Getting HazelcastSerializationException when starting the spring boot application

Question

Can someone tell me what could be a possible resolution for the below exception ?

2024-06-10 07:00:24,459 WARNING [catalina] [com.hazelcast.spi.impl.proxyservice.ProxyService] [10.6.7.136]:5701 [nev-viewer-nev-2021-cluster] [4.2] Error while initializing proxy: IMap{name='spring:session:sessions'}
com.hazelcast.nio.serialization.HazelcastSerializationException: java.io.InvalidClassException: org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; local class incompatible: stream classdesc serialVersionUID = 520, local class serialVersionUID = 570

2024-06-10 07:00:24,460 SEVERE [catalina] [com.hazelcast.spi.impl.proxyservice.impl.operations.PostJoinProxyOperation] [10.6.7.136]:5701 [nev-viewer-nev-2021-cluster] [4.2] Cannot create proxy [hz:impl:mapService:spring:session:sessions]!
com.hazelcast.nio.serialization.HazelcastSerializationException: java.io.InvalidClassException: org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; local class incompatible: stream classdesc serialVersionUID = 520, local class serialVersionUID = 570
    at com.hazelcast.internal.serialization.impl.SerializationUtil.handleException(SerializationUtil.java:103)
    at com.hazelcast.internal.serialization.impl.AbstractSerializationService.toObject(AbstractSerializationService.java:214)
    at com.hazelcast.map.impl.record.Records.tryStoreIntoCache(Records.java:203)
    at com.hazelcast.map.impl.record.Records.getValueOrCachedValue(Records.java:170)
    at com.hazelcast.map.impl.operation.AddIndexOperation.lambda$runInternal$0(AddIndexOperation.java:102)
    at com.hazelcast.map.impl.recordstore.DefaultRecordStore.forEach(DefaultRecordStore.java:278)
    at com.hazelcast.map.impl.recordstore.DefaultRecordStore.forEach(DefaultRecordStore.java:261)
    at com.hazelcast.map.impl.operation.AddIndexOperation.runInternal(AddIndexOperation.java:101)
    at com.hazelcast.map.impl.operation.MapOperation.run(MapOperation.java:115)
    at com.hazelcast.spi.impl.operationservice.Operation.call(Operation.java:189)
    at com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.call(OperationRunnerImpl.java:272)
    at com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.run(OperationRunnerImpl.java:248)
    at com.hazelcast.spi.impl.operationservice.impl.OperationRunnerImpl.run(OperationRunnerImpl.java:469)
    at com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.process(OperationThread.java:197)
    at com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.process(OperationThread.java:137)
    at com.hazelcast.spi.impl.operationexecutor.impl.OperationThread.executeRun(OperationThread.java:123)
    at com.hazelcast.internal.util.executor.HazelcastManagedThread.run(HazelcastManagedThread.java:102)
Caused by: java.io.InvalidClassException: org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; local class incompatible: stream classdesc serialVersionUID = 520, local class serialVersionUID = 570
    at java.base/java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:689)
    at java.base/java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2012)
    at java.base/java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1862)
    at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2169)
    at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1679)
    at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:493)
    at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:451)
    at java.base/java.util.HashMap.readObject(HashMap.java:1460)
    at java.base/jdk.internal.reflect.GeneratedMethodAccessor136.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at java.base/java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1175)
    at java.base/java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2325)
    at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2196)
    at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1679)
    at java.base/java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2464)
    at java.base/java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2358)
    at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2196)
    at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1679)
    at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:493)
    at java.base/java.io.ObjectInputStream.readObject(ObjectInputStream.java:451)
    at com.hazelcast.internal.serialization.impl.defaultserializers.JavaDefaultSerializers$JavaSerializer.read(JavaDefaultSerializers.java:86)
    at com.hazelcast.internal.serialization.impl.defaultserializers.JavaDefaultSerializers$JavaSerializer.read(JavaDefaultSerializers.java:79)
    at com.hazelcast.internal.serialization.impl.StreamSerializerAdapter.read(StreamSerializerAdapter.java:44)
    at com.hazelcast.internal.serialization.impl.AbstractSerializationService.toObject(AbstractSerializationService.java:208)
    ... 15 more

This exception comes when i try to run my spring boot application with embedded hazelcast. We are trying to use an existing docker image of a spring boot service and customize it by contributing the hazelcast config classes.

The hazelcast version used is 4.2

Thanks in advance.

I have tried to check the version of spring session core dependency and we are using the compatible version with that present in the service docker image.i don't know exactly what needs to be checked from the OAuth2AuthorizationRequest perspective. any pointers around it ?

Answer 1

Probably you have stored an older version of OAuth2AuthorizationRequest.java in the Hazelcast cache and trying to read and cast it to a newer version.

If you check the source code of https://github.com/spring-projects/spring-security/blob/main/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java, you can see that the serialVersion field is

private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;

The latest contant is

/**
 * Global Serialization value for Spring Security classes.
*/
public static final long SERIAL_VERSION_UID = 620L;

So you have stored an object from Spring 5.2 and trying to read it back to Spring 5.7.

So the error message

java.io.InvalidClassException: org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; local class incompatible: stream classdesc serialVersionUID = 520, local class serialVersionUID = 570