struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4900) NotSerializableException: com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector when using ExecuteAndWait interceptor
Date Wed, 13 Dec 2017 09:18:00 GMT

    [ https://issues.apache.org/jira/browse/WW-4900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16288935#comment-16288935
] 

ASF GitHub Bot commented on WW-4900:
------------------------------------

yasserzamani opened a new pull request #191: WW-4900 Makes BackgroundProcess transient
URL: https://github.com/apache/struts/pull/191
 
 
   Currently we won't support exec and wait from de-serialized session and maybe add this
support some day on user demand. Why I think to drop such support? It's not a good practice
to try serializing such large or variant unpredictable objects like action and invocation
([CWE-579: J2EE Bad Practices: Non-serializable Object Stored in Session](https://cwe.mitre.org/data/definitions/579.html)).

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> NotSerializableException: com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector
when using ExecuteAndWait interceptor
> --------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WW-4900
>                 URL: https://issues.apache.org/jira/browse/WW-4900
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions: 2.5.14.1
>            Reporter: Erica Kane
>            Assignee: Yasser Zamani
>             Fix For: 2.5.15
>
>
> We are running Struts 2.5.14.1 and working on externalizing Tomcat session state. This
requires Serializable sessions. However, our Action with the ExecuteAndWait interceptor fails.
Since our original code was quite complex I wrote a simpler one below which demonstrates the
exact same behavior.
> The simple action is shown here:
> {noformat}
> package com.sentrylink.web.actions;
> import java.util.concurrent.TimeUnit;
> import org.apache.struts2.convention.annotation.InterceptorRef;
> import org.apache.struts2.convention.annotation.InterceptorRefs;
> import org.apache.struts2.convention.annotation.Result;
> import org.apache.struts2.convention.annotation.Results;
> import com.opensymphony.xwork2.ActionSupport;
> @SuppressWarnings("serial")
> @Results({
>     @Result(name="wait", location="/"),
>     @Result(name=ActionSupport.SUCCESS, location="/WEB-INF/content/messagePage.jsp"),
> })
> @InterceptorRefs({
>     @InterceptorRef("webStack"),
>     @InterceptorRef("execAndWait")
> })
> public class TestExecuteAndWait extends ActionSupport {
>     public String execute() throws Exception {
>         TimeUnit.SECONDS.sleep(10);
>         return SUCCESS;
>     }
> }
> {noformat}
> Running this gives
> {noformat}
> WARNING: Cannot serialize session attribute __execWaittest-execute-and-wait for session
74CDB9F8D00BBC697030AFC6978E94F6 
> java.io.NotSerializableException: com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector
> {noformat}
> Removing the ExecuteAndWait interceptor fixes the issue.
> According to [~yasser.zamani] in WW-4873 : I reviewed {{ExecuteAndWaitInterceptor}} and
seems has this bug when session goes to being serialized in middle of an background process.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message