After upgrading the Spring Boot version from 3.1.5 to 3.2.1, I encountered the following exception. It seems that there is a serialization exception when the security intercepts the request to access Redis.
13:26:40.263 ERROR [youtube-dubbing-proxy,4eca1ddebe749744bebac0aaa9ea01a5,f61d48039d707710,] : [d778bac7-11] 500 Server Error for HTTP GET "/api/v2/membership/getMembership"
org.springframework.data.redis.serializer.SerializationException: Cannot deserialize
at org.springframework.data.redis.serializer.JdkSerializationRedisSerializer.deserialize(JdkSerializationRedisSerializer.java:108)
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
Error has been observed at the following site(s):
*__checkpoint ⇢ ServerRequestCacheWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ SecurityContextServerWebExchangeWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ AuthenticationWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ ReactorContextWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ CorsWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ HttpHeaderWriterWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ ServerWebExchangeReactorContextWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ org.springframework.security.web.server.WebFilterChainProxy [DefaultWebFilterChain]
*__checkpoint ⇢ com.youtube.dubbing.proxy.youtubedubbingproxy.user.filter.RateLimiterWithResendEmailWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ com.youtube.dubbing.proxy.youtubedubbingproxy.subtitles.filter.RateLimiterWithSubtitleWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ HTTP GET "/api/v2/membership/getMembership" [ExceptionHandlingWebHandler]
Original Stack Trace:
at org.springframework.data.redis.serializer.JdkSerializationRedisSerializer.deserialize(JdkSerializationRedisSerializer.java:108)
at org.springframework.data.redis.serializer.DefaultRedisElementReader.read(DefaultRedisElementReader.java:46)
at org.springframework.data.redis.serializer.RedisSerializationContext$SerializationPair.read(RedisSerializationContext.java:277)
at org.springframework.data.redis.core.DefaultReactiveHashOperations.readHashValue(DefaultReactiveHashOperations.java:292)
at org.springframework.data.redis.core.DefaultReactiveHashOperations.deserializeHashEntry(DefaultReactiveHashOperations.java:307)
at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:106)
at reactor.core.publisher.FluxFlatMap$FlatMapMain.tryEmit(FluxFlatMap.java:547)
at reactor.core.publisher.FluxFlatMap$FlatMapInner.onNext(FluxFlatMap.java:988)
at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:122)
at reactor.core.publisher.MonoFlatMapMany$FlatMapManyInner.onNext(MonoFlatMapMany.java:250)
at reactor.core.publisher.FluxContextWriteRestoringThreadLocals$ContextWriteRestoringThreadLocalsSubscriber.onNext(FluxContextWriteRestoringThreadLocals.java:118)
at io.lettuce.core.RedisPublisher$ImmediateSubscriber.onNext(RedisPublisher.java:890)
at io.lettuce.core.RedisPublisher$RedisSubscription.onNext(RedisPublisher.java:291)
at io.lettuce.core.output.StreamingOutput$Subscriber.onNext(StreamingOutput.java:64)
at io.lettuce.core.output.KeyValueListOutput.set(KeyValueListOutput.java:76)
at io.lettuce.core.protocol.RedisStateMachine.safeSet(RedisStateMachine.java:806)
at io.lettuce.core.protocol.RedisStateMachine.handleBytes(RedisStateMachine.java:577)
at io.lettuce.core.protocol.RedisStateMachine$State$Type.handle(RedisStateMachine.java:205)
at io.lettuce.core.protocol.RedisStateMachine.doDecode(RedisStateMachine.java:339)
at io.lettuce.core.protocol.RedisStateMachine.decode(RedisStateMachine.java:300)
at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:840)
at io.lettuce.core.protocol.CommandHandler.decode0(CommandHandler.java:791)
at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:765)
at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:657)
at io.lettuce.core.protocol.CommandHandler.channelRead(CommandHandler.java:597)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:509)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:407)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: org.springframework.core.serializer.support.SerializationFailedException: Failed to deserialize payload. Is the byte array a result of corresponding serialization for DefaultDeserializer?
