Jonathan S. Fisher created TOMEE-4222:
-----------------------------------------
Summary: @LoginToContinue JSR-375 (JavaEE Security API) causes
IllegalArgumentException
Key: TOMEE-4222
URL: https://issues.apache.org/jira/browse/TOMEE-4222
Project: TomEE
Issue Type: Bug
Components: TomEE Core Server
Affects Versions: 8.0.15, 8.0.14
Reporter: Jonathan S. Fisher
Assignee: Jonathan S. Fisher
Given the following configuration:
{{
@CustomFormAuthenticationMechanismDefinition(
loginToContinue = @LoginToContinue(loginPage = "/login", useForwardToLogin =
true))
@FacesConfig
@ApplicationScoped
public class ApplicationConfig {
}
}}
An exception will be thrown:
{{
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute
[org.apache.tomee.security.request.original]
org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1430)
org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1386)
org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:136)
org.apache.tomee.security.http.LoginToContinueMechanism.saveRequest(LoginToContinueMechanism.java:90)
org.apache.tomee.security.cdi.LoginToContinueInterceptor.processContainerInitiatedAuthentication(LoginToContinueInterceptor.java:132)
org.apache.tomee.security.cdi.LoginToContinueInterceptor.validateRequest(LoginToContinueInterceptor.java:78)
org.apache.tomee.security.cdi.LoginToContinueInterceptor.intercept(LoginToContinueInterceptor.java:63)
}}
This is beacuse {{SavedAuthentication}} and {{SavedRequest}} do not implement
{{Serializable}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
