tags:

views:

36

answers:

2
+1  Q: 

Spring UserDetailsService is not Serializable session attribute in google-apps-engine

Here we have a Spring based webapp in google apps engine.

I've created a UserDetailService class to load the UserDetails from the GAE data store (assuming this is the best approach). 

@Service("springUserDetailsService")
public class SpringUserDetailsService implements UserDetailsService {

    @Resource(name="userDao")
    private IUserDao userDao;
    //...

But GAE throws the following exception (apparently) when it tries to persist the session to the data store.

java.lang.RuntimeException: java.io.NotSerializableException: com.prepayproxy.servicelayer.SpringUserDetailsService
    at com.google.apphosting.runtime.jetty.SessionManager.serialize(SessionManager.java:387)
    at com.google.apphosting.runtime.jetty.SessionManager.createEntityForSession(SessionManager.java:364)

I first thought to Serialize the SprintUserDetailsService object, but it has a reference to my UserDao, which in turn has references to data source objects, at about that point I freaked out and decided to see if there's a better approach.

A: 

Two options:

  • don't worry about the DataSource - spring, since version 3, serves a proxy which, when deserialized, gets a fresh data source, rather than the original (which is not relevant)

  • don't put your service in the session. Perhaps it is referenced by something that is in session scope, so make it volatile there.

See also this question

Bozho  2010-10-18 13:43:15
On your second point, I am only assuming that spring security is storing a reference to the UserDetailsService in the session, which is how it gets tied up with the GAE serialization of the session. All beyond my control as far as I see unless I missed something. Perhaps your first point is a solution, but it seems messy to have to go around serializing everything this way, guess I was hoping for a silver bullet - or at least a well documented/previously tested approach.
David Parks  2010-10-18 13:47:53
+1  A: 

On your second point, I am only assuming that spring security is storing a reference to the UserDetailsService in the session, which is how it gets tied up with the GAE serialization of the session. All beyond my control as far as I see unless I missed something.

There's no reason for SpringSecurity to put a reference to your application's UserDetailsStore into the session. A UserDetailsStore is not conceptually session scoped.

If the session manager is trying to serialize a UserDetailsService, it is probably a result of a reference to the UserDetailsService in some other session scoped object.

Stephen C  2010-10-18 14:03:22
I'll look into that, not sure why UserDetailsService gets serialized w/ the session, I just assumed that Spring Security Framework did it. Though I don't use it anywhere else, I just have a super simple test app up now and I don't touch the session in any way in my code.
David Parks  2010-10-21 09:37:59

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java