-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Serialization error when using LDAP authentication and user entered wrong password #685
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
I second this issue. I'm using Spring Session for JDBC sessions and I get a serialization failure when it tries to serialize the BadCredentials exception for storage in the session. I'm using the ActiveDirectoryLdapAuthenticationProvider. |
Bump, this is still an issue |
This is actually a Spring Security issue as there's not much we can do from Spring Session side. If standard Java serialization is used, everything that goes into session has to implement There was a similar issue (see #1013) reported recently for Jackson serialization, and was addressed in spring-projects/spring-security#5087. |
@vpavic but the link for some reason (am I reading it wrong) gives zero information on resolving the issue. through research it seems that i need to add a Mixin, but i'm searching around for examples and am not finding anything that seems to apply.. is there any way to enable a global whitelist of everything? this is an internal application without any suspicion of malicious activity |
@iKrushYou You should really be reporting this to Spring Security as it provides support for Jackson based JSON serialization via appropriate mixins. When you do so, feel free to update this issue with link to Spring Security issue you created. |
@vpavic thanks for the response. What about the error message itself? Specifically this part "If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin." How can I 'provide an explicit mapping using Jackson annotations' |
I'm closing this as answered - @iKrushYou please report this to Spring Security, as suggested before. |
I am using Spring Security with LDAP (well Active Directory to be precise) and when the user enters a wrong password, with Spring Session enabled, with Redis, we get a serialization error.
Been also mentioned on StackOverflow: http://stackoverflow.com/questions/32751094/spring-boot-with-session-redis-serialization-error-with-bad-active-directory-lda
Using Spring Session 1.2.2.RELEASE
The text was updated successfully, but these errors were encountered: