请帮助我,我会详细解释我的问题。
我有一个使用Grails 2.3.5和以下插件的工作项目:
然后我升级到Grails 2.4.2,现在当我尝试登录时,我收到以下异常:
19:29:24,885[http-bio-8080-exec-11] WARN auth.MongoTokenStore Failed to deserialize authentication for aa40b31d-9654-47f0-a5f5-5bd369915b2f
java.lang.IllegalArgumentException: java.lang.ClassNotFoundException: org.springframework.security.core.authority.SimpleGrantedAuthority
at bets.auth.MongoTokenStore.deserializeAuthentication(MongoTokenStore.groovy:302)
at bets.auth.MongoTokenStore.readAuthenticationForRefreshToken(MongoTokenStore.groovy:183)
at bets.auth.MongoTokenStore.readAuthenticationForRefreshToken(MongoTokenStore.groovy:173)
at grails.plugin.cache.web.filter.PageFragmentCachingFilter.doFilter(PageFragmentCachingFilter.java:177)
at grails.plugin.cache.web.filter.AbstractFilter.doFilter(AbstractFilter.java:63)
at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53)
at grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter.doFilter(RequestHolderAuthenticationFilter.java:49)
at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:82)
at grails.plugin.springsecurity.web.filter.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:102)
at grails.plugin.springsecurity.web.filter.DebugFilter.doFilter(DebugFilter.java:69)
at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: java.lang.ClassNotFoundException: org.springframework.security.core.authority.SimpleGrantedAuthority
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at java.lang.Class.forName(Class.java:270)
at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:625)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1612)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1517)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1771)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1350)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:370)
at java.util.ArrayList.readObject(ArrayList.java:771)
at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1017)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1893)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1798)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1350)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1990)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1915)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1798)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1350)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1990)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1915)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1798)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1350)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:370)
... 14 more
MongoTokenStore是对 org.springframework.security.oauth2.provider.token.TokenStore 的重写 这是引起异常的行:
protected OAuth2Authentication deserializeAuthentication(byte[] authentication) {
return SerializationUtils.deserialize(authentication)
}
这是我的依赖报告:
Starting process on User-MacBook-Pro-3.local/10.0.1.9
Loading Grails 2.4.2
|Configuring classpath
.
|Environment set to development
.
runtime - Dependencies needed at runtime but not for compilation (total: 137)
+--- org.codehaus.groovy:groovy-all:2.3.3
+--- org.grails:grails-plugin-rest:2.4.2
| \--- org.slf4j:jcl-over-slf4j:1.7.5
| \--- org.slf4j:slf4j-api:1.7.5
| \--- com.google.code.gson:gson:2.2.4
| \--- org.grails:grails-web:2.4.2
