Login/Register
Redis Session Serializer mismatch between 3.2 and 4.2
Asked Answered
springsessionredisspring-session
A

1

4

I have a Spring Cloud-based application running on multiple spring-boot servers. All servers share the same Spring Session using @EnableRedisHttpSession.

I now want to integrate a third party widget into my application. Working with the third party, I was able to get initial configuration running, but I'm failing when the third party tries to access the Redis Session data. This is because I am using Spring 4 and the third party uses Spring 3.2. I cannot upgrade the third party's Spring version.

The exception is:

org.springframework.data.redis.serializer.SerializationException: Cannot deserialize; nested exception is     
    org.springframework.core.serializer.support.SerializationFailedException:     
Failed to deserialize payload. Is the byte array a result of corresponding     serialization for DefaultDeserializer?; nested exception is     
java.io.InvalidClassException:     org.springframework.security.core.context.SecurityContextImpl; local class     incompatible: stream classdesc serialVersionUID = 400, local class     serialVersionUID = 320
Caused by: java.io.InvalidClassException: 
org.springframework.security.core.context.SecurityContextImpl; local class incompatible: stream classdesc serialVersionUID = 400, local class serialVersionUID = 320
at java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:616) ~[na:1.8.0_66]
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1623) ~[na:1.8.0_66]
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1518) ~[na:1.8.0_66]    
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1774) ~[na:1.8.0_66]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1351) ~[na:1.8.0_66]
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:371) ~[na:1.8.0_66]
at org.springframework.core.serializer.DefaultDeserializer.deserialize(DefaultDeserializer.java:41) ~[spring-core-4.0.6.RELEASE.jar:4.0.6.RELEASE]
at org.springframework.core.serializer.support.DeserializingConverter.convert(DeserializingConverter.java:59) ~[spring-core-4.0.6.RELEASE.jar:4.0.6.RELEASE]
... 66 common frames omitted

Is there any way to easily translate between the two versions?

Algology answered 21/2, 2016 at 11:55 Comment(3)
Are you sure, your issue is due to incompatibility of Spring versions? Are you really deserializing exactly the same class you serialized before?Gild
I would think so, based on the exception description. This is done behind the scenes by @EnableRedisHttpSession code.Algology
I think you can achieve this by override the RedisSerializer to use a custom strategy that reads and writes your objects for your usecase.Galway
P
0

Some days ago i have also faced same issue when i was upgrading spring boot version from 2.2.1 to 2.2.6.

This issue was due to serialVersionUID which is present in SecurityContextImpl class. It has been changed between spring versions.

In your case it has been changed to 400 to 320 or vice-versa.

Resolution :

  1. Stop storing session on redis-server via setting property spring.session.store-type=none

  2. Use Jackson serialisation to avoid this type of issues in future version upgrades.

  3. Override implementation of SecurityContextImpl class. No need to do anything only serialVersionUID changes are sufficient.

Issue what i have faced

Adding a great reference for more details: https://github.com/spring-projects/spring-session/issues/1924

Possessive answered 17/6, 2022 at 11:5 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.