[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16802172#comment-16802172 ] ASF subversion and git services commented on WW-4873: - Commit 5b0ec3400dc0777e6dfaeaded1e497ace710e5ff in struts's branch refs/heads/struts-2-5-x from JCgH4164838Gh792C124B5 [ https://gitbox.apache.org/repos/asf?p=struts.git;h=5b0ec34 ] Fix issue introduced with earlier WW-4873 fix: - Fixes error 500 processing failures for double-submit results with TokenSessionStoreInterceptor processing - Fix to InvocationSessionStore, new unit test confirming fix in InvocationSessionStoreTest - Minor whitespace fix to TokenSessionStoreInterceptor > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum >Assignee: Yasser Zamani >Priority: Major > Fix For: 2.5.16 > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293742#comment-16293742 ] Hudson commented on WW-4873: SUCCESS: Integrated in Jenkins build Struts-master-JDK7 #74 (See [https://builds.apache.org/job/Struts-master-JDK7/74/]) WW-4873 Makes ActionInvocation not serializable (yasserzamani: rev 4738d1d80228f86da880ed207294349566a260a2) * (edit) plugins/dwr/src/main/java/org/apache/struts2/validators/DWRValidator.java * (edit) core/src/main/java/com/opensymphony/xwork2/ActionInvocation.java * (edit) plugins/sitemesh/src/main/java/org/apache/struts2/sitemesh/OldDecorator2NewStrutsDecorator.java * (edit) plugins/rest/src/main/java/org/apache/struts2/rest/RestActionInvocation.java * (edit) core/src/main/java/org/apache/struts2/util/InvocationSessionStore.java * (edit) core/src/test/java/com/opensymphony/xwork2/spring/interceptor/TestActionInvocation.java * (edit) plugins/json/src/test/java/org/apache/struts2/json/JSONInterceptorTest.java * (edit) core/src/main/java/com/opensymphony/xwork2/DefaultActionInvocation.java * (edit) core/src/main/java/com/opensymphony/xwork2/mock/MockActionInvocation.java * (edit) core/src/test/java/com/opensymphony/xwork2/DefaultActionInvocationTest.java WW-4873 Makes InvocationSessionStore$InvocationContext transient (yasserzamani: rev 2941416a1832393a25a9bb823f5763fc7851da23) * (edit) core/src/main/java/org/apache/struts2/util/InvocationSessionStore.java * (edit) core/src/test/java/org/apache/struts2/util/InvocationSessionStoreTest.java > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum >Assignee: Yasser Zamani > Fix For: 2.5.15 > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293733#comment-16293733 ] ASF subversion and git services commented on WW-4873: - Commit 8b608e334aecdce558e9d98531e3ffa8c5538905 in struts's branch refs/heads/master from [~lukaszlenart] [ https://gitbox.apache.org/repos/asf?p=struts.git;h=8b608e3 ] Merge pull request #192 from yasserzamani/WW-4873_2 WW-4873 Makes ActionInvocation not serializable and InvocationSessionStore$InvocationContext transient > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum >Assignee: Yasser Zamani > Fix For: 2.5.15 > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293732#comment-16293732 ] ASF subversion and git services commented on WW-4873: - Commit 2941416a1832393a25a9bb823f5763fc7851da23 in struts's branch refs/heads/master from [~yasser.zamani] [ https://gitbox.apache.org/repos/asf?p=struts.git;h=2941416 ] WW-4873 Makes InvocationSessionStore$InvocationContext transient > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum >Assignee: Yasser Zamani > Fix For: 2.5.15 > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293734#comment-16293734 ] ASF subversion and git services commented on WW-4873: - Commit 8b608e334aecdce558e9d98531e3ffa8c5538905 in struts's branch refs/heads/master from [~lukaszlenart] [ https://gitbox.apache.org/repos/asf?p=struts.git;h=8b608e3 ] Merge pull request #192 from yasserzamani/WW-4873_2 WW-4873 Makes ActionInvocation not serializable and InvocationSessionStore$InvocationContext transient > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum >Assignee: Yasser Zamani > Fix For: 2.5.15 > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293731#comment-16293731 ] ASF subversion and git services commented on WW-4873: - Commit 4738d1d80228f86da880ed207294349566a260a2 in struts's branch refs/heads/master from [~yasser.zamani] [ https://gitbox.apache.org/repos/asf?p=struts.git;h=4738d1d ] WW-4873 Makes ActionInvocation not serializable > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum >Assignee: Yasser Zamani > Fix For: 2.5.15 > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16290497#comment-16290497 ] ASF GitHub Bot commented on WW-4873: yasserzamani opened a new pull request #192: WW-4873 Makes ActionInvocation not serializable and InvocationSessionStore$InvocationContext transient URL: https://github.com/apache/struts/pull/192 ⚠️ For simpler review, please review each commit separately. ❓ Why `serialize` and `deserialize` methods of `ActionInvocation` deleted? `ActionInvocation` is a large complex object which contains request, response, container, value stack and action context. It's hard to maintain it serializable e.g. user may want to store a private not serializable object in action. And It's not a good practice ([CWE-579: J2EE Bad Practices: Non-serializable Object Stored in