Upgraded spring boot to 2.3.2 #2498
Conversation
There was a problem hiding this comment.
When I started up the server and tried to access the home page it failed to load and this error was shown on the server.
org.springframework.data.redis.serializer.SerializationException: Cannot deserialize; nested exception is org.springframework.core.serializer.support.SerializationFailedException: Failed to deserialize payload. Is the byte array a result of corresponding serialization for DefaultDeserializer?; nested exception is java.io.InvalidClassException: org.springframework.security.core.context.SecurityContextImpl; local class incompatible: stream classdesc serialVersionUID = 520, local class serialVersionUID = 530
at org.springframework.data.redis.serializer.JdkSerializationRedisSerializer.deserialize(JdkSerializationRedisSerializer.java:84) ~[spring-data-redis-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at org.springframework.data.redis.core.AbstractOperations.deserializeHashValue(AbstractOperations.java:355) ~[spring-data-redis-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at org.springframework.data.redis.core.AbstractOperations.deserializeHashMap(AbstractOperations.java:299) ~[spring-data-redis-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at org.springframework.data.redis.core.DefaultHashOperations.entries(DefaultHashOperations.java:247) ~[spring-data-redis-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at org.springframework.data.redis.core.DefaultBoundHashOperations.entries(DefaultBoundHashOperations.java:183) ~[spring-data-redis-2.3.2.RELEASE.jar:2.3.2.RELEASE]
at org.springframework.session.data.redis.RedisIndexedSessionRepository.getSession(RedisIndexedSessionRepository.java:440) ~[spring-session-data-redis-2.3.0.RELEASE.jar:2.3.0.RELEASE]
at org.springframework.session.data.redis.RedisIndexedSessionRepository.findById(RedisIndexedSessionRepository.java:412) ~[spring-session-data-redis-2.3.0.RELEASE.jar:2.3.0.RELEASE]
at org.springframework.session.data.redis.RedisIndexedSessionRepository.findById(RedisIndexedSessionRepository.java:249) ~[spring-session-data-redis-2.3.0.RELEASE.jar:2.3.0.RELEASE]
I was able to fix the problem by clearing the Redis database by running
$ redis-cli
> flushall
This might not be a good solution on production because logged in users at the time would possibly lose their sessions. I found an alternative solution which was to modify
RedisConfig.java on line 53 I changed
redisTemplate.setValueSerializer(new GenericToStringSerializer<Object>(Object.class));
to
redisTemplate.setValueSerializer(new StringRedisSerializer());
I tested this by reverting back to Spring Boot 2.2.0 and using the GenericToStringSerializer. Then logging in as a teacher to generate values in the Redis database. Then I updated to Spring Boot 2.3.2 and changed to StringRedisSerializer. When I accessed the home page I no longer received the error and I could log in. Perhaps @breity should also test this out.
|
Thanks for catching this. It looks like the issue with serialization (non) compatibility across different versions is not a bug, but a deliberate policy spring-projects/spring-security#1945 The StringRedisSerializer fix does not work for me. I still get a 500 page with the error There is a work-around that is mentioned in the blog https://sadique.io/blog/2016/11/02/handling-deserialization-errors-in-spring-redis-sessions/, which deletes old sessions. So the solutions are either to flush all sessions, or implementing the work-around. We discussed and agreed on flushing the sessions. |
hirokiterashima
dismissed
geoffreykwan’s stale review
We agreed to flush sessions. See details in my comment.
Clear the Redis database by running
$ redis-cli
and test that WISE starts up and works as before.
Resolves #2453