at org.springframework.core.serializer.support.DeserializingConverter.convert(DeserializingConverter.java:80)
at org.springframework.core.serializer.support.DeserializingConverter.convert(DeserializingConverter.java:37)
at org.springframework.data.redis.serializer.JdkSerializationRedisSerializer.deserialize(JdkSerializationRedisSerializer.java:106)
at org.springframework.data.redis.serializer.DefaultRedisElementReader.read(DefaultRedisElementReader.java:46)
at org.springframework.data.redis.serializer.RedisSerializationContext$SerializationPair.read(RedisSerializationContext.java:277)
at org.springframework.data.redis.core.DefaultReactiveHashOperations.readHashValue(DefaultReactiveHashOperations.java:292)
at org.springframework.data.redis.core.DefaultReactiveHashOperations.deserializeHashEntry(DefaultReactiveHashOperations.java:307)
at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:106)
at reactor.core.publisher.FluxFlatMap$FlatMapMain.tryEmit(FluxFlatMap.java:547)
at reactor.core.publisher.FluxFlatMap$FlatMapInner.onNext(FluxFlatMap.java:988)
at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:122)
at reactor.core.publisher.MonoFlatMapMany$FlatMapManyInner.onNext(MonoFlatMapMany.java:250)
at reactor.core.publisher.FluxContextWriteRestoringThreadLocals$ContextWriteRestoringThreadLocalsSubscriber.onNext(FluxContextWriteRestoringThreadLocals.java:118)
at io.lettuce.core.RedisPublisher$ImmediateSubscriber.onNext(RedisPublisher.java:890)
at io.lettuce.core.RedisPublisher$RedisSubscription.onNext(RedisPublisher.java:291)
at io.lettuce.core.output.StreamingOutput$Subscriber.onNext(StreamingOutput.java:64)
at io.lettuce.core.output.KeyValueListOutput.set(KeyValueListOutput.java:76)
at io.lettuce.core.protocol.RedisStateMachine.safeSet(RedisStateMachine.java:806)
at io.lettuce.core.protocol.RedisStateMachine.handleBytes(RedisStateMachine.java:577)
at io.lettuce.core.protocol.RedisStateMachine$State$Type.handle(RedisStateMachine.java:205)
at io.lettuce.core.protocol.RedisStateMachine.doDecode(RedisStateMachine.java:339)
at io.lettuce.core.protocol.RedisStateMachine.decode(RedisStateMachine.java:300)
at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:840)
at io.lettuce.core.protocol.CommandHandler.decode0(CommandHandler.java:791)
at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:765)
at io.lettuce.core.protocol.CommandHandler.decode(CommandHandler.java:657)
at io.lettuce.core.protocol.CommandHandler.channelRead(CommandHandler.java:597)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:509)
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:407)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.io.InvalidClassException: org.springframework.security.core.context.SecurityContextImpl; local class incompatible: stream classdesc serialVersionUID = 610, local class serialVersionUID = 620
at java.base/java.io.ObjectStreamClass.initNonProxy(Unknown Source)
at java.base/java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
at java.base/java.io.ObjectInputStream.readClassDesc(Unknown Source)
at java.base/java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.base/java.io.ObjectInputStream.readObject0(Unknown Source)
at java.base/java.io.ObjectInputStream.readObject(Unknown Source)
at java.base/java.io.ObjectInputStream.readObject(Unknown Source)
at org.springframework.core.serializer.DefaultDeserializer.deserialize(DefaultDeserializer.java:71)
at org.springframework.core.serializer.support.DeserializingConverter.convert(DeserializingConverter.java:75)
... 40 common frames omitted
Comment From: wilkinsona
It would appear that org.springframework.security.core.context.SecurityContextImpl from Spring Security 6.1.0 has been serialised and an attempt is then being made to deserialise it using the class from Spring Security 6.2.0. This fails due to a different serialVersionUID and no custom readObject and writeObject methods.
Spring Security users have faced similar problems in the past. https://github.com/spring-projects/spring-security/issues/9204 is probably the closest match to your problem although it would appear you're not using Spring Session. Other similar issues include:
- https://github.com/spring-projects/spring-security/issues/3737
- https://github.com/spring-projects/spring-security/issues/3918
- https://github.com/spring-attic/spring-security-oauth/issues/662
I would recommend reading https://github.com/spring-projects/spring-security/issues/9204 and following its advice. If that does not help, you may want to open a new Spring Security issue. If you do so, please take the time to explain why none of the existing recommendations solve your problem.
Comment From: asasas234
Thank you, https://github.com/spring-projects/spring-security/issues/9204 is the issue I encountered.