| \--- org.grails:grails-web-common:2.4.2
| \--- org.springframework:spring-webmvc:4.0.5.RELEASE
| \--- org.springframework:spring-context-support:4.0.5.RELEASE
| \--- org.grails:grails-databinding:2.4.2
| \--- org.grails:grails-web-url-mappings:2.4.2
| \--- org.grails:grails-web-fileupload:2.4.2
| \--- commons-fileupload:commons-fileupload:1.3.1
| \--- commons-io:commons-io:2.2
| \--- org.grails:grails-web-gsp:2.4.2
| \--- org.springframework:spring-aspects:4.0.5.RELEASE
| \--- org.grails:grails-web-mvc:2.4.2
| \--- org.grails:grails-web-sitemesh:2.4.2
| \--- opensymphony:sitemesh:2.4
| \--- org.grails:grails-web-databinding:2.4.2
| \--- org.grails:grails-web-jsp:2.4.2
| \--- org.aspectj:aspectjweaver:1.8.0
| \--- org.aspectj:aspectjrt:1.8.0
| \--- org.grails:grails-plugin-controllers:2.4.2
| \--- org.grails:grails-plugin-validation:2.4.2
| \--- org.grails:grails-plugin-datasource:2.4.2
| \--- org.apache.tomcat.embed:tomcat-embed-logging-log4j:7.0.50
| \--- org.apache.tomcat:tomcat-jdbc:7.0.50
| \--- org.apache.tomcat:tomcat-juli:7.0.50
+--- org.grails:grails-plugin-databinding:2.4.2
| \--- org.grails:grails-core:2.4.2
| \--- xalan:serializer:2.7.1
| \--- org.grails:grails-spring:2.4.2
| \--- org.grails:grails-bootstrap:2.4.2
| \--- org.hibernate.javax.persistence:hibernate-jpa-2.1-api:1.0.0.Final
+--- org.grails:grails-plugin-i18n:2.4.2
| \--- commons-lang:commons-lang:2.6
+--- org.grails:grails-plugin-filters:2.4.2
+--- org.grails:grails-plugin-gsp:2.4.2
| \--- org.grails:grails-web-gsp-taglib:2.4.2
| \--- org.grails:grails-plugin-codecs:2.4.2
| \--- org.grails:grails-encoder:2.4.2
| \--- org.springframework:spring-web:4.0.5.RELEASE
| \--- org.grails:grails-logging:2.4.2
+--- org.grails:grails-plugin-log4j:2.4.2
| \--- org.slf4j:jul-to-slf4j:1.7.5
+--- org.grails:grails-plugin-services:2.4.2
| \--- org.springframework:spring-tx:4.0.5.RELEASE
+--- org.grails:grails-plugin-servlets:2.4.2
+--- org.grails:grails-plugin-url-mappings:2.4.2
| \--- com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:1.4
| \--- org.grails:grails-validation:2.4.2
| \--- commons-validator:commons-validator:1.4.0
+--- org.grails:grails-plugin-async:2.4.2
| \--- org.grails:grails-async:2.4.2
| \--- org.codehaus.gpars:gpars:1.2.1
| \--- org.codehaus.jsr166-mirror:jsr166y:1.7.0
+--- com.h2database:h2:1.3.176
+--- log4j:log4j:1.2.17
+--- org.grails:grails-resources:2.4.2
+--- org.springframework:spring-context:4.0.5.RELEASE
| \--- org.springframework:spring-core:4.0.5.RELEASE
| \--- org.springframework:spring-expression:4.0.5.RELEASE
+--- org.springframework:spring-beans:4.0.5.RELEASE
+--- org.springframework:spring-aop:4.0.5.RELEASE
| \--- aopalliance:aopalliance:1.0
+--- org.springframework:spring-jdbc:4.0.5.RELEASE
+--- org.apache.httpcomponents:httpclient:4.3.2
| \--- org.apache.httpcomponents:httpcore:4.3.1
| \--- commons-logging:commons-logging:1.1.3
+--- commons-codec:commons-codec:1.9
+--- org.codehaus.groovy.modules.http-builder:http-builder:0.7
| \--- net.sf.json-lib:json-lib:2.3
| \--- commons-beanutils:commons-beanutils:1.8.0
| \--- net.sf.ezmorph:ezmorph:1.0.6
| \--- net.sourceforge.nekohtml:nekohtml:1.9.16
| \--- xerces:xercesImpl:2.9.1
| \--- xml-apis:xml-apis:1.3.04
| \--- xml-resolver:xml-resolver:1.2
+--- org.apache.commons:commons-lang3:3.1
+--- mx.openpay:openpay-api-client:1.0.2
