Skip to content

Add Jackson Support for Objects stored in HttpSession #3736

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rwinch opened this issue Mar 9, 2016 · 15 comments
Closed

Add Jackson Support for Objects stored in HttpSession #3736

rwinch opened this issue Mar 9, 2016 · 15 comments
Assignees
@rwinch
Labels
in: cas An issue in spring-security-cas in: core An issue in spring-security-core in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Milestone
4.2.0 M1

Comments

@rwinch
Copy link
Member

rwinch commented Mar 9, 2016

It would be nice to provide custom serialization mechanism that uses Jackson for objects Spring Security places in session. This would make serializing much faster and ensure consistency when using things like Spring Session. Some of the interfaces (and classes) are:

  • SecurityContext (SecurityContextImpl)
  • Authentication (various implementations of it)
  • UserDetails (User)
  • CsrfToken (DefaultCsrfToken)
  • SavedRequest (DefaultSavedRequest)

We might also try to provide compression on the serialization. For example when UserDetails is the principal of an Authentication, we can derive a UsernamePasswordAuthenticationToken from the UserDetails and assume SecurityContextImpl is used.

UPDATE spring-projects/spring-session#434 has must of the support we would need for this feature. We may want to merge those changes into Spring Security
@rwinch rwinch added in: core An issue in spring-security-core type: enhancement A general enhancement labels Mar 9, 2016
@rwinch rwinch mentioned this issue Mar 18, 2016
Closed
@jeetmp3
Copy link
Contributor

jeetmp3 commented Mar 23, 2016

@rwinch as per my understanding, you want put serialized SecurityContext into session. i. e. Instead of storing whole SecurityContext object, a serialized json string will be stored in session. Please correct me if my understanding is wrong.

@rwinch
Copy link
Member Author

rwinch commented Mar 23, 2016

@jeetmp3 Thanks for reaching out! For now I would focus on ensuring we can serialize and deserialize any Spring Security objects that go into session with Jackson. This will help enable users to write hooks to serialize Spring Security with JSON. After that we can add hooks in Spring Security that uses the the serialization mechanisms.

@jeetmp3
Copy link
Contributor

jeetmp3 commented Mar 23, 2016

@rwinch For now only mix-in classes for Spring Security objects will be added right ?

@rwinch
Copy link
Member Author

rwinch commented Mar 23, 2016

@jeetmp3 Correct. Pretty much the work you have already done in the Spring Session Sample you added.

@jeetmp3
Copy link
Contributor

jeetmp3 commented Mar 23, 2016

@rwinch let me know when you verified those sample mixins, so that i can start adding those mixins classes into security.
PS Is there any specific package/module to add mix-ins?

@rwinch
Copy link
Member Author

rwinch commented Mar 23, 2016

Once again thank you for your contribution. I was able to verify the mixins and they look pretty good from my perspective.

  • Rather than having DummyServletRequest we should probably modify DefaultSavedRequest to support being built (perhaps using a builder) without the HttpServletRequest object. This should also allow removal of DummyHttpSession.
  • Some updates for the tests
    ** I'd change the tests to be a little more exact. Perhaps you can use something like JSONassert.
    ** We should have tests that verify the exact output of serializing each of the types. This will ensure that we do not change the way the objects are written
    ** We should have tests that verify the result of deserializing each objects
    ** You will need to use assertj to get the checkstyle to passs

@jeetmp3
Copy link
Contributor

jeetmp3 commented Mar 24, 2016

@rwinch thanks for the feedback! I'll start working on tests. Other then DefaultSavedRequest there is another class WebAuthenticationDetails which also use HttpServletRequest. I think we should also consider to modify this class too.

@jeetmp3
Copy link
Contributor

jeetmp3 commented Mar 29, 2016

@rwinch I've updated all the tests. Should we start merging these mix-ins into spring-security?

@rwinch
Copy link
Member Author

rwinch commented Mar 29, 2016

@jeetmp3 Thanks for the response! Yes I think we should try and get a separate Pull Request open for merging the Mixins. Thanks again for all your efforts with this :)

@jeetmp3
Copy link
Contributor

jeetmp3 commented Mar 29, 2016

@rwinch thanks for the quick response! Just wants to confirm, should i add these mix-ins in one specific module or in target class specific module ?

@rwinch
Copy link
Member Author

rwinch commented Mar 29, 2016

Here are my thoughts, but feedback welcome.

We should add them to the module that the class they serialize belongs to. For example DefaultCsrfTokenMixin would go into spring-security-web because that is where DefaultCsrfToken is.

I would place them within a package named base-package.jackson. For example, DefaultCsrfTokenMixin would be placed in org.springframework.security.web.jackson2 because the base package for spring-security-web is org.springframework.security.web.

@jeetmp3 jeetmp3 mentioned this issue Apr 14, 2016
Closed
1 task
@rwinch rwinch added in: cas An issue in spring-security-cas in: web An issue in web modules (web, webmvc) labels Sep 2, 2016
@rwinch rwinch added this to the 4.2.0 M1 milestone Sep 2, 2016
@rwinch rwinch self-assigned this Sep 2, 2016
rwinch pushed a commit that referenced this issue Sep 2, 2016
Polish constructor assertions
03d8904 
Previously the JSON modules didn't use Spring's Assert.

