You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sessions from inside a webapp using a custom Principal cannot be deserialized because the wrong ClassLoader gets used implicitly using the ObjectInputStream in TranscoderService#deserializePrincipal.
See this Stracktrace:
java.lang.ClassNotFoundException: org.example.CustomPrincipal
at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:476)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:589)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
at java.base/java.lang.Class.forName0(Native Method)
at java.base/java.lang.Class.forName(Class.java:398)
at java.base/java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:756)
at java.base/java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1997)
at java.base/java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1864)
at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2195)
at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1681)
at java.base/java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2490)
at java.base/java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2384)
at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2222)
at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1681)
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:493)
at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:451)
at de.javakaffee.web.msm.MemcachedBackupSessionManager.readPrincipal(MemcachedBackupSessionManager.java:895)
at de.javakaffee.web.msm.TranscoderService.deserializePrincipal(TranscoderService.java:365)
... 67 more
Sessions from inside a webapp using a custom Principal cannot be deserialized because the wrong ClassLoader gets used implicitly using the ObjectInputStream in TranscoderService#deserializePrincipal.
See this Stracktrace:
A CustomObjectInputStream (as used with the actual session attributes) should be used instead with the correct ClassLoader.
The text was updated successfully, but these errors were encountered: