SerializationException in Spring Boot (1 series) + spring-security-oauth2 + Redis Session + Heroku

SerializationException occurred when running on Heroku with the combination of Spring Boot (1 series) + spring-security-oauth2 + Redis Session. (It doesn't happen for one instance. Only for multiple instances)

Cause and solution

By the way, if you are using Spring Boot 2 series (Spring 5 series), you should use Spring Security 5 series. (Not tried) It is better if it can be upgraded to Spring Boot 2 series (Spring 5 series).

The problem seems to be in spring-security-oauth2. There are two solutions that came out googled

  1. When a SerializationException occurs, delete the corresponding Redis key. (id: katsu68's blog)
  2. Make it a sticky session (Heroku Sticky Session Settings)

If it's only 1, you'll get SerializationExceptions frequently on Heroku, so you can hardly maintain your login status. In the case of only 2, it makes little sense to have multiple instances, and when the restart runs, SerializationException still occurs.

Therefore, both measures were taken. The session expires only when deploying and restarting the Heroku instance, but I decided to operate with this for a while.

However, I don't know when Heroku will be restarted (you can control it to some extent by restarting it at any time). Frequent logouts are stressful for users.

Made a library

To avoid that, I decided to make some processing myself. I also decided to publish it as a library. -> Created library

		<dependency>
			<groupId>jp.co.ap-com</groupId>
			<artifactId>spring-oauth2-serializable</artifactId>
			<version>0.0.2</version>
		</dependency>

If spring-security-oauth2 has been set, the source code just changes @ EnableOAuth2Sso to @ EnableOAuth2Serializable However, it is useless if @ EnableOAuth2Sso or @ EnableOAuth2Client remains even in one place.

Click here for demo application https://github.com/apc-hattori/spring-oauth2-demo

Click here for the difference when modifying from spring-security-oauth2 only https://github.com/apc-hattori/spring-oauth2-demo/compare/use-spring-security-oauth2...master

Recommended Posts

SerializationException in Spring Boot (1 series) + spring-security-oauth2 + Redis Session + Heroku
Change session timeout time in Spring Boot
Set context-param in Spring Boot
Spring Boot 2 multi-project in Gradle
NoHttpResponseException in Spring Boot + WireMock
Get a list of other sessions of the same user when using Redis Session in Spring Boot (2 series). Also discard it.
Spring Boot Hello World in Eclipse
Spring Boot application development in Eclipse
Write test code in Spring Boot
Implement REST API in Spring Boot
What is @Autowired in Spring boot?
Implement Spring Boot application in Gradle
Upgrade spring boot from 1.5 series to 2.0 series
Thymeleaf usage notes in Spring Boot
Launch (old) Spring Boot project in IntelliJ
Build Spring Boot + Docker image in Gradle
Static file access priority in Spring boot
Output Spring Boot log in json format
Create Java Spring Boot project in IntelliJ
Loosen Thymeleaf syntax checking in Spring Boot
[Practice! ] Display Hello World in Spring Boot
Use DynamoDB query method in Spring Boot
DI SessionScope Bean in Spring Boot 2 Filter
Test controller with Mock MVC in Spring Boot
Asynchronous processing with regular execution in Spring Boot
Run a Spring Boot project in VS Code
Output request and response log in Spring Boot
How to use Spring Boot session attributes (@SessionAttributes)
The story of raising Spring Boot 1.5 series to 2.1 series
Use Servlet filter in Spring Boot [Spring Boot 1.x, 2.x compatible]
How to add a classpath in Spring Boot
Java tips-Create a Spring Boot project in Gradle
How to bind to property file in Spring Boot
Annotations used in Spring Boot task management tool
View the Gradle task in the Spring Boot project
Spring Boot --How to set session timeout time