This commit changes the assertions to use Spring's Assert and does
some minor restructuring.

Issue gh-3736
rwinch pushed a commit that referenced this issue Sep 2, 2016
Polish JSON class scope
6d20037 
Use package scope when possible

Issue gh-3736
rwinch pushed a commit that referenced this issue Sep 2, 2016
Polish JSON warnings / javadoc
6f2b24a 
Issue gh-3736
rwinch pushed a commit that referenced this issue Sep 2, 2016
SimpleGrantedAuthorityMixin role->authority
c2d8ea9 
Issue gh-3736
rwinch pushed a commit that referenced this issue Sep 2, 2016
Polish SecurityJacksonModules
3fb77f3 
Issue gh-3736
* ClassLoader argument - this is required because we do not want to assume
the ClassLoader that should be used
* Clean up logging - logging is now at debug level because we don't expect
all of the modules are loaded (they are quite possibly off the ClassPath)
* Remove ObjectUtils as it was being used on methods that expect a
Collection or Array with non collection based objects
* Polish Javadoc warnings
rwinch pushed a commit that referenced this issue Sep 2, 2016
JSON UserDetails deserializes null
df613ed 
JSON UserDetails null use to be treated as "".

This changes null to be treated as a null

Issue gh-3736
rwinch pushed a commit that referenced this issue Sep 2, 2016
Remove MockitoJUnitRunner from JSON tests
d4c48dd 
Previously the JSON tests unnecessarily had MockitoJUnitRunner.

This commit removes MockitoJUnitRunner from the JSON tests.

Issue gh-3736
rwinch pushed a commit that referenced this issue Sep 2, 2016
Improve Readablility of JSON test strings
bd92531 
This improves the readability of the JSON strings used for
testing JSON serialize / deserialize of Spring Security

Issue gh-3736
rwinch pushed a commit that referenced this issue Sep 2, 2016
JSON tests ObjectMapper Cleanup
3531cc9 
* Move to @setup
* Consistently extend from AbstractMixinTests and reuse ObjectMapper

Issue gh-3736
rwinch pushed a commit that referenced this issue Sep 2, 2016
Polish Whitespace
8ad0003 
Issue gh-3736
@rwinch
Copy link
Member Author

rwinch commented Sep 2, 2016

Closed via #3812 (comment)

@rwinch rwinch closed this as completed Sep 2, 2016
rwinch pushed a commit that referenced this issue Sep 2, 2016
Fix checkstyle
92a59e0 
Issue gh-3736
@kazuki43zoo
Copy link
Contributor

kazuki43zoo commented Nov 5, 2016
edited
Loading

Hi @rwinch ,

I tried this feature on my application.
However, the PreAuthenticatedAuthenticationToken does not support. Can you support classes of the pre authentication feature ?

A following error is occurred when load a security context from a Redis server.

Whitelabel Error Page

This application has no explicit mapping for /error, so you are seeing this as a fallback.

Sat Nov 05 23:29:30 JST 2016
There was an unexpected error (type=Internal Server Error, status=500).
Could not read JSON: Can not construct instance of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?) at [Source: [B@66ab0465; line: 1, column: 196] (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"]); nested exception is com.fasterxml.jackson.databind.JsonMappingException: Can not construct instance of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?) at [Source: [B@66ab0465; line: 1, column: 196] (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"])

Log is:

2016-11-05 23:29:30.613 ERROR 17739 --- [nio-8080-exec-6] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception

