Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: EE-4.3.0.GA_P04, EE-3.3.0.GA_P10
-
Fix Version/s: EE-3.3.0.GA_P11
-
Component/s: Framework
-
Labels:None
-
Environment:Java 5
Description
When using HTTP session persistence and replication the web server needs to serialise and deserialise the objects stored into the session map.
It turns out that org.icefaces.impl.application.WindowScopeManager class has a static field that is deserialised, but the field is not Serializable or Externalizable.
Static fields are never serialised but they can be deserialised if the filed is initialised while the class loads.
It turns out that org.icefaces.impl.application.WindowScopeManager class has a static field that is deserialised, but the field is not Serializable or Externalizable.
Static fields are never serialised but they can be deserialised if the filed is initialised while the class loads.
Activity
| Field | Original Value | New Value |
|---|---|---|
| Description |
When using HTTP session persistence and replication the web server needs to serialise and deserialise the objects stored into the session map.
It turns out that {{org.icefaces.impl.application.WindowScopeManager}} class has a static field that is deserialised, but the field is not {{Serializable}} or {{Externalizable}}. Static fields are never serialised but they can be deserialised if the filed is initialised while the class loads. {code} WARNING: Session Attribute [org.icefaces.impl.application.WindowScopeManager] for session [7289AC7947D06E75009E8F1BC336A213] cannot be serialized java.io.NotSerializableException: org.icefaces.impl.application.TimeBasedWindowScopeTracker at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184) at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548) at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178) at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348) at java.util.HashMap.internalWriteEntries(HashMap.java:1817) at java.util.HashMap.writeObject(HashMap.java:1364) at sun.reflect.GeneratedMethodAccessor183.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1154) at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1496) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178) at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348) at org.icefaces.impl.application.WindowScopeManager$State.writeExternal(WindowScopeManager.java:338) at java.io.ObjectOutputStream.writeExternalData(ObjectOutputStream.java:1459) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1430) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178) at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348) at org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1700) at org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:1092) at com.p7s1.moso.redissessionstore.RedisStore.serializeSession(RedisStore.java:267) at com.p7s1.moso.redissessionstore.RedisStore.save(RedisStore.java:193) at com.p7s1.moso.redissessionstore.RedisSessionManager.processEndAccessEvent(RedisSessionManager.java:164) at com.p7s1.moso.redissessionstore.RedisSessionManager.sessionEvent(RedisSessionManager.java:149) at org.apache.catalina.session.StandardSession.fireSessionEvent(StandardSession.java:1808) at com.p7s1.moso.redissessionstore.RedisSession.endAccess(RedisSession.java:29) at org.apache.catalina.connector.Request.recycleSessionInfo(Request.java:561) at org.apache.catalina.connector.Request.recycle(Request.java:510) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:525) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1195) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:654) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:319) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:750) Jan 30, 2023 5:07:54 PM org.apache.catalina.session.StandardSession readObject WARNUNG: Cannot deserialize session attribute [org.icefaces.impl.application.WindowScopeManager] for session [863045793C65D0BCE40EBA1EAC7DB917] {code} |
When using HTTP session persistence and replication the web server needs to serialise and deserialise the objects stored into the session map.
It turns out that org.icefaces.impl.application.WindowScopeManager class has a static field that is deserialised, but the field is not Serializable or Externalizable. Static fields are never serialised but they can be deserialised if the filed is initialised while the class loads. |
Hide
Mircea Toma
added a comment - - edited
Permalink
Show
Mircea Toma
added a comment - - edited
WARNUNG: Cannot deserialize session attribute [org.icefaces.impl.application.WindowScopeManager] for session [863045793C65D0BCE40EBA1EAC7DB917]
java.io.NotSerializableException: org.icefaces.impl.application.TimeBasedWindowScopeTracker
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348)
at java.util.HashMap.internalWriteEntries(HashMap.java:1817)
at java.util.HashMap.writeObject(HashMap.java:1364)
at sun.reflect.GeneratedMethodAccessor183.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1154)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1496)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348)
at org.icefaces.impl.application.WindowScopeManager$State.writeExternal(WindowScopeManager.java:338)
at java.io.ObjectOutputStream.writeExternalData(ObjectOutputStream.java:1459)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1430)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348)
at org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1700)
at org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:1092)
at com.p7s1.moso.redissessionstore.RedisStore.serializeSession(RedisStore.java:267)
at com.p7s1.moso.redissessionstore.RedisStore.save(RedisStore.java:193)
at com.p7s1.moso.redissessionstore.RedisSessionManager.processEndAccessEvent(RedisSessionManager.java:164)
at com.p7s1.moso.redissessionstore.RedisSessionManager.sessionEvent(RedisSessionManager.java:149)
at org.apache.catalina.session.StandardSession.fireSessionEvent(StandardSession.java:1808)
at com.p7s1.moso.redissessionstore.RedisSession.endAccess(RedisSession.java:29)
at org.apache.catalina.connector.Request.recycleSessionInfo(Request.java:561)
at org.apache.catalina.connector.Request.recycle(Request.java:510)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:525)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1195)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:654)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:319)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang. Thread .run( Thread .java:750)
org.icefaces.impl.application.WindowScopeManager instances are not stored in the session and thus NotSerializableException shouldn't occur. Unfortunately the instances of the inner class org.icefaces.impl.application.WindowScopeManager.State are stored into the session. During object deserialisation the outer class needs to be loaded as well which triggers NotSerializableException when deserialising the static non-serialisable field.
Show
Mircea Toma
added a comment - - edited org.icefaces.impl.application.WindowScopeManager instances are not stored in the session and thus NotSerializableException shouldn't occur. Unfortunately the instances of the inner class org.icefaces.impl.application.WindowScopeManager.State are stored into the session. During object deserialisation the outer class needs to be loaded as well which triggers NotSerializableException when deserialising the static non-serialisable field.
Here's a detailed explanation for the reason why and when static fields are deserialised: https://javabeginnerstutorial.com/core-java-tutorial/transient-vs-static-variable-java/
Show
Mircea Toma
added a comment - Here's a detailed explanation for the reason why and when static fields are deserialised: https://javabeginnerstutorial.com/core-java-tutorial/transient-vs-static-variable-java/
| Fix Version/s | EE-3.3.0.GA_P11 [ 14074 ] |
A fix was implemented and sent to a couple of customers for evaluation.The fix solved their problem.
Show
Arturo Zambrano
added a comment - A fix was implemented and sent to a couple of customers for evaluation.The fix solved their problem.
| Status | Open [ 1 ] | Resolved [ 5 ] |
| Resolution | Fixed [ 1 ] |