[Bug] ContextHolderAuthenticationResolverFilter序列化异常 #14145
Labels
Comments
javacctvnews
added
component/need-triage
|
plz provide a demo project to reproduce |
|
Please submit the issue in English :) |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Pre-check
Search before asking
Apache Dubbo Component
Java SDK (apache/dubbo)
Dubbo Version
Dubbo Java 3.2.7,JDK17,Nacos2.2.1
Steps to reproduce this issue
自开发的认证授权(Spring Authorization Server)微服务,先称作微服务A,现在前端有一个接口调用A的rest接口,接口内部调用微服务B的一个dubbo服务接口,服务B此时会报一个序列化错误的异常,但是不影响业务流程。微服务B是不需要security相关依赖的,看异常栈是因为缺少security相关类导致反序列化异常,有人知道怎么解决这个问题吗?谢谢!
What you expected to happen
[ev-system:192.168.3.100:19102] 2024-04-30 09:32:15.361 INFO 61676 [-] [NettyServerWorker-8-1] o.a.d.r.t.netty4.NettyServerHandler [DUBBO] The connection of /192.168.3.100:43789 -> /192.168.3.100:20880 is established., dubbo version: 3.2.7, current host: 192.168.3.100
[ev-system:192.168.3.100:19102] 2024-04-30 09:32:15.366 INFO 61676 [-] [NettyServerWorker-8-1] o.a.dubbo.rpc.protocol.dubbo.DubboCodec [DUBBO] Because thread pool isolation is enabled on the dubbo protocol, the body can only be decoded on the io thread, and the parameter[decode.in.io.thread] will be ignored, dubbo version: 3.2.7, current host: 192.168.3.100
[ev-system:192.168.3.100:19102] 2024-04-30 09:32:15.398 WARN 61676 [-] [DubboServerHandler-192.168.3.100:20880-thread-2] o.a.d.s.s.jackson.ObjectMapperCodec [DUBBO] , dubbo version: 3.2.7, current host: 192.168.3.100, error code: 0-23. This may be caused by objectMapper! deserialize error, you can try to customize the ObjectMapperCodecCustomer., go to https://dubbo.apache.org/faq/0/23 to find instructions.
com.fasterxml.jackson.databind.exc.InvalidTypeIdException: Could not resolve type id 'org.springframework.security.web.authentication.WebAuthenticationDetails' as a subtype of
java.lang.Object: no such class foundat [Source: (byte[])"{"@Class":"org.springframework.security.authentication.AnonymousAuthenticationToken","keyHash":-700335674,"principal":"anonymousUser","authorities":["java.util.Collections$UnmodifiableRandomAccessList",[{"@Class":"org.springframework.security.core.authority.SimpleGrantedAuthority","authority":"ROLE_ANONYMOUS"}]],"details":{"@Class":"org.springframework.security.web.authentication.WebAuthenticationDetails","remoteAddress":"192.168.3.100","sessionId":null},"authenticated":true}"; line: 1, column: 335] (through reference chain: org.springframework.security.authentication.AnonymousAuthenticationToken["details"])
at com.fasterxml.jackson.databind.exc.InvalidTypeIdException.from(InvalidTypeIdException.java:43)
at com.fasterxml.jackson.databind.DeserializationContext.invalidTypeIdException(DeserializationContext.java:2084)
at com.fasterxml.jackson.databind.DeserializationContext.handleUnknownTypeId(DeserializationContext.java:1575)
at com.fasterxml.jackson.databind.jsontype.impl.ClassNameIdResolver._typeFromId(ClassNameIdResolver.java:76)
at com.fasterxml.jackson.databind.jsontype.impl.ClassNameIdResolver.typeFromId(ClassNameIdResolver.java:66)
at org.springframework.security.jackson2.SecurityJackson2Modules$AllowlistTypeIdResolver.typeFromId(SecurityJackson2Modules.java:271)
at com.fasterxml.jackson.databind.jsontype.impl.TypeDeserializerBase._findDeserializer(TypeDeserializerBase.java:159)
at com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer._deserializeTypedForId(AsPropertyTypeDeserializer.java:151)
at com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer.deserializeTypedFromObject(AsPropertyTypeDeserializer.java:136)
at com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer.deserializeTypedFromAny(AsPropertyTypeDeserializer.java:240)
at com.fasterxml.jackson.databind.deser.std.UntypedObjectDeserializerNR.deserializeWithType(UntypedObjectDeserializerNR.java:115)
at com.fasterxml.jackson.databind.deser.impl.MethodProperty.deserializeAndSet(MethodProperty.java:138)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:278)
at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeUsingPropertyBased(BeanDeserializer.java:463)
at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1409)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:352)
at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:220)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:187)
at com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer._deserializeTypedForId(AsPropertyTypeDeserializer.java:170)
at com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer.deserializeTypedFromObject(AsPropertyTypeDeserializer.java:136)
at com.fasterxml.jackson.databind.deser.AbstractDeserializer.deserializeWithType(AbstractDeserializer.java:263)
at com.fasterxml.jackson.databind.deser.impl.TypeWrappedDeserializer.deserialize(TypeWrappedDeserializer.java:74)
at com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:323)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4825)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3833)
at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:50)
at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:62)
at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.getSecurityContext(ContextHolderAuthenticationResolverFilter.java:67)
at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.invoke(ContextHolderAuthenticationResolverFilter.java:54)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:334)
at org.apache.dubbo.rpc.filter.GenericFilter.invoke(GenericFilter.java:206)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:334)
at org.apache.dubbo.rpc.filter.ClassLoaderFilter.invoke(ClassLoaderFilter.java:54)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:334)
at org.apache.dubbo.rpc.filter.EchoFilter.invoke(EchoFilter.java:41)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:334)
at org.apache.dubbo.metrics.filter.MetricsFilter.invoke(MetricsFilter.java:76)
at org.apache.dubbo.metrics.filter.MetricsProviderFilter.invoke(MetricsProviderFilter.java:36)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:334)
at org.apache.dubbo.rpc.filter.ProfilerServerFilter.invoke(ProfilerServerFilter.java:64)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:334)
at org.apache.dubbo.rpc.filter.ContextFilter.invoke(ContextFilter.java:144)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:334)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CallbackRegistrationInvoker.invoke(FilterChainBuilder.java:196)
at org.apache.dubbo.rpc.protocol.dubbo.DubboProtocol$1.reply(DubboProtocol.java:156)
at org.apache.dubbo.remoting.exchange.support.header.HeaderExchangeHandler.handleRequest(HeaderExchangeHandler.java:110)
at org.apache.dubbo.remoting.exchange.support.header.HeaderExchangeHandler.received(HeaderExchangeHandler.java:200)
at org.apache.dubbo.remoting.transport.DecodeHandler.received(DecodeHandler.java:53)
at org.apache.dubbo.remoting.transport.dispatcher.ChannelEventRunnable.run(ChannelEventRunnable.java:62)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at org.apache.dubbo.common.threadlocal.InternalRunnable.run(InternalRunnable.java:41)
at java.base/java.lang.Thread.run(Thread.java:842)
Anything else
No response
Are you willing to submit a pull request to fix on your own?
Code of Conduct
The text was updated successfully, but these errors were encountered: