You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Florent BENOIT <Fl...@objectweb.org> on 2004/03/04 16:27:59 UTC
Realm / GenericPrincipal class not serializable (With SecurityManager)
Hi all,
I'm working with Tomcat 5.0.19 and with a SecurityManager and I have a
problem with an attribute which is not Serializable.
The class which is not serializable is the class GenericPrincipal from
the package org.apache.catalina.realm.
Note that I use an embedded version of Tomcat but i don't think the
problem come from this. I will explain the problem :
I log into my application, then I do some actions. After this, I remove
the application. and I have this trace (full stack at the end of the mail).
2004-03-04 15:57:44,646 : StandardManager.stop : Stopping
2004-03-04 15:57:44,648 : StandardManager.doUnload : Unloading persisted
sessions
2004-03-04 15:57:44,649 : StandardManager.doUnload : Saving persisted
sessions to SESSIONS.ser
2004-03-04 15:57:44,650 : StandardManager.doUnload : Unloading 1 sessions
2004-03-04 15:57:44,680 : ManagerBase.log : Cannot serialize session
attribute javax.security.auth.subject for session
E3EC3F36C2ECD4AF76D7ADC0D2533BEF
java.io.NotSerializableException: org.apache.catalina.realm.GenericPrincipal
For example, in the class org.apache.coyote.tomcat5.CoyoteRequest, there
is a method :
public void setUserPrincipal(Principal principal) {
If the SecurityManager is set, the Principal is added to the session :
if (System.getSecurityManager() != null){
[...]
subject = new Subject();
subject.getPrincipals().add(principal);
[...]
if (session != null){
session.setAttribute(Globals.SUBJECT_ATTR, subject);
}
}
The problem is that the principal object is not Serializable (Class
org.apache.catalina.realm.GenericPrincipal).
And some attributes of GenericPrincipallike the realm may not be
Serializable too.
As I'm implementing my own realm, I can define a Principal
implementation which is Serializable But it will be fine if I can use
GenericPrincipal implementation if it is a serializable object.
Regards,
Florent
Full stack trace :
at
java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:12004-03-04
15:57:44,646 : StandardManager.stop : Stopping
2004-03-04 15:57:44,648 : StandardManager.doUnload : Unloading persisted
sessions
2004-03-04 15:57:44,649 : StandardManager.doUnload : Saving persisted
sessions to SESSIONS.ser
2004-03-04 15:57:44,650 : StandardManager.doUnload : Unloading 1 sessions
2004-03-04 15:57:44,680 : ManagerBase.log : Cannot serialize session
attribute javax.security.auth.subject for session
E3EC3F36C2ECD4AF76D7ADC0D2533BEF
java.io.NotSerializableException:
org.apache.catalina.realm.GenericPrincipal.java:1054)
at
java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:278)
at java.util.LinkedList.writeObject(LinkedList.java:685)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at
java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:809)
at
java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1296)
at
java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1247)
at
java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052)
at
java.io.ObjectOutputStream.access$100(ObjectOutputStream.java:122)
at
java.io.ObjectOutputStream$PutFieldImpl.writeFields(ObjectOutputStream.java:1475)
at
java.io.ObjectOutputStream.writeFields(ObjectOutputStream.java:405)
at
javax.security.auth.Subject$SecureSet.writeObject(Subject.java:1288)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at
java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:809)
at
java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1296)
at
java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1247)
at
java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052)
at
java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1332)
at
java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:367)
at javax.security.auth.Subject.writeObject(Subject.java:910)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at
java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:809)
at
java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1296)
at
java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1247)
at
java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052)
at
java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:278)
at
org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1446)
at
org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:937)
at
org.apache.catalina.session.StandardManager.doUnload(StandardManager.java:586)
at
org.apache.catalina.session.StandardManager$PrivilegedDoUnload.run(StandardManager.java:135)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.session.StandardManager.unload(StandardManager.java:521)
at
org.apache.catalina.session.StandardManager.stop(StandardManager.java:734)
at
org.apache.catalina.core.StandardContext.stop(StandardContext.java:4436)
Re: Realm / GenericPrincipal class not serializable (With SecurityManager)
Posted by Florent BENOIT <Fl...@objectweb.org>.
Hi,
Thanks too.
Florent.
Jeanfrancois Arcand wrote:
> Fixed.
>
> Thanks
>
> -- Jeanfrancois
>
> Jeanfrancois Arcand wrote:
>
>>
>>
>> Florent BENOIT wrote:
>>
>>> Hi all,
>>>
>>> I'm working with Tomcat 5.0.19 and with a SecurityManager and I have
>>> a problem with an attribute which is not Serializable.
>>>
>>> The class which is not serializable is the class GenericPrincipal
>>> from the package org.apache.catalina.realm.
>>>
>>> Note that I use an embedded version of Tomcat but i don't think the
>>> problem come from this. I will explain the problem :
>>>
>>> I log into my application, then I do some actions. After this, I
>>> remove the application. and I have this trace (full stack at the end
>>> of the mail).
>>>
>>> 2004-03-04 15:57:44,646 : StandardManager.stop : Stopping
>>> 2004-03-04 15:57:44,648 : StandardManager.doUnload : Unloading
>>> persisted sessions
>>> 2004-03-04 15:57:44,649 : StandardManager.doUnload : Saving
>>> persisted sessions to SESSIONS.ser
>>> 2004-03-04 15:57:44,650 : StandardManager.doUnload : Unloading 1
>>> sessions
>>> 2004-03-04 15:57:44,680 : ManagerBase.log : Cannot serialize session
>>> attribute javax.security.auth.subject for session
>>> E3EC3F36C2ECD4AF76D7ADC0D2533BEF
>>> java.io.NotSerializableException:
>>> org.apache.catalina.realm.GenericPrincipal
>>>
>>>
>>> For example, in the class org.apache.coyote.tomcat5.CoyoteRequest,
>>> there is a method :
>>> public void setUserPrincipal(Principal principal) {
>>>
>>> If the SecurityManager is set, the Principal is added to the session :
>>>
>>> if (System.getSecurityManager() != null){
>>> [...]
>>> subject = new Subject();
>>> subject.getPrincipals().add(principal); [...]
>>> if (session != null){
>>> session.setAttribute(Globals.SUBJECT_ATTR, subject);
>>> }
>>> }
>>>
>>>
>>> The problem is that the principal object is not Serializable (Class
>>> org.apache.catalina.realm.GenericPrincipal).
>>> And some attributes of GenericPrincipallike the realm may not be
>>> Serializable too.
>>>
>>> As I'm implementing my own realm, I can define a Principal
>>> implementation which is Serializable But it will be fine if I can
>>> use GenericPrincipal implementation if it is a serializable object.
>>
>>
>>
>> Hi,
>>
>> yes, it seems to be a bug. This particular attribute should not get
>> serialized. I will take a look latter today.
>>
>> Thanks
>>
>> -- Jeanfrancois
>>
>>
>>
>>>
>>>
>>> Regards,
>>>
>>> Florent
>>>
>>>
>>>
>>> Full stack trace :
>>> at
>>> java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:12004-03-04
>>> 15:57:44,646 : StandardManager.stop : Stopping
>>> 2004-03-04 15:57:44,648 : StandardManager.doUnload : Unloading
>>> persisted sessions
>>> 2004-03-04 15:57:44,649 : StandardManager.doUnload : Saving
>>> persisted sessions to SESSIONS.ser
>>> 2004-03-04 15:57:44,650 : StandardManager.doUnload : Unloading 1
>>> sessions
>>> 2004-03-04 15:57:44,680 : ManagerBase.log : Cannot serialize session
>>> attribute javax.security.auth.subject for session
>>> E3EC3F36C2ECD4AF76D7ADC0D2533BEF
>>> java.io.NotSerializableException:
>>> org.apache.catalina.realm.GenericPrincipal.java:1054)
>>> at
>>> java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:278)
>>> at java.util.LinkedList.writeObject(LinkedList.java:685)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>
>>> at java.lang.reflect.Method.invoke(Method.java:324)
>>> at
>>> java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:809)
>>> at
>>> java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1296)
>>>
>>> at
>>> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1247)
>>>
>>> at
>>> java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052)
>>> at
>>> java.io.ObjectOutputStream.access$100(ObjectOutputStream.java:122)
>>> at
>>> java.io.ObjectOutputStream$PutFieldImpl.writeFields(ObjectOutputStream.java:1475)
>>>
>>> at
