0

I'm running Grails 2.5.0 using the Spring Security Core plugin. The setup for Spring Security is as vanilla as it gets (no custom filters, providers, userdetails services, etc.).

We have tried to introduce Spring-Session with Redis by mimicking the configuration described here. As such, I have a resources.groovy that looks like this:

redisHttpSessionConfiguration(RedisHttpSessionConfiguration)
redisConnectionFactory(JedisConnectionFactory)

And a WebXmlConfig.groovy that looks something like this:

filterChainProxyDelegator.add = true
filterChainProxyDelegator.targetBeanName = "springSessionRepositoryFilter"
filterChainProxyDelegator.urlPattern = "/*"

When I log in, I can see in Redis that the session is being persisted. However, it appears that the first time the session information is retrieved again, the deserialization of it fails with a ClassNotFoundException:

org.springframework.data.redis.serializer.SerializationException: Cannot deserialize; nested exception is org.springframework.core.serializer.support.SerializationFailedException: Failed to deserialize payload. Is the byte array a result of corresponding serialization for DefaultDeserializer?; nested exception is org.springframework.core.NestedIOException: Failed to deserialize object type; nested exception is java.lang.ClassNotFoundException: org.springframework.security.core.authority.SimpleGrantedAuthority
  at org.springframework.data.redis.serializer.JdkSerializationRedisSerializer.deserialize(JdkSerializationRedisSerializer.java:41)
  at org.springframework.data.redis.core.AbstractOperations.deserializeHashValue(AbstractOperations.java:296)
  at org.springframework.data.redis.core.AbstractOperations.deserializeHashMap(AbstractOperations.java:257)
  at org.springframework.data.redis.core.DefaultHashOperations.entries(DefaultHashOperations.java:227)
  at org.springframework.data.redis.core.DefaultBoundHashOperations.entries(DefaultBoundHashOperations.java:101)
  at org.springframework.session.data.redis.RedisOperationsSessionRepository.getSession(RedisOperationsSessionRepository.java:233)
  at org.springframework.session.data.redis.RedisOperationsSessionRepository.getSession(RedisOperationsSessionRepository.java:220)
  at org.springframework.session.data.redis.RedisOperationsSessionRepository.getSession(RedisOperationsSessionRepository.java:141)
  at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getSession(SessionRepositoryFilter.java:276)
  at org.springframework.web.context.request.ServletRequestAttributes.updateAccessedSessionAttributes(ServletRequestAttributes.java:223)
  at org.springframework.web.context.request.AbstractRequestAttributes.requestCompleted(AbstractRequestAttributes.java:48)
  at org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequest.requestCompleted(GrailsWebRequest.java:131)
  at org.codehaus.groovy.grails.web.servlet.mvc.GrailsWebRequestFilter.doFilterInternal(GrailsWebRequestFilter.java:72)
  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
  at org.codehaus.groovy.grails.web.filters.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:67)
  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
  at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:125)
  at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:65)
  at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
  at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
  at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
  at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
  at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
  at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
  at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
  at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1721)
  at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1679)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
  at java.lang.Thread.run(Thread.java:744)
Caused by: org.springframework.core.serializer.support.SerializationFailedException: Failed to deserialize payload. Is the byte array a result of corresponding serialization for DefaultDeserializer?; nested exception is org.springframework.core.NestedIOException: Failed to deserialize object type; nested exception is java.lang.ClassNotFoundException: org.springframework.security.core.authority.SimpleGrantedAuthority
  at org.springframework.core.serializer.support.DeserializingConverter.convert(DeserializingConverter.java:64)
  at org.springframework.core.serializer.support.DeserializingConverter.convert(DeserializingConverter.java:34)
  at org.springframework.data.redis.serializer.JdkSerializationRedisSerializer.deserialize(JdkSerializationRedisSerializer.java:39)
  ... 44 more
Caused by: org.springframework.core.NestedIOException: Failed to deserialize object type; nested exception is java.lang.ClassNotFoundException: org.springframework.security.core.authority.SimpleGrantedAuthority
  at org.springframework.core.serializer.DefaultDeserializer.deserialize(DefaultDeserializer.java:44)
  at org.springframework.core.serializer.support.DeserializingConverter.convert(DeserializingConverter.java:59)
  ... 46 more

Any idea what might be causing this? All of my configurations are so plain that this really seems like the simplest case for this integration.

rmlan
  • 4,387
  • 2
  • 21
  • 28
  • Are there two applications reading the same session data? Is it the same application reading the session that wrote the session? What version of spring-security-web are you using in the application that is trying to read the session? Is it possible you have another session id in your browser history that is being used? Have you tried clearing all cookies or using a different browser? – Rob Winch Oct 31 '15 at 18:39
  • It is currently the exact same application reading the data that is writing it. The spring-security-web version being used is 3.2.7.RELEASE. I have verified that only one session exists in both Redis and my browser (clearing both, several times). – rmlan Nov 02 '15 at 19:30
  • how did you fix it? – sirdaiz May 03 '23 at 08:04

0 Answers0