[TOMEE-4222] @LoginToContinue JSR-375 (JavaEE Security API) causes IllegalArgumentException - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 8.0.14, 8.0.15, 9.0.0, 9.1.0
Fix Version/s: 10.0.0-M1, 8.0.16, 9.1.1
Component/s: TomEE Core Server
Labels:
None

Description

Given the following configuration:

@CustomFormAuthenticationMechanismDefinition(
loginToContinue = @LoginToContinue(loginPage = "/login", useForwardToLogin = true))
@FacesConfig
@ApplicationScoped
public class ApplicationConfig {
}

An exception will be thrown:

java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute [org.apache.tomee.security.request.original]
org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1430)
org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1386)
org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:136)
org.apache.tomee.security.http.LoginToContinueMechanism.saveRequest(LoginToContinueMechanism.java:90)
org.apache.tomee.security.cdi.LoginToContinueInterceptor.processContainerInitiatedAuthentication(LoginToContinueInterceptor.java:132)
org.apache.tomee.security.cdi.LoginToContinueInterceptor.validateRequest(LoginToContinueInterceptor.java:78)
org.apache.tomee.security.cdi.LoginToContinueInterceptor.intercept(LoginToContinueInterceptor.java:63)

This is beacuse SavedAuthentication and SavedRequest does not implement Serializable

Attachments

Issue Links

links to

GitHub Pull Request #1053

GitHub Pull Request #1054

GitHub Pull Request #1055

Activity

People

Assignee:: Jonathan S. Fisher

Reporter:: Jonathan S. Fisher

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Jun/23 14:59

Updated:: 12/Jun/23 08:10

Resolved:: 09/Jun/23 14:05

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 20m