Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CallerPrincipal should be serializable #102

Closed
arjantijms opened this issue Oct 19, 2018 · 2 comments · Fixed by #198
Closed

CallerPrincipal should be serializable #102

arjantijms opened this issue Oct 19, 2018 · 2 comments · Fixed by #198
Assignees
@arjantijms
Labels
3.0 enhancement New feature or request
Milestone
3.0

Comments

@arjantijms
Copy link
Contributor

When auto apply session is used, it's highly likely (though not strictly specified as such) that the CallerPrincipal will end up in the HTTP session.

Items in the HTTP session must be serializable. Not doing that leads to errors such as reported here:

payara/Payara#3295

Do note that Subject, which is the most likely class containing principals such as CallerPrincipal is indeed serializable.

As an example, this is how Tomcat (and Tomat derived web containers, such as in GlassFish and Payara) ultimately store the authenticated Principal;

   /**
     * Set the Principal who has been authenticated for this Request.  This
     * value is also used to calculate the value to be returned by the
     * <code>getRemoteUser()</code> method.
     *
     * @param principal The user Principal
     */
    @Override
    public void setUserPrincipal(Principal principal) {
        if (SecurityUtil.isPackageProtectionEnabled()) {
            
            HttpSession session = getSession(false);
            
            if (subject != null && !subject.getPrincipals().contains(principal)) {
                subject.getPrincipals().add(principal);
            } else if (session != null && session.getAttribute(SUBJECT_ATTR) == null) {
                subject = new Subject();
                subject.getPrincipals().add(principal);
            }

            if (session != null) {
                session.setAttribute(SUBJECT_ATTR, subject);
            }
        }

        this.callerPrincipal = principal;
    }
@MattGill98 MattGill98 mentioned this issue Nov 15, 2018
Merged
@ggam
Copy link
Contributor

ggam commented Dec 7, 2018

Fixed by #107

@ggam ggam closed this as completed Dec 7, 2018
@arjantijms arjantijms reopened this Sep 18, 2021
@arjantijms
Copy link
Contributor Author

Somewhere along the way the Serializable was lost, reopening this and tagging for 3.0.

@arjantijms arjantijms added this to the 3.0 milestone Sep 18, 2021
@arjantijms arjantijms added 3.0 enhancement New feature or request labels Sep 18, 2021
@arjantijms arjantijms self-assigned this Sep 18, 2021
@arjantijms arjantijms mentioned this issue Sep 18, 2021
Merged
arjantijms added a commit that referenced this issue Sep 18, 2021
@arjantijms
Merge pull request #198 from arjantijms/102_CallerPrincipal_serializable
e7cad4f 
#102 Make CallerPrincipal Serializable (again)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arjantijms arjantijms

Labels
3.0 enhancement New feature or request
Projects
None yet
Milestone
3.0
Development

Successfully merging a pull request may close this issue.

#102 Make CallerPrincipal Serializable (again)
2 participants
@ggam @arjantijms