org.springframework.data.redis.serializer.SerializationException: Could not read JSON: Can not construct instance of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?)
 at [Source: [B@66ab0465; line: 1, column: 196] (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"]); nested exception is com.fasterxml.jackson.databind.JsonMappingException: Can not construct instance of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?)
 at [Source: [B@66ab0465; line: 1, column: 196] (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"])
    at org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer.deserialize(GenericJackson2JsonRedisSerializer.java:119) ~[spring-data-redis-1.7.3.RELEASE.jar:na]
    at org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer.deserialize(GenericJackson2JsonRedisSerializer.java:98) ~[spring-data-redis-1.7.3.RELEASE.jar:na]
    at org.springframework.data.redis.core.AbstractOperations.deserializeHashValue(AbstractOperations.java:335) ~[spring-data-redis-1.7.3.RELEASE.jar:na]
    at org.springframework.data.redis.core.AbstractOperations.deserializeHashMap(AbstractOperations.java:279) ~[spring-data-redis-1.7.3.RELEASE.jar:na]
    at org.springframework.data.redis.core.DefaultHashOperations.entries(DefaultHashOperations.java:227) ~[spring-data-redis-1.7.3.RELEASE.jar:na]
    at org.springframework.data.redis.core.DefaultBoundHashOperations.entries(DefaultBoundHashOperations.java:102) ~[spring-data-redis-1.7.3.RELEASE.jar:na]
    at org.springframework.session.data.redis.RedisOperationsSessionRepository.getSession(RedisOperationsSessionRepository.java:432) ~[spring-session-1.2.2.RELEASE.jar:na]
    at org.springframework.session.data.redis.RedisOperationsSessionRepository.getSession(RedisOperationsSessionRepository.java:402) ~[spring-session-1.2.2.RELEASE.jar:na]
    at org.springframework.session.data.redis.RedisOperationsSessionRepository.getSession(RedisOperationsSessionRepository.java:245) ~[spring-session-1.2.2.RELEASE.jar:na]
    at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getSession(SessionRepositoryFilter.java:326) ~[spring-session-1.2.2.RELEASE.jar:na]
    at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getSession(SessionRepositoryFilter.java:343) ~[spring-session-1.2.2.RELEASE.jar:na]
    at org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper.getSession(SessionRepositoryFilter.java:214) ~[spring-session-1.2.2.RELEASE.jar:na]
    at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:231) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.springframework.security.web.context.HttpSessionSecurityContextRepository.loadContext(HttpSessionSecurityContextRepository.java:110) ~[spring-security-web-4.2.0.RC1.jar:4.2.0.RC1]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:100) ~[spring-security-web-4.2.0.RC1.jar:4.2.0.RC1]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.0.RC1.jar:4.2.0.RC1]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) ~[spring-security-web-4.2.0.RC1.jar:4.2.0.RC1]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.0.RC1.jar:4.2.0.RC1]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) ~[spring-security-web-4.2.0.RC1.jar:4.2.0.RC1]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) ~[spring-security-web-4.2.0.RC1.jar:4.2.0.RC1]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) ~[spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:89) ~[spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) ~[spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:164) ~[spring-session-1.2.2.RELEASE.jar:na]
    at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:80) ~[spring-session-1.2.2.RELEASE.jar:na]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at com.example.config.SecurityConfig$SsoUsernameStoringFilter.doFilterInternal(SecurityConfig.java:72) ~[classes/:na]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.3.RELEASE.jar:4.3.3.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) ~[tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108) [tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) [tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349) [tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:784) [tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:802) [tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1410) [tomcat-embed-core-8.5.5.jar:8.5.5]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.5.jar:8.5.5]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_102]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_102]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.5.jar:8.5.5]
    at java.lang.Thread.run(Thread.java:745) [na:1.8.0_102]
Caused by: com.fasterxml.jackson.databind.JsonMappingException: Can not construct instance of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken: no suitable constructor found, can not deserialize from Object value (missing default constructor or creator, or perhaps need to add/enable type information?)
 at [Source: [B@66ab0465; line: 1, column: 196] (through reference chain: org.springframework.security.core.context.SecurityContextImpl["authentication"])
    at com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:261) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.DeserializationContext.instantiationException(DeserializationContext.java:1456) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.DeserializationContext.handleMissingInstantiator(DeserializationContext.java:1012) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1203) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:314) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:183) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:150) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer._deserializeTypedForId(AsPropertyTypeDeserializer.java:129) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer.deserializeTypedFromObject(AsPropertyTypeDeserializer.java:97) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.deser.AbstractDeserializer.deserializeWithType(AbstractDeserializer.java:142) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.deser.SettableBeanProperty.deserialize(SettableBeanProperty.java:497) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.deser.impl.MethodProperty.deserializeAndSet(MethodProperty.java:101) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:276) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:178) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:150) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer._deserializeTypedForId(AsPropertyTypeDeserializer.java:129) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer.deserializeTypedFromObject(AsPropertyTypeDeserializer.java:97) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer.deserializeTypedFromAny(AsPropertyTypeDeserializer.java:174) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.deser.std.UntypedObjectDeserializer$Vanilla.deserializeWithType(UntypedObjectDeserializer.java:554) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.deser.impl.TypeWrappedDeserializer.deserialize(TypeWrappedDeserializer.java:63) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3789) ~[jackson-databind-2.8.3.jar:2.8.3]
    at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2920) ~[jackson-databind-2.8.3.jar:2.8.3]
    at org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer.deserialize(GenericJackson2JsonRedisSerializer.java:117) ~[spring-data-redis-1.7.3.RELEASE.jar:na]
    ... 64 common frames omitted

@rwinch
Copy link
Member Author

rwinch commented Nov 9, 2016

@kazuki43zoo Thanks for the report! I fixed this in #4120

@vpavic vpavic mentioned this issue Jan 30, 2017
Closed
@vpavic vpavic mentioned this issue Mar 7, 2018
Open
@pmop pmop mentioned this issue Mar 9, 2018
Open
@eleftherias eleftherias mentioned this issue Dec 4, 2020
Closed
@eleftherias eleftherias mentioned this issue Mar 22, 2021
Closed
@eleftherias eleftherias mentioned this issue Feb 8, 2022
Closed
@conghairui
Copy link

Can I modify SpringSecurityCoreVersion.SERIAL_VERSION_UID to make new and old versions compatible

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: cas An issue in spring-security-cas in: core An issue in spring-security-core in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement
Projects
None yet
Milestone
4.2.0 M1
Development

No branches or pull requests
4 participants
@rwinch @kazuki43zoo @jeetmp3 @conghairui