I'm working with Tomcat 5.0.19 and with a SecurityManager and I have a problem with an attribute which is not Serializable.
The class which is not serializable is the class GenericPrincipal from the package org.apache.catalina.realm.
Note that I use an embedded version of Tomcat but i don't think the problem come from this. I will explain the problem :
I log into my application, then I do some actions. After this, I remove the application. and I have this trace (full stack at the end of the mail).
2004-03-04 15:57:44,646 : StandardManager.stop : Stopping
2004-03-04 15:57:44,648 : StandardManager.doUnload : Unloading persisted sessions
2004-03-04 15:57:44,649 : StandardManager.doUnload : Saving persisted sessions to SESSIONS.ser
2004-03-04 15:57:44,650 : StandardManager.doUnload : Unloading 1 sessions
2004-03-04 15:57:44,680 : ManagerBase.log : Cannot serialize session attribute javax.security.auth.subject for session E3EC3F36C2ECD4AF76D7ADC0D2533BEF
java.io.NotSerializableException: org.apache.catalina.realm.GenericPrincipal
For example, in the class org.apache.coyote.tomcat5.CoyoteRequest, there is a method :
public void setUserPrincipal(Principal principal) {
If the SecurityManager is set, the Principal is added to the session :
if (System.getSecurityManager() != null){
[...]
subject = new Subject();
subject.getPrincipals().add(principal); [...]
if (session != null){
session.setAttribute(Globals.SUBJECT_ATTR, subject);
}
}
The problem is that the principal object is not Serializable (Class org.apache.catalina.realm.GenericPrincipal).
And some attributes of GenericPrincipallike the realm may not be Serializable too.
As I'm implementing my own realm, I can define a Principal implementation which is Serializable But it will be fine if I can use GenericPrincipal implementation if it is a serializable object.
Regards,
Florent
Full stack trace :
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:12004-03-04 15:57:44,646 : StandardManager.stop : Stopping
2004-03-04 15:57:44,648 : StandardManager.doUnload : Unloading persisted sessions
2004-03-04 15:57:44,649 : StandardManager.doUnload : Saving persisted sessions to SESSIONS.ser
2004-03-04 15:57:44,650 : StandardManager.doUnload : Unloading 1 sessions
2004-03-04 15:57:44,680 : ManagerBase.log : Cannot serialize session attribute javax.security.auth.subject for session E3EC3F36C2ECD4AF76D7ADC0D2533BEF
java.io.NotSerializableException: org.apache.catalina.realm.GenericPrincipal.java:1054)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:278)
at java.util.LinkedList.writeObject(LinkedList.java:685)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:809)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1296)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1247)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052)
at java.io.ObjectOutputStream.access$100(ObjectOutputStream.java:122)
at java.io.ObjectOutputStream$PutFieldImpl.writeFields(ObjectOutputStream.java:1475)
at java.io.ObjectOutputStream.writeFields(ObjectOutputStream.java:405)
at javax.security.auth.Subject$SecureSet.writeObject(Subject.java:1288)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:809)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1296)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1247)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1332)
at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:367)
at javax.security.auth.Subject.writeObject(Subject.java:910)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:809)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1296)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1247)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:278)
at org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1446)
at org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:937)
at org.apache.catalina.session.StandardManager.doUnload(StandardManager.java:586)
at org.apache.catalina.session.StandardManager$PrivilegedDoUnload.run(StandardManager.java:135)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.session.StandardManager.unload(StandardManager.java:521)
at org.apache.catalina.session.StandardManager.stop(StandardManager.java:734)
at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4436)
smime.p7s
Description: S/MIME Cryptographic Signature
