[jira] [Commented] (WW-4900) NotSerializableException: com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector when using ExecuteAndWait interceptor

Erica Kane (JIRA) Wed, 13 Dec 2017 04:22:29 -0800

    [ 
https://issues.apache.org/jira/browse/WW-4900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16289195#comment-16289195
 ]


Erica Kane commented on WW-4900:
--------------------------------

Glad I could help the security at least. :/

I wrote custom code for my own case, and did not use an interceptor. 
Essentially I made a smaller object that went in the session, I agree having a 
large unpredictable object in there is a big problem.

> NotSerializableException: 
> com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector when using 
> ExecuteAndWait interceptor
> --------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WW-4900
>                 URL: https://issues.apache.org/jira/browse/WW-4900
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions: 2.5.14.1
>            Reporter: Erica Kane
>            Assignee: Yasser Zamani
>             Fix For: 2.5.15
>
>
> We are running Struts 2.5.14.1 and working on externalizing Tomcat session 
> state. This requires Serializable sessions. However, our Action with the 
> ExecuteAndWait interceptor fails. Since our original code was quite complex I 
> wrote a simpler one below which demonstrates the exact same behavior.
> The simple action is shown here:
> {noformat}
> package com.sentrylink.web.actions;
> import java.util.concurrent.TimeUnit;
> import org.apache.struts2.convention.annotation.InterceptorRef;
> import org.apache.struts2.convention.annotation.InterceptorRefs;
> import org.apache.struts2.convention.annotation.Result;
> import org.apache.struts2.convention.annotation.Results;
> import com.opensymphony.xwork2.ActionSupport;
> @SuppressWarnings("serial")
> @Results({
>     @Result(name="wait", location="/"),
>     @Result(name=ActionSupport.SUCCESS, 
> location="/WEB-INF/content/messagePage.jsp"),
> })
> @InterceptorRefs({
>     @InterceptorRef("webStack"),
>     @InterceptorRef("execAndWait")
> })
> public class TestExecuteAndWait extends ActionSupport {
>     public String execute() throws Exception {
>         TimeUnit.SECONDS.sleep(10);
>         return SUCCESS;
>     }
> }
> {noformat}
> Running this gives
> {noformat}
> WARNING: Cannot serialize session attribute __execWaittest-execute-and-wait 
> for session 74CDB9F8D00BBC697030AFC6978E94F6 
> java.io.NotSerializableException: 
> com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector
> {noformat}
> Removing the ExecuteAndWait interceptor fixes the issue.
> According to [~yasser.zamani] in WW-4873 : I reviewed 
> {{ExecuteAndWaitInterceptor}} and seems has this bug when session goes to 
> being serialized in middle of an background process.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (WW-4900) NotSerializableException: com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector when using ExecuteAndWait interceptor

Reply via email to