>>> java.io.ObjectOutputStream.writeFields(ObjectOutputStream.java:405)
>>> at
>>> javax.security.auth.Subject$SecureSet.writeObject(Subject.java:1288)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>
>>> at java.lang.reflect.Method.invoke(Method.java:324)
>>> at
>>> java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:809)
>>> at
>>> java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1296)
>>>
>>> at
>>> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1247)
>>>
>>> at
>>> java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052)
>>> at
>>> java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1332)
>>>
>>> at
>>> java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:367)
>>>
>>> at javax.security.auth.Subject.writeObject(Subject.java:910)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>
>>> at java.lang.reflect.Method.invoke(Method.java:324)
>>> at
>>> java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:809)
>>> at
>>> java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1296)
>>>
>>> at
>>> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1247)
>>>
>>> at
>>> java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052)
>>> at
>>> java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:278)
>>> at
>>> org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1446)
>>>
>>> at
>>> org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:937)
>>>
>>> at
>>> org.apache.catalina.session.StandardManager.doUnload(StandardManager.java:586)
>>>
>>> at
>>> org.apache.catalina.session.StandardManager$PrivilegedDoUnload.run(StandardManager.java:135)
>>>
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at
>>> org.apache.catalina.session.StandardManager.unload(StandardManager.java:521)
>>>
>>> at
>>> org.apache.catalina.session.StandardManager.stop(StandardManager.java:734)
>>>
>>> at
>>> org.apache.catalina.core.StandardContext.stop(StandardContext.java:4436)
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>
Re: Realm / GenericPrincipal class not serializable (With
SecurityManager)
Posted by Jeanfrancois Arcand <jf...@apache.org>.
Fixed.
Thanks
-- Jeanfrancois
Jeanfrancois Arcand wrote:
>
>
> Florent BENOIT wrote:
>
>> Hi all,
>>
>> I'm working with Tomcat 5.0.19 and with a SecurityManager and I have
>> a problem with an attribute which is not Serializable.
>>
>> The class which is not serializable is the class GenericPrincipal
>> from the package org.apache.catalina.realm.
>>
>> Note that I use an embedded version of Tomcat but i don't think the
>> problem come from this. I will explain the problem :
>>
>> I log into my application, then I do some actions. After this, I
>> remove the application. and I have this trace (full stack at the end
>> of the mail).
>>
>> 2004-03-04 15:57:44,646 : StandardManager.stop : Stopping
>> 2004-03-04 15:57:44,648 : StandardManager.doUnload : Unloading
>> persisted sessions
>> 2004-03-04 15:57:44,649 : StandardManager.doUnload : Saving persisted
>> sessions to SESSIONS.ser
>> 2004-03-04 15:57:44,650 : StandardManager.doUnload : Unloading 1
>> sessions
>> 2004-03-04 15:57:44,680 : ManagerBase.log : Cannot serialize session
>> attribute javax.security.auth.subject for session
>> E3EC3F36C2ECD4AF76D7ADC0D2533BEF
>> java.io.NotSerializableException:
>> org.apache.catalina.realm.GenericPrincipal
>>
>>
>> For example, in the class org.apache.coyote.tomcat5.CoyoteRequest,
>> there is a method :
>> public void setUserPrincipal(Principal principal) {
>>
>> If the SecurityManager is set, the Principal is added to the session :
>>
>> if (System.getSecurityManager() != null){
>> [...]
>> subject = new Subject();
>> subject.getPrincipals().add(principal); [...]
>> if (session != null){
>> session.setAttribute(Globals.SUBJECT_ATTR, subject);
>> }
>> }
>>
>>
>> The problem is that the principal object is not Serializable (Class
>> org.apache.catalina.realm.GenericPrincipal).
