ClassNotFoundException:SimpleGrantedAuthority - Grails 2.4.2和Spring Security

时间:2014-07-22 00:37:16

标签: spring grails spring-security oauth-2.0 grails-plugin

请帮助我,我会详细解释我的问题。

我有一个使用Grails 2.3.5和以下插件的工作项目:

  • Spring security core 2.0-RC
  • Spring security oauth2 provider 1.0.5.2

然后我升级到Grails 2.4.2,现在当我尝试登录时,我收到以下异常:

    19:29:24,885[http-bio-8080-exec-11] WARN auth.MongoTokenStore Failed to deserialize authentication for aa40b31d-9654-47f0-a5f5-5bd369915b2f
java.lang.IllegalArgumentException: java.lang.ClassNotFoundException: org.springframework.security.core.authority.SimpleGrantedAuthority
    at bets.auth.MongoTokenStore.deserializeAuthentication(MongoTokenStore.groovy:302)
    at bets.auth.MongoTokenStore.readAuthenticationForRefreshToken(MongoTokenStore.groovy:183)
    at bets.auth.MongoTokenStore.readAuthenticationForRefreshToken(MongoTokenStore.groovy:173)
    at grails.plugin.cache.web.filter.PageFragmentCachingFilter.doFilter(PageFragmentCachingFilter.java:177)
    at grails.plugin.cache.web.filter.AbstractFilter.doFilter(AbstractFilter.java:63)
    at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
    at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:49)
    at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:82)
    at grails.plugin.springsecurity.web.filter.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:102)
    at grails.plugin.springsecurity.web.filter.DebugFilter.doFilter(DebugFilter.java:69)
    at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:744)
Caused by: java.lang.ClassNotFoundException: org.springframework.security.core.authority.SimpleGrantedAuthority
    at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
    at java.lang.Class.forName(Class.java:270)
    at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:625)
    at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1612)
    at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1517)
    at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1771)
    at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1350)
    at java.io.ObjectInputStream.readObject(ObjectInputStream.java:370)
    at java.util.ArrayList.readObject(ArrayList.java:771)
    at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1017)
    at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1893)
    at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1798)
    at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1350)
    at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1990)
    at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1915)
    at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1798)
    at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1350)
    at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1990)
    at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1915)
    at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1798)
    at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1350)
    at java.io.ObjectInputStream.readObject(ObjectInputStream.java:370)
    ... 14 more

MongoTokenStore是对 org.springframework.security.oauth2.provider.token.TokenStore 的重写 这是引起异常的行:

protected OAuth2Authentication deserializeAuthentication(byte[] authentication) {
    return SerializationUtils.deserialize(authentication)
}

这是我的依赖报告:

