[ https://issues.apache.org/jira/browse/WW-4900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16289195#comment-16289195 ]
Erica Kane commented on WW-4900: -------------------------------- Glad I could help the security at least. :/ I wrote custom code for my own case, and did not use an interceptor. Essentially I made a smaller object that went in the session, I agree having a large unpredictable object in there is a big problem. > NotSerializableException: > com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector when using > ExecuteAndWait interceptor > -------------------------------------------------------------------------------------------------------------------------------- > > Key: WW-4900 > URL: https://issues.apache.org/jira/browse/WW-4900 > Project: Struts 2 > Issue Type: Bug > Affects Versions: 2.5.14.1 > Reporter: Erica Kane > Assignee: Yasser Zamani > Fix For: 2.5.15 > > > We are running Struts 2.5.14.1 and working on externalizing Tomcat session > state. This requires Serializable sessions. However, our Action with the > ExecuteAndWait interceptor fails. Since our original code was quite complex I > wrote a simpler one below which demonstrates the exact same behavior. > The simple action is shown here: > {noformat} > package com.sentrylink.web.actions; > import java.util.concurrent.TimeUnit; > import org.apache.struts2.convention.annotation.InterceptorRef; > import org.apache.struts2.convention.annotation.InterceptorRefs; > import org.apache.struts2.convention.annotation.Result; > import org.apache.struts2.convention.annotation.Results; > import com.opensymphony.xwork2.ActionSupport; > @SuppressWarnings("serial") > @Results({ > @Result(name="wait", location="/"), > @Result(name=ActionSupport.SUCCESS, > location="/WEB-INF/content/messagePage.jsp"), > }) > @InterceptorRefs({ > @InterceptorRef("webStack"), > @InterceptorRef("execAndWait") > }) > public class TestExecuteAndWait extends ActionSupport { > public String execute() throws Exception { > TimeUnit.SECONDS.sleep(10); > return SUCCESS; > } > } > {noformat} > Running this gives > {noformat} > WARNING: Cannot serialize session attribute __execWaittest-execute-and-wait > for session 74CDB9F8D00BBC697030AFC6978E94F6 > java.io.NotSerializableException: > com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector > {noformat} > Removing the ExecuteAndWait interceptor fixes the issue. > According to [~yasser.zamani] in WW-4873 : I reviewed > {{ExecuteAndWaitInterceptor}} and seems has this bug when session goes to > being serialized in middle of an background process. -- This message was sent by Atlassian JIRA (v6.4.14#64029)