struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (WW-4900) NotSerializableException: com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector when using ExecuteAndWait interceptor
Date Wed, 13 Dec 2017 09:18:00 GMT


ASF GitHub Bot commented on WW-4900:

yasserzamani opened a new pull request #191: WW-4900 Makes BackgroundProcess transient
   Currently we won't support exec and wait from de-serialized session and maybe add this
support some day on user demand. Why I think to drop such support? It's not a good practice
to try serializing such large or variant unpredictable objects like action and invocation
([CWE-579: J2EE Bad Practices: Non-serializable Object Stored in Session](

This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:

> NotSerializableException: com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector
when using ExecuteAndWait interceptor
> --------------------------------------------------------------------------------------------------------------------------------
>                 Key: WW-4900
>                 URL:
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions:
>            Reporter: Erica Kane
>            Assignee: Yasser Zamani
>             Fix For: 2.5.15
> We are running Struts and working on externalizing Tomcat session state. This
requires Serializable sessions. However, our Action with the ExecuteAndWait interceptor fails.
Since our original code was quite complex I wrote a simpler one below which demonstrates the
exact same behavior.
> The simple action is shown here:
> {noformat}
> package com.sentrylink.web.actions;
> import java.util.concurrent.TimeUnit;
> import org.apache.struts2.convention.annotation.InterceptorRef;
> import org.apache.struts2.convention.annotation.InterceptorRefs;
> import org.apache.struts2.convention.annotation.Result;
> import org.apache.struts2.convention.annotation.Results;
> import com.opensymphony.xwork2.ActionSupport;
> @SuppressWarnings("serial")
> @Results({
>     @Result(name="wait", location="/"),
>     @Result(name=ActionSupport.SUCCESS, location="/WEB-INF/content/messagePage.jsp"),
> })
> @InterceptorRefs({
>     @InterceptorRef("webStack"),
>     @InterceptorRef("execAndWait")
> })
> public class TestExecuteAndWait extends ActionSupport {
>     public String execute() throws Exception {
>         TimeUnit.SECONDS.sleep(10);
>         return SUCCESS;
>     }
> }
> {noformat}
> Running this gives
> {noformat}
> WARNING: Cannot serialize session attribute __execWaittest-execute-and-wait for session
> com.opensymphony.xwork2.inject.ContainerImpl$ConstructorInjector
> {noformat}
> Removing the ExecuteAndWait interceptor fixes the issue.
> According to [~yasser.zamani] in WW-4873 : I reviewed {{ExecuteAndWaitInterceptor}} and
seems has this bug when session goes to being serialized in middle of an background process.

This message was sent by Atlassian JIRA

View raw message