>> And some attributes of GenericPrincipallike the realm may not be
>> Serializable too.
>>
>> As I'm implementing my own realm, I can define a Principal
>> implementation which is Serializable But it will be fine if I can use
>> GenericPrincipal implementation if it is a serializable object.
>
>
> Hi,
>
> yes, it seems to be a bug. This particular attribute should not get
> serialized. I will take a look latter today.
>
> Thanks
>
> -- Jeanfrancois
>
>
>
>>
>>
>> Regards,
>>
>> Florent
>>
>>
>>
>> Full stack trace :
>> at
>> java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:12004-03-04
>> 15:57:44,646 : StandardManager.stop : Stopping
>> 2004-03-04 15:57:44,648 : StandardManager.doUnload : Unloading
>> persisted sessions
>> 2004-03-04 15:57:44,649 : StandardManager.doUnload : Saving persisted
>> sessions to SESSIONS.ser
>> 2004-03-04 15:57:44,650 : StandardManager.doUnload : Unloading 1
>> sessions
>> 2004-03-04 15:57:44,680 : ManagerBase.log : Cannot serialize session
>> attribute javax.security.auth.subject for session
>> E3EC3F36C2ECD4AF76D7ADC0D2533BEF
>> java.io.NotSerializableException:
>> org.apache.catalina.realm.GenericPrincipal.java:1054)
>> at
>> java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:278)
>> at java.util.LinkedList.writeObject(LinkedList.java:685)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>
>> at java.lang.reflect.Method.invoke(Method.java:324)
>> at
>> java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:809)
>> at
>> java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1296)
>> at
>> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1247)
>>
>> at
>> java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052)
>> at
>> java.io.ObjectOutputStream.access$100(ObjectOutputStream.java:122)
>> at
>> java.io.ObjectOutputStream$PutFieldImpl.writeFields(ObjectOutputStream.java:1475)
>>
>> at
>> java.io.ObjectOutputStream.writeFields(ObjectOutputStream.java:405)
>> at
>> javax.security.auth.Subject$SecureSet.writeObject(Subject.java:1288)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>
>> at java.lang.reflect.Method.invoke(Method.java:324)
>> at
>> java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:809)
>> at
>> java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1296)
>> at
>> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1247)
>>
>> at
>> java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052)
>> at
>> java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1332)
>>
>> at
>> java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:367)
>>
>> at javax.security.auth.Subject.writeObject(Subject.java:910)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>
>> at java.lang.reflect.Method.invoke(Method.java:324)
>> at
>> java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:809)
>> at
>> java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1296)
>> at
>> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1247)
>>
>> at
>> java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052)
>> at
>> java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:278)
>> at
>> org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1446)
>>
>> at
>> org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:937)
>>
>> at
>> org.apache.catalina.session.StandardManager.doUnload(StandardManager.java:586)
>>
>> at
>> org.apache.catalina.session.StandardManager$PrivilegedDoUnload.run(StandardManager.java:135)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>> at
>> org.apache.catalina.session.StandardManager.unload(StandardManager.java:521)
>>
>> at
>> org.apache.catalina.session.StandardManager.stop(StandardManager.java:734)
>>
>> at
>> org.apache.catalina.core.StandardContext.stop(StandardContext.java:4436)
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
Re: Realm / GenericPrincipal class not serializable (With
SecurityManager)
Posted by Jeanfrancois Arcand <jf...@apache.org>.
Florent BENOIT wrote:
> Hi all,
>
> I'm working with Tomcat 5.0.19 and with a SecurityManager and I have a
> problem with an attribute which is not Serializable.
>
> The class which is not serializable is the class GenericPrincipal from
> the package org.apache.catalina.realm.
>
> Note that I use an embedded version of Tomcat but i don't think the
> problem come from this. I will explain the problem :
>
> I log into my application, then I do some actions. After this, I
> remove the application. and I have this trace (full stack at the end
> of the mail).
