迁移到Spring Security 4.1.0.RELEASE后还原会话对象

时间:2016-05-09 10:21:53

标签: google-app-engine spring-security

从Spring Security 4.0.x迁移到Spring Security 4.1.0.RELEASE后,由于SecurityContext不同,我无法从会话中恢复serialVersionUID

public class SecurityContextImpl implements SecurityContext {

    private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
...
}

异常:

Exception while loading session data
java.lang.RuntimeException: java.io.InvalidClassException: org.springframework.security.core.context.SecurityContextImpl; local class incompatible: stream classdesc serialVersionUID = 400, local class serialVersionUID = 410
    at com.google.apphosting.runtime.SessionManagerUtil.deserialize(SessionManagerUtil.java:58)
    at com.google.apphosting.runtime.DatastoreSessionStore.createSessionFromEntity(DatastoreSessionStore.java:58)
    at com.google.apphosting.runtime.DatastoreSessionStore.getSession(DatastoreSessionStore.java:85)
    at com.google.apphosting.runtime.jetty.SessionManager.loadSession(SessionManager.java:330)
    at com.google.apphosting.runtime.jetty.SessionManager.getSession(SessionManager.java:303)
    at org.mortbay.jetty.servlet.AbstractSessionManager.getHttpSession(AbstractSessionManager.java:237)
    at org.mortbay.jetty.servlet.SessionHandler.setRequestedId(SessionHandler.java:246)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:136)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:260)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
    at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
    at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:78)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:148)
    at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:468)
    at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:439)
    at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:446)
    at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:256)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:310)
    at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:302)
    at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:443)
    at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:235)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.InvalidClassException: org.springframework.security.core.context.SecurityContextImpl; local class incompatible: stream classdesc serialVersionUID = 400, local class serialVersionUID = 410
    at java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:617)
    at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1746)
    at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1630)
    at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1907)
    at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1462)
    at java.io.ObjectInputStream.readObject(ObjectInputStream.java:417)
    at java.util.HashMap.readObject(HashMap.java:1182)
    at sun.reflect.GeneratedMethodAccessor65.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1017)
    at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2040)
    at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1936)
    at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1462)
    at java.io.ObjectInputStream.readObject(ObjectInputStream.java:417)
    at com.google.apphosting.runtime.SessionManagerUtil.deserialize(SessionManagerUtil.java:56)
    ... 26 more

2 个答案:

答案 0 :(得分:2)

根据M. Deinum的建议,您无法在Spring安全更新的情况下恢复这些会话。必须清除它们才能再次正确使用会话。正如Igor建议的那样,您可以通过删除数据存储区中的_ah_SESSION实体来执行此操作。

答案 1 :(得分:1)

我遇到了同样的问题。就我而言,这是由于Web安全配置的XML架构版本。 

function test() {
    var str = "OTHER-REQUEST-ASFA",
        filenames = {
            "OTHER-REQUEST-ASF": "ASF",
            "OTHER-REQUEST-ASFA": "ASFA",
            "OTHER-REQUEST-ASFB": "ASFB",
            "OTHER-REQUEST-ASFC": "ASFC",
            "OTHER-REQUEST-ASFE": "ASFE" 
        },
        key;

    for (key in filenames) {
        if (key.indexOf(str) != -1) {
            console.log(filenames[key]);
        }
    }
}

test();

我将其设置为

后修复了 
http://www.springframework.org/schema/security/spring-security-4.0.xsd
相关问题
最新问题