Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: EE-4.3.0.GA_P04, EE-3.3.0.GA_P10
-
Fix Version/s: EE-3.3.0.GA_P11
-
Component/s: Framework
-
Labels:None
-
Environment:Java 5
Description
When using HTTP session persistence and replication the web server needs to serialise and deserialise the objects stored into the session map.
It turns out that org.icefaces.impl.application.WindowScopeManager class has a static field that is deserialised, but the field is not Serializable or Externalizable.
Static fields are never serialised but they can be deserialised if the filed is initialised while the class loads.
It turns out that org.icefaces.impl.application.WindowScopeManager class has a static field that is deserialised, but the field is not Serializable or Externalizable.
Static fields are never serialised but they can be deserialised if the filed is initialised while the class loads.
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion
| Field | Original Value | New Value |
|---|---|---|
| Description |
When using HTTP session persistence and replication the web server needs to serialise and deserialise the objects stored into the session map.
It turns out that {{org.icefaces.impl.application.WindowScopeManager}} class has a static field that is deserialised, but the field is not {{Serializable}} or {{Externalizable}}. Static fields are never serialised but they can be deserialised if the filed is initialised while the class loads. {code} WARNING: Session Attribute [org.icefaces.impl.application.WindowScopeManager] for session [7289AC7947D06E75009E8F1BC336A213] cannot be serialized java.io.NotSerializableException: org.icefaces.impl.application.TimeBasedWindowScopeTracker at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184) at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548) at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178) at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348) at java.util.HashMap.internalWriteEntries(HashMap.java:1817) at java.util.HashMap.writeObject(HashMap.java:1364) at sun.reflect.GeneratedMethodAccessor183.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:1154) at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1496) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178) at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348) at org.icefaces.impl.application.WindowScopeManager$State.writeExternal(WindowScopeManager.java:338) at java.io.ObjectOutputStream.writeExternalData(ObjectOutputStream.java:1459) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1430) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178) at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348) at org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1700) at org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:1092) at com.p7s1.moso.redissessionstore.RedisStore.serializeSession(RedisStore.java:267) at com.p7s1.moso.redissessionstore.RedisStore.save(RedisStore.java:193) at com.p7s1.moso.redissessionstore.RedisSessionManager.processEndAccessEvent(RedisSessionManager.java:164) at com.p7s1.moso.redissessionstore.RedisSessionManager.sessionEvent(RedisSessionManager.java:149) at org.apache.catalina.session.StandardSession.fireSessionEvent(StandardSession.java:1808) at com.p7s1.moso.redissessionstore.RedisSession.endAccess(RedisSession.java:29) at org.apache.catalina.connector.Request.recycleSessionInfo(Request.java:561) at org.apache.catalina.connector.Request.recycle(Request.java:510) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:525) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1195) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:654) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:319) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:750) Jan 30, 2023 5:07:54 PM org.apache.catalina.session.StandardSession readObject WARNUNG: Cannot deserialize session attribute [org.icefaces.impl.application.WindowScopeManager] for session [863045793C65D0BCE40EBA1EAC7DB917] {code} |
When using HTTP session persistence and replication the web server needs to serialise and deserialise the objects stored into the session map.
It turns out that org.icefaces.impl.application.WindowScopeManager class has a static field that is deserialised, but the field is not Serializable or Externalizable. Static fields are never serialised but they can be deserialised if the filed is initialised while the class loads. |
| Fix Version/s | EE-3.3.0.GA_P11 [ 14074 ] |
| Status | Open [ 1 ] | Resolved [ 5 ] |
| Resolution | Fixed [ 1 ] |