Starting process on User-MacBook-Pro-3.local/10.0.1.9
Loading Grails 2.4.2
|Configuring classpath
.
|Environment set to development
.
runtime - Dependencies needed at runtime but not for compilation (total: 137)
+--- org.codehaus.groovy:groovy-all:2.3.3
+--- org.grails:grails-plugin-rest:2.4.2
|    \--- org.slf4j:jcl-over-slf4j:1.7.5
|    \--- org.slf4j:slf4j-api:1.7.5
|    \--- com.google.code.gson:gson:2.2.4
|    \--- org.grails:grails-web:2.4.2
|         \--- org.grails:grails-web-common:2.4.2
|              \--- org.springframework:spring-webmvc:4.0.5.RELEASE
|              \--- org.springframework:spring-context-support:4.0.5.RELEASE
|              \--- org.grails:grails-databinding:2.4.2
|         \--- org.grails:grails-web-url-mappings:2.4.2
|         \--- org.grails:grails-web-fileupload:2.4.2
|              \--- commons-fileupload:commons-fileupload:1.3.1
|                   \--- commons-io:commons-io:2.2
|         \--- org.grails:grails-web-gsp:2.4.2
|         \--- org.springframework:spring-aspects:4.0.5.RELEASE
|         \--- org.grails:grails-web-mvc:2.4.2
|         \--- org.grails:grails-web-sitemesh:2.4.2
|              \--- opensymphony:sitemesh:2.4
|         \--- org.grails:grails-web-databinding:2.4.2
|         \--- org.grails:grails-web-jsp:2.4.2
|         \--- org.aspectj:aspectjweaver:1.8.0
|         \--- org.aspectj:aspectjrt:1.8.0
|    \--- org.grails:grails-plugin-controllers:2.4.2
|         \--- org.grails:grails-plugin-validation:2.4.2
|    \--- org.grails:grails-plugin-datasource:2.4.2
|         \--- org.apache.tomcat.embed:tomcat-embed-logging-log4j:7.0.50
|         \--- org.apache.tomcat:tomcat-jdbc:7.0.50
|              \--- org.apache.tomcat:tomcat-juli:7.0.50
+--- org.grails:grails-plugin-databinding:2.4.2
|    \--- org.grails:grails-core:2.4.2
|         \--- xalan:serializer:2.7.1
|         \--- org.grails:grails-spring:2.4.2
|         \--- org.grails:grails-bootstrap:2.4.2
|         \--- org.hibernate.javax.persistence:hibernate-jpa-2.1-api:1.0.0.Final
+--- org.grails:grails-plugin-i18n:2.4.2
|    \--- commons-lang:commons-lang:2.6
+--- org.grails:grails-plugin-filters:2.4.2
+--- org.grails:grails-plugin-gsp:2.4.2
|    \--- org.grails:grails-web-gsp-taglib:2.4.2
|    \--- org.grails:grails-plugin-codecs:2.4.2
|         \--- org.grails:grails-encoder:2.4.2
|              \--- org.springframework:spring-web:4.0.5.RELEASE
|    \--- org.grails:grails-logging:2.4.2
+--- org.grails:grails-plugin-log4j:2.4.2
|    \--- org.slf4j:jul-to-slf4j:1.7.5
+--- org.grails:grails-plugin-services:2.4.2
|    \--- org.springframework:spring-tx:4.0.5.RELEASE
+--- org.grails:grails-plugin-servlets:2.4.2
+--- org.grails:grails-plugin-url-mappings:2.4.2
|    \--- com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:1.4
|    \--- org.grails:grails-validation:2.4.2
|         \--- commons-validator:commons-validator:1.4.0
+--- org.grails:grails-plugin-async:2.4.2
|    \--- org.grails:grails-async:2.4.2
|         \--- org.codehaus.gpars:gpars:1.2.1
|              \--- org.codehaus.jsr166-mirror:jsr166y:1.7.0
+--- com.h2database:h2:1.3.176
+--- log4j:log4j:1.2.17
+--- org.grails:grails-resources:2.4.2
+--- org.springframework:spring-context:4.0.5.RELEASE
|    \--- org.springframework:spring-core:4.0.5.RELEASE
|    \--- org.springframework:spring-expression:4.0.5.RELEASE
+--- org.springframework:spring-beans:4.0.5.RELEASE
+--- org.springframework:spring-aop:4.0.5.RELEASE
|    \--- aopalliance:aopalliance:1.0
+--- org.springframework:spring-jdbc:4.0.5.RELEASE
+--- org.apache.httpcomponents:httpclient:4.3.2
|    \--- org.apache.httpcomponents:httpcore:4.3.1
|    \--- commons-logging:commons-logging:1.1.3
+--- commons-codec:commons-codec:1.9
+--- org.codehaus.groovy.modules.http-builder:http-builder:0.7
|    \--- net.sf.json-lib:json-lib:2.3
|         \--- commons-beanutils:commons-beanutils:1.8.0
|         \--- net.sf.ezmorph:ezmorph:1.0.6
