We use play-pac4j
in CiviForm, an open-source, public interest project. Our user profiles are represented by the CiviFormProfileData
subclass of o.p.c.p.CommonProfile
.
In our logs, we have noted warnings like this:
[warn] o.p.c.u.s.JavaSerializer - cannot Java deserialize object
java.io.InvalidClassException: auth.CiviFormProfileData; local class incompatible: stream classdesc serialVersionUID = 3142603030317816700, local class serialVersionUID = 6503846375980947185
This surprises us, because we expected profile serialization to be stable. Note that we did not have serialVersionUID
set for this subclass, which was an oversight (and is addressed by this PR). That being said, though the class has had some small changes recently, the structure of the class did not change.
serialVersionUID
to the current value sufficient to guard against this problem in the future?GitHub issue: Errors deserializing pac4j profiles
Profile serialization should be stable.
We have faced issues using the JavaSerializer
so this has been changed in the pac4j
core project to use the JsonSerializer
.
This is not the case with play-pac4j
and the PlayCookieSessionStore
. I guess we should change that.
What play-pac4j version do you use?