Skip to content

Add Documentation About Serialization Between Minor Versions #14409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
marcusdacoregio opened this issue Jan 5, 2024 · 2 comments
Closed

Add Documentation About Serialization Between Minor Versions #14409

marcusdacoregio opened this issue Jan 5, 2024 · 2 comments
Assignees
@marcusdacoregio
Labels
type: task A general task
Milestone
6.3.0-M2

Comments

@marcusdacoregio
Copy link
Contributor

Documentation and maybe a blog post should be added for #3737
@marcusdacoregio marcusdacoregio added in: docs An issue in Documentation or samples type: enhancement A general enhancement labels Jan 5, 2024
@marcusdacoregio marcusdacoregio self-assigned this Jan 5, 2024
@marcusdacoregio marcusdacoregio added this to the 6.3.x milestone Jan 5, 2024
@marcusdacoregio marcusdacoregio mentioned this issue Jan 5, 2024
Closed
@marcusdacoregio marcusdacoregio changed the title Add Documentation for #3737 Add Documentation About Serialization Between Minor Versions Jan 5, 2024
@marcusdacoregio marcusdacoregio removed this from the 6.3.x milestone Jan 19, 2024
@marcusdacoregio marcusdacoregio added type: task A general task and removed in: docs An issue in Documentation or samples type: enhancement A general enhancement labels Jan 19, 2024
@marcusdacoregio
Copy link
Contributor Author

https://spring.io/blog/2024/01/19/spring-security-6-3-adds-passive-jdk-serialization-deserialization-for/

@marcusdacoregio marcusdacoregio added this to the 6.3.0-M2 milestone Jan 19, 2024
marcusdacoregio added a commit that referenced this issue Jan 31, 2024
@marcusdacoregio
Add Passive Serialization to What's New
6066245 
Issue gh-14409
@seabamirum
Copy link

seabamirum commented Jun 22, 2024
edited
Loading

For those who would like to upgrade to 6.3 but are still on 6.x versions before 6.2.0, you can use the custom ObjectInputStream solution provided by OrangeDog. If you're using Redis, implement your own Deserializer and pass it in to the JdkSerializationRedisSerializer constructor.

public class CustomObjectInputStream extends ObjectInputStream {

    public CustomObjectInputStream(InputStream in) throws IOException {
        super(in);
    }

    @Override
    protected ObjectStreamClass readClassDescriptor() throws IOException, ClassNotFoundException {
        ObjectStreamClass descriptor = super.readClassDescriptor();
        if (descriptor.getName().startsWith("org.springframework.security.")) {
            // Ignore the serialized version and use the current version instead
            return ObjectStreamClass.lookupAny(Class.forName(descriptor.getName()));
        } else {
            return descriptor;
        }
    }
}

public class CustomDeserializer implements Deserializer<Object> {

	@SuppressWarnings("resource")
	@Override
	public Object deserialize(InputStream inputStream) throws IOException 
	{		
		try
		{
			return new CustomObjectInputStream(inputStream).readObject();
		}
		catch (ClassNotFoundException ex) {
			throw new IOException("Failed to deserialize object type", ex);
		}
	}
}

@Bean
    JdkSerializationRedisSerializer springSessionDefaultRedisSerializer() {
        return new JdkSerializationRedisSerializer(new SerializingConverter(), new DeserializingConverter(new CustomDeserializer()));
    }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusdacoregio marcusdacoregio

Labels
type: task A general task
Projects
None yet
Milestone
6.3.0-M2
Development

No branches or pull requests
2 participants
@seabamirum @marcusdacoregio