4

I have a Spring Cloud-based application running on multiple spring-boot servers. All servers share the same Spring Session using @EnableRedisHttpSession.

I now want to integrate a third party widget into my application. Working with the third party, I was able to get initial configuration running, but I'm failing when the third party tries to access the Redis Session data. This is because I am using Spring 4 and the third party uses Spring 3.2. I cannot upgrade the third party's Spring version.

The exception is:

org.springframework.data.redis.serializer.SerializationException: Cannot deserialize; nested exception is     
    org.springframework.core.serializer.support.SerializationFailedException:     
Failed to deserialize payload. Is the byte array a result of corresponding     serialization for DefaultDeserializer?; nested exception is     
java.io.InvalidClassException:     org.springframework.security.core.context.SecurityContextImpl; local class     incompatible: stream classdesc serialVersionUID = 400, local class     serialVersionUID = 320
Caused by: java.io.InvalidClassException: 
org.springframework.security.core.context.SecurityContextImpl; local class incompatible: stream classdesc serialVersionUID = 400, local class serialVersionUID = 320
at java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:616) ~[na:1.8.0_66]
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1623) ~[na:1.8.0_66]
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1518) ~[na:1.8.0_66]    
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1774) ~[na:1.8.0_66]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1351) ~[na:1.8.0_66]
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:371) ~[na:1.8.0_66]
at org.springframework.core.serializer.DefaultDeserializer.deserialize(DefaultDeserializer.java:41) ~[spring-core-4.0.6.RELEASE.jar:4.0.6.RELEASE]
at org.springframework.core.serializer.support.DeserializingConverter.convert(DeserializingConverter.java:59) ~[spring-core-4.0.6.RELEASE.jar:4.0.6.RELEASE]
... 66 common frames omitted

Is there any way to easily translate between the two versions?

odedia
  • 931
  • 2
  • 11
  • 27
  • Are you sure, your issue is due to incompatibility of Spring versions? Are you really deserializing exactly the same class you serialized before? – shobull Mar 30 '16 at 08:41
  • I would think so, based on the exception description. This is done behind the scenes by @EnableRedisHttpSession code. – odedia Mar 30 '16 at 21:41
  • I think you can achieve this by override the RedisSerializer to use a custom strategy that reads and writes your objects for your usecase. – Avis Jun 07 '16 at 16:43

1 Answers1

0

Some days ago i have also faced same issue when i was upgrading spring boot version from 2.2.1 to 2.2.6.

This issue was due to serialVersionUID which is present in SecurityContextImpl class. It has been changed between spring versions.

In your case it has been changed to 400 to 320 or vice-versa.

Resolution :

  1. Stop storing session on redis-server via setting property spring.session.store-type=none

  2. Use Jackson serialisation to avoid this type of issues in future version upgrades.

  3. Override implementation of SecurityContextImpl class. No need to do anything only serialVersionUID changes are sufficient.

Issue what i have faced

Adding a great reference for more details: https://github.com/spring-projects/spring-session/issues/1924

krishna k maurya
  • 47
  • 9