>
> 2004-03-04 15:57:44,646 : StandardManager.stop : Stopping
> 2004-03-04 15:57:44,648 : StandardManager.doUnload : Unloading
> persisted sessions
> 2004-03-04 15:57:44,649 : StandardManager.doUnload : Saving persisted
> sessions to SESSIONS.ser
> 2004-03-04 15:57:44,650 : StandardManager.doUnload : Unloading 1 sessions
> 2004-03-04 15:57:44,680 : ManagerBase.log : Cannot serialize session
> attribute javax.security.auth.subject for session
> E3EC3F36C2ECD4AF76D7ADC0D2533BEF
> java.io.NotSerializableException:
> org.apache.catalina.realm.GenericPrincipal
>
>
> For example, in the class org.apache.coyote.tomcat5.CoyoteRequest,
> there is a method :
> public void setUserPrincipal(Principal principal) {
>
> If the SecurityManager is set, the Principal is added to the session :
>
> if (System.getSecurityManager() != null){
> [...]
> subject = new Subject();
> subject.getPrincipals().add(principal); [...]
> if (session != null){
> session.setAttribute(Globals.SUBJECT_ATTR, subject);
> }
> }
>
>
> The problem is that the principal object is not Serializable (Class
> org.apache.catalina.realm.GenericPrincipal).
> And some attributes of GenericPrincipallike the realm may not be
> Serializable too.
>
> As I'm implementing my own realm, I can define a Principal
> implementation which is Serializable But it will be fine if I can use
> GenericPrincipal implementation if it is a serializable object.
Hi,
yes, it seems to be a bug. This particular attribute should not get
serialized. I will take a look latter today.
Thanks
-- Jeanfrancois
>
>
> Regards,
>
> Florent
>
>
>
> Full stack trace :
> at
> java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:12004-03-04
> 15:57:44,646 : StandardManager.stop : Stopping
> 2004-03-04 15:57:44,648 : StandardManager.doUnload : Unloading
> persisted sessions
> 2004-03-04 15:57:44,649 : StandardManager.doUnload : Saving persisted
> sessions to SESSIONS.ser
> 2004-03-04 15:57:44,650 : StandardManager.doUnload : Unloading 1 sessions
> 2004-03-04 15:57:44,680 : ManagerBase.log : Cannot serialize session
> attribute javax.security.auth.subject for session
> E3EC3F36C2ECD4AF76D7ADC0D2533BEF
> java.io.NotSerializableException:
> org.apache.catalina.realm.GenericPrincipal.java:1054)
> at
> java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:278)
> at java.util.LinkedList.writeObject(LinkedList.java:685)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>
> at java.lang.reflect.Method.invoke(Method.java:324)
> at
> java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:809)
> at
> java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1296)
> at
> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1247)
>
> at
> java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052)
> at
> java.io.ObjectOutputStream.access$100(ObjectOutputStream.java:122)
> at
> java.io.ObjectOutputStream$PutFieldImpl.writeFields(ObjectOutputStream.java:1475)
>
> at
> java.io.ObjectOutputStream.writeFields(ObjectOutputStream.java:405)
> at
> javax.security.auth.Subject$SecureSet.writeObject(Subject.java:1288)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>
> at java.lang.reflect.Method.invoke(Method.java:324)
> at
> java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:809)
> at
> java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1296)
> at
> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1247)
>
> at
> java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052)
> at
> java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1332)
>
> at
> java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:367)
>
> at javax.security.auth.Subject.writeObject(Subject.java:910)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>
> at java.lang.reflect.Method.invoke(Method.java:324)
> at
> java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:809)
> at
> java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1296)
> at
> java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1247)
>
> at
> java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052)
> at
> java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:278)
> at
> org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1446)
>
> at
> org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:937)
>
> at
> org.apache.catalina.session.StandardManager.doUnload(StandardManager.java:586)
>
> at
> org.apache.catalina.session.StandardManager$PrivilegedDoUnload.run(StandardManager.java:135)
>
> at java.security.AccessController.doPrivileged(Native Method)
> at
> org.apache.catalina.session.StandardManager.unload(StandardManager.java:521)
>
> at
> org.apache.catalina.session.StandardManager.stop(StandardManager.java:734)
>
> at
> org.apache.catalina.core.StandardContext.stop(StandardContext.java:4436)
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org