|    \--- net.sourceforge.nekohtml:nekohtml:1.9.16
|         \--- xerces:xercesImpl:2.9.1
|              \--- xml-apis:xml-apis:1.3.04
|    \--- xml-resolver:xml-resolver:1.2
+--- org.apache.commons:commons-lang3:3.1
+--- mx.openpay:openpay-api-client:1.0.2
|    \--- org.apache.httpcomponents:httpmime:4.3.2
|    \--- org.apache.httpcomponents:httpclient-cache:4.3.2
|    \--- org.apache.httpcomponents:fluent-hc:4.3.2
+--- org.grails.plugins:scaffolding:2.1.2
+--- org.grails.plugins:asset-pipeline:1.8.11
|    \--- org.mozilla:rhino:1.7R4
|    \--- org.grails.plugins:webxml:1.4.1
+--- org.grails.plugins:cache:1.1.7
|    \--- org.javassist:javassist:3.17.1-GA
+--- org.grails.plugins:hibernate:3.6.10.16
|    \--- org.hibernate:hibernate-ehcache:3.6.10.Final
|    \--- net.sf.ehcache:ehcache-core:2.4.8
|    \--- org.grails:grails-datastore-core:3.1.1.RELEASE
|         \--- javax.transaction:jta:1.1
|    \--- org.grails:grails-datastore-gorm:3.1.1.RELEASE
|    \--- org.grails:grails-datastore-gorm-hibernate:3.1.1.RELEASE
|         \--- org.grails:grails-datastore-gorm-hibernate-core:3.1.1.RELEASE
|              \--- antlr:antlr:2.7.7
|              \--- dom4j:dom4j:1.6.1
|              \--- org.springframework:spring-orm:4.0.5.RELEASE
|    \--- org.grails:grails-datastore-simple:3.1.1.RELEASE
|    \--- commons-collections:commons-collections:3.2.1
|    \--- org.hibernate:hibernate-core:3.6.10.Final
|    \--- javax.validation:validation-api:1.0.0.GA
|    \--- org.hibernate:hibernate-validator:4.1.0.Final
|    \--- org.hibernate:hibernate-entitymanager:3.6.10.Final
|         \--- cglib:cglib:2.2
|              \--- asm:asm:3.1
|    \--- org.hibernate:hibernate-commons-annotations:3.2.0.Final
+--- org.grails.plugins:database-migration:1.4.0
|    \--- org.liquibase:liquibase-core:2.0.5
+--- org.grails.plugins:mongodb:3.0.1
|    \--- org.grails:grails-datastore-gorm-mongodb:3.0.1.RELEASE
|         \--- org.springframework.data:spring-data-mongodb:1.4.1.RELEASE
|              \--- org.springframework.data:spring-data-commons:1.7.1.RELEASE
|         \--- com.gmongo:gmongo:1.2
|         \--- org.mongodb:mongo-java-driver:2.12.0
|    \--- org.grails:grails-datastore-gorm-plugin-support:3.1.0.RELEASE
|    \--- org.grails:grails-datastore-web:3.1.0.RELEASE
+--- org.grails.plugins:spring-security-core:2.0-RC4
|    \--- org.springframework.security:spring-security-core:3.2.3.RELEASE
|    \--- org.springframework.security:spring-security-web:3.2.3.RELEASE
+--- org.grails.plugins:spring-security-oauth2-provider:1.0.5.2
|    \--- org.springframework.security.oauth:spring-security-oauth2:1.0.5.RELEASE
|         \--- org.codehaus.jackson:jackson-mapper-asl:1.9.2
|              \--- org.codehaus.jackson:jackson-core-asl:1.9.2
+--- org.grails.plugins:facebook-sdk:0.6.4
|    \--- com.restfb:restfb:1.6.14
+--- org.grails.plugins:cors:1.1.5
+--- org.grails.plugins:mail:1.0.6
|    \--- com.sun.mail:javax.mail:1.5.1
|         \--- javax.activation:activation:1.1
|    \--- javax.mail:javax.mail-api:1.5.1

"缺少"班级是春天 - 安全 - 核心:3.2.3.RELEASE所以我不明白,是吗?

如果您需要任何其他信息,请告诉我。

提前非常感谢你!

1 个答案:

答案 0 :(得分:1)

我遇到了同样的问题。我假设你的SerializationUtils.deserialize()方法使用标准的ObjectInputStream.readObject()方法?我做了,当我逐步完成反序列化代码时,我注意到它切换了类加载器。

尝试使用Apache Commons ClassLoaderObjectInputStream,它允许您指定类加载器(当前线程上的类加载器):

import org.apache.commons.io.input.ClassLoaderObjectInputStream;
...
static Object deserialize(byte[] serializedObject) throws IOException, ClassNotFoundException {
    return new ClassLoaderObjectInputStream(Thread.currentThread().getContextClassLoader(),
            new ByteArrayInputStream(serializedObject)).readObject();
}

或者(如Spring Security OAuth2提供程序插件中所示):

OAuth2Authentication deserialize(byte[] authentication) {
    new ByteArrayInputStream(authentication).withObjectInputStream(getClass().classLoader) { ois ->
        ois.readObject() as OAuth2Authentication
    }
}