DMC/scipro
7
0
Fork 0
Code Issues30 Pull Requests3 Actions Projects1 Releases Wiki Activity

Make session serializable

Browse Source 
When re-deploying the application, or restarting Tomcat, it will attempt to serialize the active sessions to prevent users from getting logged out and losing in-progess work. This requires that all attributes that are stored in the session implement java.io.Serializable. Spring stores the entire security context in the session which includes a reference to the principal, and that principal may be of type "WicketControlledPrincipal" and it must therefore be serializable.
This commit is contained in:
Andreas Svanberg 2025-02-27 12:29:29 +01:00
parent e71aa8120c
commit f3eacbfda4
1 changed files with 2 additions and 1 deletions

3
war/src/main/java/se/su/dsv/scipro/war/CurrentUserFromSpringSecurity.java

@ -4,6 +4,7 @@ import jakarta.inject.Inject;
import jakarta.inject.Provider;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.Serializable;
import java.security.Principal;
import java.util.Collections;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@ -81,7 +82,7 @@ public class CurrentUserFromSpringSecurity implements AuthenticationContext {
return authentication.getName();
}
private static final class WicketControlledPrincipal implements Principal {
private static final class WicketControlledPrincipal implements Principal, Serializable {
private final String username;