Friday, October 14, 2011

InvalidClassException: GrailsUser and plugin upgrade

Recently when I tried to deploy new version of application on live server without downtime, I got error:

2011-10-14 11:02:52,058 [Tribes-Task-Receiver-4] ERROR org.apache.catalina.ha.session.DeltaManager- Manager [localhost#]: Unable to receive message through TCP channel
java.io.InvalidClassException: org.codehaus.groovy.grails.plugins.springsecurity.GrailsUser; local class incompatible: stream classdesc serialVersionUID = -3114204362518930756, local class serialVersionUID =
        at java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:579)
        at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1600)
        at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1513)
        at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1600)
        at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1513)
        at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1749)
        at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1346)
        at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1963)
        at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1887)
        at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1770)
        at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1346)
        at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1963)

Basically, error is trivial, just some Spring security classes are not versioned and cluster can't synchronize users data. Fortunately, as I have found out, no hacking is needed and it can be easily fixed by upgrading spring-security-core plugin to the latest version.

To upgrade to latest version, just uninstall plugin and install it again, like:

grails uninstall-plugin spring-security-core
grails install-plugin spring-security-core

2 comments:

  1. Which version of spring resolved your issue?

    I have a prod app installed with Spring 2.5, where a binary object was serialized; on upgrading the app with Spring Security 3.0.2, on deserializing the same object I get the same error.

    Do you think this is the same issue?

    Spring Jira says this should be fixed on 3.0.0:
    https://jira.springsource.org/browse/SEC-1337?page=com.atlassian.jira.plugin.system.issuetabpanels:changehistory-tabpanel

    ReplyDelete
  2. This have possibly been same issue, which is more or less ok when major version is changed :)
    In my case problem was purely with Grails and serialVersionUID was just missing, and Grails recompiles classes with every build, so even without changes in GrailsUser it was different (which should not be so).
    Anyway, I migrated from 1.1.3 to 1.2.1 Only it is not Spring, but Grails plugin versions.

    ReplyDelete