wicket-core
    Affects Versions: 9.11.0
            Reporter: Erik van Konijnenburg
         Attachments: cryptofactorybug.zip, log.txt

With the CryptoMapper, serializing the session results in a NotSerializableException:
{code:java}
 [main] ERROR org.apache.wicket.serialize.java.JavaSerializer - Error serializing object class org.apache.wicket.protocol.http.WebSession [object=org.apache.wicket.protocol.http.WebSession@f667fe]
org.apache.wicket.core.util.objects.checker.CheckingObjectOutputStream$ObjectCheckException: The object type is not Serializable!
A problem occurred while checking object with type: org.apache.wicket.core.util.crypt.KeyInSessionSunJceCryptFactory
Field hierarchy is:
   [class=org.apache.wicket.protocol.http.WebSession]
    private org.apache.wicket.MetaDataEntry[] org.apache.wicket.Session.metaData [class=[Lorg.apache.wicket.MetaDataEntry;]
      private org.apache.wicket.MetaDataEntry[] org.apache.wicket.Session.metaData[0] [class=org.apache.wicket.MetaDataEntry]
        final org.apache.wicket.MetaDataKey org.apache.wicket.MetaDataEntry.key [class=org.apache.wicket.MetaDataKey]
          final org.apache.wicket.core.util.crypt.AbstractKeyInSessionCryptFactory org.apache.wicket.core.util.crypt.AbstractKeyInSessionCryptFactory$1.this$0{code}
In the attached quickstart project this happens when logging the size of the session; a more direct way to trigger the issue is like so
{code:java}
 	@Test
	public void testSerialization() throws IOException {
	    tester.startPage(HomePage.class);
	    ObjectOutputStream objectStream = new ObjectOutputStream(new ByteArrayOutputStream());
	    objectStream.writeObject(tester.getSession());
	}{code}
The workaround is to make a serializable subclass of KeyInSessionSunJceCryptFactory.

Tested with wicket-9.11.0,  oracle jdk-11.0.16, ubuntu 20.04

Untested: I suspect this problem was introduced when factoring out AbstractKeyInSessionCryptFactory, the following field lost the 'static' modifier at that point:
{code:java}
	/** metadata-key used to store crypto-key in session metadata */
	private final MetaDataKey<T> KEY = new MetaDataKey<T>()
	{
		private static final long serialVersionUID = 1L;
	}; {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)