7 Replies Latest reply on Feb 7, 2018 3:55 AM by Gert Kropiunik

    NotSerializableException when using clustered authentication cache

    Gert Kropiunik Newbie

      Hello,

       

      after migrating from wildfly 10 to wildfly 11 I have troubles using a distributed authentication cache. As long as I configure the security-domain to use cache-type="default" - which is a local cache - everything works as expected but when I use the cache-type="infinispan" I encounter serialization issues. Here is the config of the security domain:

       

                       <security-domain name="myDomain" cache-type="infinispan">

                          <authentication>

                              <login-module code="my.login.module.MyLoginModule" flag="required" module="my.login.module">

                                  <module-option name="principalClass" value="my.login.module.MyPrincipal"/>

                                  <module-option name="password-stacking" value="useFirstPass"/>

                              </login-module>

                          </authentication>

                      </security-domain>

       

       

      and the config of the authentication cache in infinispan:

       

                <cache-container name="security" default-cache="auth-cache">

                      <transport lock-timeout="60000"/>

                      <distributed-cache name="auth-cache" mode="ASYNC" l1-lifespan="0" owners="2">

                          <locking isolation="REPEATABLE_READ"/>

                          <transaction mode="BATCH"/>

                          <eviction strategy="LRU" max-entries="10000"/>

                          <expiration lifespan="28800000" max-idle="28800000"/>

                          <file-store/>

                      </distributed-cache>

                  </cache-container>

       

      From the exception it looks like that the DomainInfo object will be put into the cache although is has a member which is not serializable: protected ClassLoader contextClassLoader. Is there anything I can do in my configuration to prevent this from happening besides not using a clustered cache at all. As I said the same config works fine in wildfly 10.

       

       

      2018-02-02 10:11:07,735 ERROR [org.infinispan.remoting.rpc.RpcManagerImpl] (default task-6) ISPN000073: Unexpected error while replicating: org.infinispan.commons.marshall.NotSerializableException: org.jboss.as.security.plugins.ModuleClassLoaderLocator$CombinedClassLoader

      Caused by: an exception which occurred:

              in field org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo.contextClassLoader

              in object org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@1a15d95d

              in object org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@1a15d95d

              in object org.infinispan.commands.write.PutKeyValueCommand@511ccdce

              in object org.infinispan.commands.tx.PrepareCommand@47015b38

      2018-02-02 10:11:07,735 ERROR [org.infinispan.interceptors.InvocationContextInterceptor] (default task-6) ISPN000136: Error executing command PrepareCommand, writing keys [name=0ceelJ3b7FaluV4u/Rc9ow==]: org.infinispan.commons.marshall.NotSerializableException: org.jboss.as.security.plugins.ModuleClassLoaderLocator$CombinedClassLoader

      Caused by: an exception which occurred:

              in field org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo.contextClassLoader

              in object org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@1a15d95d

              in object org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@1a15d95d

              in object org.infinispan.commands.write.PutKeyValueCommand@511ccdce

              in object org.infinispan.commands.tx.PrepareCommand@47015b38

      2018-02-02 10:11:07,735 ERROR [org.infinispan.transaction.impl.TransactionCoordinator] (default task-6) ISPN000097: Error while processing a prepare in a single-phase transaction: org.infinispan.commons.marshall.NotSerializableException: org.jboss.as.security.plugins.ModuleClassLoaderLocator$CombinedClassLoader

      Caused by: an exception which occurred:

              in field org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo.contextClassLoader

              in object org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@1a15d95d

              in object org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@1a15d95d

              in object org.infinispan.commands.write.PutKeyValueCommand@511ccdce

              in object org.infinispan.commands.tx.PrepareCommand@47015b38

      2018-02-02 10:11:07,737 WARN  [org.infinispan.transaction.tm.DummyTransaction] (default task-6) ISPN000112: exception while committing: javax.transaction.xa.XAException

              at org.infinispan//org.infinispan.transaction.impl.TransactionCoordinator.handleCommitFailure(TransactionCoordinator.java:213)

