From f3eacbfda415e6ba5bc0d9c0f1026699a1a5d36a Mon Sep 17 00:00:00 2001 From: Andreas Svanberg Date: Thu, 27 Feb 2025 12:29:29 +0100 Subject: [PATCH] Make session serializable When re-deploying the application, or restarting Tomcat, it will attempt to serialize the active sessions to prevent users from getting logged out and losing in-progess work. This requires that all attributes that are stored in the session implement java.io.Serializable. Spring stores the entire security context in the session which includes a reference to the principal, and that principal may be of type "WicketControlledPrincipal" and it must therefore be serializable. --- .../se/su/dsv/scipro/war/CurrentUserFromSpringSecurity.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/war/src/main/java/se/su/dsv/scipro/war/CurrentUserFromSpringSecurity.java b/war/src/main/java/se/su/dsv/scipro/war/CurrentUserFromSpringSecurity.java index 6f209f38aa..3d71fd12a3 100644 --- a/war/src/main/java/se/su/dsv/scipro/war/CurrentUserFromSpringSecurity.java +++ b/war/src/main/java/se/su/dsv/scipro/war/CurrentUserFromSpringSecurity.java @@ -4,6 +4,7 @@ import jakarta.inject.Inject; import jakarta.inject.Provider; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; +import java.io.Serializable; import java.security.Principal; import java.util.Collections; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; @@ -81,7 +82,7 @@ public class CurrentUserFromSpringSecurity implements AuthenticationContext { return authentication.getName(); } - private static final class WicketControlledPrincipal implements Principal { + private static final class WicketControlledPrincipal implements Principal, Serializable { private final String username; -- 2.39.5