Session](https://cwe.mitre.org/data/definitions/579.html)). ℹ️ I know I also deleted `that.container = actionContext.getContainer();` (replacing restored invocation container with current container) with `ActionInvocation.deserialize` method. I saw it's not needed and even it's better for restored default invocation to work with itself stored container to keep consistency. Anyway currently it's really not needed because only `TokenSessionStoreInterceptor` uses it and it only passes the invocation to result and result is not aware about `DefaultActionInvocation` (only knows `ActionInvocation`): ```java if ((result != null) && (savedInvocation.getProxy().getExecuteResult())) { result.execute(savedInvocation); } ``` This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum >Assignee: Yasser Zamani > Fix For: 2.5.15 > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16279104#comment-16279104 ] Yasser Zamani commented on WW-4873: --- [~ekane], I reviewed {{ExecuteAndWaitInterceptor}} and seems has this bug when session goes to being serialized in middle of an background process. Could you please file a new issue here then we will have it in monitor and you can track the resolution there. Thank you very much for your report. > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum >Assignee: Yasser Zamani > Fix For: 2.6 > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16279077#comment-16279077 ] Erica Kane commented on WW-4873: We are having a very similar issue with the ExecuteAndWait interceptor, which may be related. It gives us java.io.NotSerializableException: com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector I have extensive details posted at [Stack Overflow|https://stackoverflow.com/questions/47660913/struts2-notserializableexception-occurs-with-executeandwaitinterceptor]. > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum >Assignee: Yasser Zamani > Fix For: 2.6 > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16270252#comment-16270252 ] ASF GitHub Bot commented on WW-4873: yasserzamani opened a new pull request #188: WW-4873 Removes request and response from DefaultActionInvocation whe… URL: https://github.com/apache/struts/pull/188 …n serializes This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum >Assignee: Yasser Zamani > Fix For: 2.5.x > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16247720#comment-16247720 ] Yasser Zamani commented on WW-4873: --- {quote} I assume it needs to stay in there for as long as it takes for the interceptor to run across every potential request using the same session. {quote} No, not at all! I found all usages of {{InvocationSessionStore}} and is only used in {{TokenSessionStoreInterceptor}} and it's {{loadInvocation()}} method is only used in {{handleInvalidToken()}} method. So, {{ActionContext.getContext().getSession().get("org.apache.struts2.util.InvocationSessionStore.invocationMap")}} is only used when user posted token is not valid (e.g. someone else tries a CSRF attack) and Struts returns previous result. When you delete it, Struts simply returns {{invalid.token}}. So the conclusion is, the difference only occurs when user posts a not valid token (usually does not occur except on security attacks or duplicated posts) and the difference is Struts returns {{invalid.token}} instead of previous executed result. It seems no any very bad thing occurs. > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum > Fix For: 2.5.x > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16247556#comment-16247556 ] Michael Hum commented on WW-4873: - [~yasser.zamani] Can definitely try that but I'm not 100% sure how that works with websphere or if we control when it tries to serialize the session. Will have to look into that. I can try and play with it though. When would be a safe time to try and remove it do you think? I assume it needs to stay in there for as long as it takes for the interceptor to run across every potential request using the same session. > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum > Fix For: 2.5.x > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16247128#comment-16247128 ] Yasser Zamani commented on WW-4873: --- [~MichaelHum], As a workaround until the resolution, I think you can {{ActionContext.getContext().getSession().remove("org.apache.struts2.util.InvocationSessionStore.invocationMap")}} before your serialization :) > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum > Fix For: 2.5.x > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16245916#comment-16245916 ] Yasser Zamani commented on WW-4873: --- Hello [~MichaelHum], You were right. {{StrutsRequestWrapper}} extends {{HttpServletRequestWrapper}} from provided servlet api, and, that is not intended and expected to being serializable at all in servlet api. This is Strut's failure that stores an instance of it in session and disables user to have a sticky sessions. Please give us some time to see what we can do with it to fix it :) > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum > Fix For: 2.5.14 > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16245734#comment-16245734 ] Michael