              at org.infinispan//org.infinispan.transaction.impl.TransactionCoordinator.commit(TransactionCoordinator.java:159)

              at org.infinispan//org.infinispan.transaction.xa.TransactionXaAdapter.commit(TransactionXaAdapter.java:114)

              at org.infinispan//org.infinispan.transaction.tm.DummyTransaction.finishResource(DummyTransaction.java:401)

              at org.infinispan//org.infinispan.transaction.tm.DummyTransaction.commitResources(DummyTransaction.java:448)

              at org.infinispan//org.infinispan.transaction.tm.DummyTransaction.runCommit(DummyTransaction.java:321)

              at org.infinispan//org.infinispan.transaction.tm.DummyTransaction.commit(DummyTransaction.java:108)

              at org.infinispan//org.infinispan.transaction.tm.DummyBaseTransactionManager.commit(DummyBaseTransactionManager.java:73)

              at org.infinispan//org.infinispan.cache.impl.CacheImpl.tryCommit(CacheImpl.java:1735)

              at org.infinispan//org.infinispan.cache.impl.CacheImpl.executeCommandAndCommitIfNeeded(CacheImpl.java:1692)

              at org.infinispan//org.infinispan.cache.impl.CacheImpl.putInternal(CacheImpl.java:1134)

              at org.infinispan//org.infinispan.cache.impl.CacheImpl.put(CacheImpl.java:1124)

              at org.infinispan//org.infinispan.cache.impl.CacheImpl.put(CacheImpl.java:1755)

              at org.infinispan//org.infinispan.cache.impl.CacheImpl.put(CacheImpl.java:251)

              at org.infinispan//org.infinispan.cache.impl.AbstractDelegatingCache.put(AbstractDelegatingCache.java:292)

              at org.picketbox//org.jboss.security.authentication.JBossCachedAuthenticationManager.updateCache(JBossCachedAuthenticationManager.java:490)

              at org.picketbox//org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:363)

              at org.picketbox//org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:323)

              at org.picketbox//org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146)

              at org.jboss.as.security//org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:414)

              at org.jboss.as.security//org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:375)

              at org.jboss.as.security//org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:353)

              at org.jboss.as.domain-management//org.jboss.as.domain.management.security.JaasCallbackHandler.verify(JaasCallbackHandler.java:204)

              at org.jboss.as.domain-management//org.jboss.as.domain.management.security.JaasCallbackHandler.access$200(JaasCallbackHandler.java:80)

              at org.jboss.as.domain-management//org.jboss.as.domain.management.security.JaasCallbackHandler$SecurityRealmImpl$RealmIdentityImpl.verifyEvidence(JaasCallbackHandler.java:355)

              at org.wildfly.security.elytron-private//org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1977)

              at org.wildfly.security.elytron-private//org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:759)

              at org.wildfly.security.elytron-private//org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:992)

              at org.wildfly.security.elytron-private//org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:902)

              at org.wildfly.security.elytron-private//org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839)

              at org.wildfly.security.elytron-private//org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.lambda$createSaslServer$0(TrustManagerSaslServerFactory.java:96)

              at org.wildfly.security.elytron-private//org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:117)

              at org.wildfly.security.elytron-private//org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)

              at org.wildfly.security.elytron-private//org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106)

              at org.wildfly.security.elytron-private//org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:57)

              at org.jboss.xnio//org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245)

              at org.jboss.xnio//org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217)

              at org.jboss.remoting//org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:486)

              at org.jboss.remoting//org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926)

              at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)

              at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)

              at java.base/java.lang.Thread.run(Thread.java:844)

      Caused by: org.infinispan.commons.marshall.NotSerializableException: org.jboss.as.security.plugins.ModuleClassLoaderLocator$CombinedClassLoader

      Caused by: an exception which occurred:

              in field org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo.contextClassLoader

              in object org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@1a15d95d

              in object org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@1a15d95d

              in object org.infinispan.commands.write.PutKeyValueCommand@511ccdce

              in object org.infinispan.commands.tx.PrepareCommand@47015b38

       

       

      Any help is highly appreciated

       

      Cheers, Gert