| \--- org.apache.httpcomponents:httpmime:4.3.2
| \--- org.apache.httpcomponents:httpclient-cache:4.3.2
| \--- org.apache.httpcomponents:fluent-hc:4.3.2
+--- org.grails.plugins:scaffolding:2.1.2
+--- org.grails.plugins:asset-pipeline:1.8.11
| \--- org.mozilla:rhino:1.7R4
| \--- org.grails.plugins:webxml:1.4.1
+--- org.grails.plugins:cache:1.1.7
| \--- org.javassist:javassist:3.17.1-GA
+--- org.grails.plugins:hibernate:3.6.10.16
| \--- org.hibernate:hibernate-ehcache:3.6.10.Final
| \--- net.sf.ehcache:ehcache-core:2.4.8
| \--- org.grails:grails-datastore-core:3.1.1.RELEASE
| \--- javax.transaction:jta:1.1
| \--- org.grails:grails-datastore-gorm:3.1.1.RELEASE
| \--- org.grails:grails-datastore-gorm-hibernate:3.1.1.RELEASE
| \--- org.grails:grails-datastore-gorm-hibernate-core:3.1.1.RELEASE
| \--- antlr:antlr:2.7.7
| \--- dom4j:dom4j:1.6.1
| \--- org.springframework:spring-orm:4.0.5.RELEASE
| \--- org.grails:grails-datastore-simple:3.1.1.RELEASE
| \--- commons-collections:commons-collections:3.2.1
| \--- org.hibernate:hibernate-core:3.6.10.Final
| \--- javax.validation:validation-api:1.0.0.GA
| \--- org.hibernate:hibernate-validator:4.1.0.Final
| \--- org.hibernate:hibernate-entitymanager:3.6.10.Final
| \--- cglib:cglib:2.2
| \--- asm:asm:3.1
| \--- org.hibernate:hibernate-commons-annotations:3.2.0.Final
+--- org.grails.plugins:database-migration:1.4.0
| \--- org.liquibase:liquibase-core:2.0.5
+--- org.grails.plugins:mongodb:3.0.1
| \--- org.grails:grails-datastore-gorm-mongodb:3.0.1.RELEASE
| \--- org.springframework.data:spring-data-mongodb:1.4.1.RELEASE
| \--- org.springframework.data:spring-data-commons:1.7.1.RELEASE
| \--- com.gmongo:gmongo:1.2
| \--- org.mongodb:mongo-java-driver:2.12.0
| \--- org.grails:grails-datastore-gorm-plugin-support:3.1.0.RELEASE
| \--- org.grails:grails-datastore-web:3.1.0.RELEASE
+--- org.grails.plugins:spring-security-core:2.0-RC4
| \--- org.springframework.security:spring-security-core:3.2.3.RELEASE
| \--- org.springframework.security:spring-security-web:3.2.3.RELEASE
+--- org.grails.plugins:spring-security-oauth2-provider:1.0.5.2
| \--- org.springframework.security.oauth:spring-security-oauth2:1.0.5.RELEASE
| \--- org.codehaus.jackson:jackson-mapper-asl:1.9.2
| \--- org.codehaus.jackson:jackson-core-asl:1.9.2
+--- org.grails.plugins:facebook-sdk:0.6.4
| \--- com.restfb:restfb:1.6.14
+--- org.grails.plugins:cors:1.1.5
+--- org.grails.plugins:mail:1.0.6
| \--- com.sun.mail:javax.mail:1.5.1
| \--- javax.activation:activation:1.1
| \--- javax.mail:javax.mail-api:1.5.1
"缺少"班级是春天 - 安全 - 核心:3.2.3.RELEASE所以我不明白,是吗?
如果您需要任何其他信息,请告诉我。
提前非常感谢你!
答案 0 :(得分:1)
我遇到了同样的问题。我假设你的SerializationUtils.deserialize()方法使用标准的ObjectInputStream.readObject()方法?我做了,当我逐步完成反序列化代码时,我注意到它切换了类加载器。
尝试使用Apache Commons ClassLoaderObjectInputStream,它允许您指定类加载器(当前线程上的类加载器):
import org.apache.commons.io.input.ClassLoaderObjectInputStream;
...
static Object deserialize(byte[] serializedObject) throws IOException, ClassNotFoundException {
return new ClassLoaderObjectInputStream(Thread.currentThread().getContextClassLoader(),
new ByteArrayInputStream(serializedObject)).readObject();
}
或者(如Spring Security OAuth2提供程序插件中所示):
OAuth2Authentication deserialize(byte[] authentication) {
new ByteArrayInputStream(authentication).withObjectInputStream(getClass().classLoader) { ois ->
ois.readObject() as OAuth2Authentication
}
}