无法为会话序列化会话属性 SPRING_SECURITY_CONTEXT
Posted
技术标签:
【中文标题】无法为会话序列化会话属性 SPRING_SECURITY_CONTEXT【英文标题】:Cannot serialize session attribute SPRING_SECURITY_CONTEXT for session 【发布时间】:2014-11-11 03:28:36 【问题描述】:环境:Tomcat 6、Java 6、Redis 和 spring security-3.1.4
我尝试通过将用户会话添加到 Redis 缓存来集群 tomcat。我已将 tomcat-redis-session-manager-1.2-tomcat-6.jar 和 jedis-2.0.0.jar 复制到 tomcat lib 并在配置下方添加到 tomcat context.xml。
一切正常。但是当我尝试登录系统时出现以下异常。
似乎有一个包含不可序列化属性的弹簧安全上下文属性。请帮助解决此问题。
context.xml
<Valve className="com.radiadesign.catalina.session.RedisSessionHandlerValve" />
<Manager className="com.radiadesign.catalina.session.RedisSessionManager"
host="127.0.0.1"
port="6379"
database="0"
maxInactiveInterval="60" />
org.apache.catalina.session.StandardSession writeObject
WARNING: Cannot serialize session attribute SPRING_SECURITY_CONTEXT for session DDB4A51B19CF042B227E312B546483EF
java.io.NotSerializableException: java.util.HashMap$KeySet
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1180)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1528)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1493)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1416)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1174)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1528)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1493)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1416)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1174)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1528)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1493)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1416)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1174)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1528)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1493)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1416)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1174)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:346)
at org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1561)
at org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:1004)
at com.radiadesign.catalina.session.JavaSerializer.serializeFrom(JavaSerializer.java:24)
at com.radiadesign.catalina.session.RedisSessionManager.save(RedisSessionManager.java:411)
at com.radiadesign.catalina.session.RedisSessionHandlerValve.storeOrRemoveSession(RedisSessionHandlerValve.java:39)
at com.radiadesign.catalina.session.RedisSessionHandlerValve.invoke(RedisSessionHandlerValve.java:27)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:554)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:636)
【问题讨论】:
请提供更多信息:您使用的是“库存”SecurityContext、Authentication、UserDetails 实例,还是自定义的 Spring Security 配置? 默认 SecurityContext , UsernamePasswordAuthenticationToken 和 CustomUserDetails 扩展 org.springframework.security.core.userdetails.User 实现 Serializable 您可以发布您的 CustomUserDetails 吗?也许它包含一些不可序列化的属性 嗨 gpeche,是的,你是正确的。有一个不可序列化的属性。感谢您的帮助和支持。 【参考方案1】:CustomUserDetails 类中有一个不可序列化的属性。
【讨论】:
它是:私有 Set以上是关于无法为会话序列化会话属性 SPRING_SECURITY_CONTEXT的主要内容,如果未能解决你的问题,请参考以下文章