Hum commented on WW-4873: - Hi [~yasser.zamani], it seems that websphere doesn't store the stack trace when this occurs. I can reproduce the issue in my local development environment that uses tomcat though. We enable an interceptor in our development environments to catch serialization issues (in the stack trace it is TestSerializationInterceptor) that attempts to serialize each attribute in the HttpSession: {code:java} 2017-11-09T09:21:54,215 - Failed to serialize session after invoking AddSurveyAction. Exception(s): Root object = [org.apache.struts2.util.InvocationSessionStore.invocationMap, java.util.HashMap] java.io.NotSerializableException: org.apache.struts2.dispatcher.StrutsRequestWrapper at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184) at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548) at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178) at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348) at java.util.HashMap.internalWriteEntries(HashMap.java:1777) at java.util.HashMap.writeObject(HashMap.java:1354) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1028) at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1496) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178) at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548) at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178) at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548) at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178) at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348) at java.util.HashMap.internalWriteEntries(HashMap.java:1777) at java.util.HashMap.writeObject(HashMap.java:1354) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1028) at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1496) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178) at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348) at ca.statcan.icos.web.session.TestSerialization.verify(TestSerialization.java:73) at ca.statcan.icos.struts2.interceptor.TestSerializationInterceptor.test(TestSerializationInterceptor.java:80) at ca.statcan.icos.struts2.interceptor.TestSerializationInterceptor.lambda$intercept$0(TestSerializationInterceptor.java:52) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:267) at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:260) at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:52) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at org.apache.struts2.json.JSONInterceptor.intercept(JSONInterceptor.java:185) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:247) at
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16243499#comment-16243499 ] Yasser Zamani commented on WW-4873: --- [~MichaelHum], do you have the complete stack trace especially it's {{caused by}}s? > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum > Fix For: 2.5.14 > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16214883#comment-16214883 ] Lukasz Lenart commented on WW-4873: --- Hm... but {{ServletRequest}} supposed to be serialisable, maybe it's just a case of turning {{StrutsRequestWrapper}} into a serializable bean > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum > Fix For: 2.5.14 > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16212606#comment-16212606 ] Michael Hum commented on WW-4873: - It looks like there are quite a number of entries in the ActionContext that aren't serializable. The serialize/deserialize logic of the invocation seems to only be handling the container. > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum > Fix For: 2.5.14 > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (WW-4873) NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper
[ https://issues.apache.org/jira/browse/WW-4873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16211252#comment-16211252 ] Aleksandr Mashchenko commented on WW-4873: -- {{HttpServletRequest}} in {{ActionContext}}? Can you show where? > NotSerializableException - org.apache.struts2.dispatcher.StrutsRequestWrapper > - > > Key: WW-4873 > URL: https://issues.apache.org/jira/browse/WW-4873 > Project: Struts 2 > Issue Type: Bug >Affects Versions: 2.5.13 >Reporter: Michael Hum > Fix For: 2.5.14 > > > We are attempting to test session replication on our websphere servers but > run into the given error when websphere tries to serialize the session. > {code} > [10/18/17 10:33:38:094 EDT] 0335 WASSessionE MTMBuffWrapper getBytes > write object exception. e= java.io.NotSerializableException: > org.apache.struts2.dispatcher.StrutsRequestWrapper > {code} > It appears the ActionInvocation stores the ActionContext which stores the > offending property: com.opensymphony.xwork2.dispatcher.HttpServletRequest --> > StrutsRequestWrapper > After a little digging we narrowed it down to our use of the > TokenSessionStoreInterceptor which stores the value in the session and uses > it to redirect the failed request to the original one. Is this > intended/expected? Or is there no requirement that the contents in the > session be serializable - in which case we would have to look to our own > solution. -- This message was sent by Atlassian JIRA (v6.4.14#64029)