[jira] [Updated] (TOMEE-4222) @LoginToContinue JSR-375 (JavaEE Security API) causes IllegalArgumentException

Jonathan S. Fisher (Jira) Thu, 08 Jun 2023 08:01:07 -0700


     [ 
https://issues.apache.org/jira/browse/TOMEE-4222?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jonathan S. Fisher updated TOMEE-4222:
--------------------------------------
    Description: 
Given the following configuration:

{{@CustomFormAuthenticationMechanismDefinition(
  loginToContinue = @LoginToContinue(loginPage = "/login", useForwardToLogin = 
true))
@FacesConfig
@ApplicationScoped
public class ApplicationConfig {
}}}

An exception will be thrown:

{{
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute 
[org.apache.tomee.security.request.original]
    
org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1430)
    
org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1386)
    
org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:136)
    
org.apache.tomee.security.http.LoginToContinueMechanism.saveRequest(LoginToContinueMechanism.java:90)
    
org.apache.tomee.security.cdi.LoginToContinueInterceptor.processContainerInitiatedAuthentication(LoginToContinueInterceptor.java:132)
    
org.apache.tomee.security.cdi.LoginToContinueInterceptor.validateRequest(LoginToContinueInterceptor.java:78)
    
org.apache.tomee.security.cdi.LoginToContinueInterceptor.intercept(LoginToContinueInterceptor.java:63)
}}

This is beacuse {{SavedAuthentication}} and {{SavedRequest}} do not implement 
{{Serializable}}

  was:
Given the following configuration:

{{
@CustomFormAuthenticationMechanismDefinition(
  loginToContinue = @LoginToContinue(loginPage = "/login", useForwardToLogin = 
true))
@FacesConfig
@ApplicationScoped
public class ApplicationConfig {
}
}}

An exception will be thrown:

{{
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute 
[org.apache.tomee.security.request.original]
    
org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1430)
    
org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1386)
    
org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:136)
    
org.apache.tomee.security.http.LoginToContinueMechanism.saveRequest(LoginToContinueMechanism.java:90)
    
org.apache.tomee.security.cdi.LoginToContinueInterceptor.processContainerInitiatedAuthentication(LoginToContinueInterceptor.java:132)
    
org.apache.tomee.security.cdi.LoginToContinueInterceptor.validateRequest(LoginToContinueInterceptor.java:78)
    
org.apache.tomee.security.cdi.LoginToContinueInterceptor.intercept(LoginToContinueInterceptor.java:63)
}}

This is beacuse {{SavedAuthentication}} and {{SavedRequest}} do not implement 
{{Serializable}}


> @LoginToContinue JSR-375 (JavaEE Security API) causes IllegalArgumentException
> ------------------------------------------------------------------------------
>
>                 Key: TOMEE-4222
>                 URL: https://issues.apache.org/jira/browse/TOMEE-4222
>             Project: TomEE
>          Issue Type: Bug
>          Components: TomEE Core Server
>    Affects Versions: 8.0.14, 8.0.15
>            Reporter: Jonathan S. Fisher
>            Assignee: Jonathan S. Fisher
>            Priority: Minor
>
> Given the following configuration:
> {{@CustomFormAuthenticationMechanismDefinition(
>   loginToContinue = @LoginToContinue(loginPage = "/login", useForwardToLogin 
> = true))
> @FacesConfig
> @ApplicationScoped
> public class ApplicationConfig {
> }}}
> An exception will be thrown:
> {{
> java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute 
> [org.apache.tomee.security.request.original]
>     
> org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1430)
>     
> org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1386)
>     
> org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:136)
>     
> org.apache.tomee.security.http.LoginToContinueMechanism.saveRequest(LoginToContinueMechanism.java:90)
>     
> org.apache.tomee.security.cdi.LoginToContinueInterceptor.processContainerInitiatedAuthentication(LoginToContinueInterceptor.java:132)
>     
> org.apache.tomee.security.cdi.LoginToContinueInterceptor.validateRequest(LoginToContinueInterceptor.java:78)
>     
> org.apache.tomee.security.cdi.LoginToContinueInterceptor.intercept(LoginToContinueInterceptor.java:63)
> }}
> This is beacuse {{SavedAuthentication}} and {{SavedRequest}} do not implement 
> {{Serializable}}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (TOMEE-4222) @LoginToContinue JSR-375 (JavaEE Security API) causes IllegalArgumentException

Reply via email to