SerializationException occurred when running on Heroku with the combination of Spring Boot (1 series) + spring-security-oauth2 + Redis Session. (It doesn't happen for one instance. Only for multiple instances)
By the way, if you are using Spring Boot 2 series (Spring 5 series), you should use Spring Security 5 series. (Not tried) It is better if it can be upgraded to Spring Boot 2 series (Spring 5 series).
The problem seems to be in spring-security-oauth2. There are two solutions that came out googled
If it's only 1, you'll get SerializationExceptions frequently on Heroku, so you can hardly maintain your login status. In the case of only 2, it makes little sense to have multiple instances, and when the restart runs, SerializationException still occurs.
Therefore, both measures were taken. The session expires only when deploying and restarting the Heroku instance, but I decided to operate with this for a while.
However, I don't know when Heroku will be restarted (you can control it to some extent by restarting it at any time). Frequent logouts are stressful for users.
To avoid that, I decided to make some processing myself. I also decided to publish it as a library. -> Created library
<dependency>
<groupId>jp.co.ap-com</groupId>
<artifactId>spring-oauth2-serializable</artifactId>
<version>0.0.2</version>
</dependency>
If spring-security-oauth2 has been set, the source code just changes @ EnableOAuth2Sso to @ EnableOAuth2Serializable
However, it is useless if @ EnableOAuth2Sso or @ EnableOAuth2Client remains even in one place.
Click here for demo application https://github.com/apc-hattori/spring-oauth2-demo
Click here for the difference when modifying from spring-security-oauth2 only https://github.com/apc-hattori/spring-oauth2-demo/compare/use-spring-security-oauth2...master
Recommended Posts