You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Erik van Konijnenburg (Jira)" <ji...@apache.org> on 2022/08/04 12:23:00 UTC
[jira] [Created] (WICKET-6996) NotSerializableException near KeyInSessionSunJceCryptFactory
Erik van Konijnenburg created WICKET-6996:
---------------------------------------------
Summary: NotSerializableException near KeyInSessionSunJceCryptFactory
Key: WICKET-6996
URL: https://issues.apache.org/jira/browse/WICKET-6996
Project: Wicket
Issue Type: Bug
Components: wicket-core
Affects Versions: 9.11.0
Reporter: Erik van Konijnenburg
Attachments: cryptofactorybug.zip, log.txt
With the CryptoMapper, serializing the session results in a NotSerializableException:
{code:java}
[main] ERROR org.apache.wicket.serialize.java.JavaSerializer - Error serializing object class org.apache.wicket.protocol.http.WebSession [object=org.apache.wicket.protocol.http.WebSession@f667fe]
org.apache.wicket.core.util.objects.checker.CheckingObjectOutputStream$ObjectCheckException: The object type is not Serializable!
A problem occurred while checking object with type: org.apache.wicket.core.util.crypt.KeyInSessionSunJceCryptFactory
Field hierarchy is:
[class=org.apache.wicket.protocol.http.WebSession]
private org.apache.wicket.MetaDataEntry[] org.apache.wicket.Session.metaData [class=[Lorg.apache.wicket.MetaDataEntry;]
private org.apache.wicket.MetaDataEntry[] org.apache.wicket.Session.metaData[0] [class=org.apache.wicket.MetaDataEntry]
final org.apache.wicket.MetaDataKey org.apache.wicket.MetaDataEntry.key [class=org.apache.wicket.MetaDataKey]
final org.apache.wicket.core.util.crypt.AbstractKeyInSessionCryptFactory org.apache.wicket.core.util.crypt.AbstractKeyInSessionCryptFactory$1.this$0{code}
In the attached quickstart project this happens when logging the size of the session; a more direct way to trigger the issue is like so
{code:java}
@Test
public void testSerialization() throws IOException {
tester.startPage(HomePage.class);
ObjectOutputStream objectStream = new ObjectOutputStream(new ByteArrayOutputStream());
objectStream.writeObject(tester.getSession());
}{code}
The workaround is to make a serializable subclass of KeyInSessionSunJceCryptFactory.
Tested with wicket-9.11.0, oracle jdk-11.0.16, ubuntu 20.04
Untested: I suspect this problem was introduced when factoring out AbstractKeyInSessionCryptFactory, the following field lost the 'static' modifier at that point:
{code:java}
/** metadata-key used to store crypto-key in session metadata */
private final MetaDataKey<T> KEY = new MetaDataKey<T>()
{
private static final long serialVersionUID = 1L;
}; {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)