We use play-pac4j
in CiviForm, an open-source, public interest project. Our user profiles are represented by the CiviFormProfileData
subclass of o.p.c.p.CommonProfile
.
In our logs, we have noted warnings like this:
[warn] o.p.c.u.s.JavaSerializer - cannot Java deserialize object
java.io.InvalidClassException: auth.CiviFormProfileData; local class incompatible: stream classdesc serialVersionUID = 3142603030317816700, local class serialVersionUID = 6503846375980947185
This surprises us, because we expected profile serialization to be stable. Note that we did not have serialVersionUID
set for this subclass, which was an oversight (and is addressed by this PR). That being said, though the class has had some small changes recently, the structure of the class did not change.
- Is this behavior expected?
- If so, is setting
serialVersionUID
to the current value sufficient to guard against this problem in the future?
GitHub issue: Errors deserializing pac4j profiles
Profile serialization should be stable.
We have faced issues using the
JavaSerializer
so this has been changed in thepac4j
core project to use theJsonSerializer
.This is not the case with
play-pac4j
and thePlayCookieSessionStore
. I guess we should change that.What play-pac4j version do you use?