我有一个带有安全性、devtools、vaadin和嵌入式tomcat的springboot应用程序。
我已经根据以下指南配置了spring安全：vaadin使用spring安全保护您的应用程序运行正常，我可以登录。。。等等，但当我更改某些内容并希望实时重新加载时，服务器会重新启动，但无法反序列化持久化会话，并提示我再次登录。
反序列化错误引用了org.springframework.security.authentication.usernamepasswordauthenticationtoken的主体字段，在我的例子中是字符串。
详情见下文。
build.gradle：

plugins {
    id 'org.springframework.boot' version '2.4.5'
    id 'io.spring.dependency-management' version '1.0.11.RELEASE'
    id 'com.vaadin' version '20.0.2'
    id 'java'
    id 'war'
}

...

ext {
    set('vaadinVersion', "20.0.2")
}

...

dependencies {
    developmentOnly 'org.springframework.boot:spring-boot-devtools'
    providedRuntime 'org.springframework.boot:spring-boot-starter-tomcat'
    implementation 'com.vaadin:vaadin-spring-boot-starter'
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.boot:spring-boot-starter-security'

...
}

app.properties：

vaadin.servlet.productionMode=false
server.servlet.session.persistent=true
server.tomcat.basedir=/tmp
spring.devtools.restart.poll-interval=3s
spring.devtools.restart.quiet-period=2s

授权提供者：

...
@Override
public Authentication authenticate(Authentication authentication)
        throws AuthenticationException {
    String name = authentication.getName();
    String password = authentication.getCredentials().toString();
    authService.authenticate(name, password);
    List<GrantedAuthority> authorities = authService.getAuthorities(name);
    return new UsernamePasswordAuthenticationToken(name, password, authorities);
}

错误：
无法反序列化会话属性[com.vaadin.flow.server.vaadinsession.springservlet]
java.io.invalidclassexception:org.springframework.security.authentication.usernamepasswordauthenticationtoken；java.io.objectstreamclass.readnonproxy（objectstreamclass.java:807）处的字段主体描述符无效，java.io.objectinputstream.readclassdescriptor（objectinputstream.java:891）处的字段主体描述符无效，java.io.objectinputstream.readnonproxydesc（objectinputstream.java:1857）处的字段主体描述符无效java.io.objectinputstream.readclassdesc（objectinputstream.java:1751）~[na:1.8.0_202]位于java.io.objectinputstream.readordinaryobject（objectinputstream.java:2042）~[na:1.8.0_202]位于java.io.objectinputstream.ReadObjectInput0（objectinputstream.java:1573）~[na:1.8.0_202]位于java.io.objectinputstream.defaultreadfields（objectinputstream.java:2287）java.io.objectinputstream.readserialdata（objectinputstream.java:2211）上的~[na:1.8.0_202]java.io.objectinputstream.ReadOrderinaryObject（objectinputstream.java:2069）~[na:1.8.0_202]java.io.objectinputstream.readobject0（objectinputstream.java:1573）~[na:1.8.0_202]java.io.objectinputstream.readobject（objectinputstream.java:431）~[na:1.8.0202]位于org.apache.catalina.session.standardsession.doreadobject（standardsession.java:1587）~[tomcat-embed-core-9.0.45.jar:9.0.45]位于org.apache.catalina.session.standardsession.readobjectdata（standardsession.java:1040）~[tomcat-embed-core-9.0.45]org.apache.catalina.session.standardmanager.doload（standardmanager.java:218）~[tomcat-embed-core-9.0.45.jar:9.0.45]在org.apache.catalina.session.standardmanager.load（standardmanager.java:162）~[tomcat-embed-core-9.0.45]在org.apache.catalina.session.standardmanager.startinternal（standardmanager.java:354）~[tomcat-embed-core-9.0.45.jar:9.0.45]位于org.apache.catalina.util.lifecyclebase.start（lifecyclebase.java:183）[tomcat-embed-core-9.0.45.jar:9.0.45]位于org.apache.catalina.core.standardcontext.startinternal（standardcontext.java:5189）[-tomcat-embed-core-9.0.45][tomcat-embed-core-9.0.45.jar:9.0.45]在org.apache.catalina.core.containerbase$startchild.call（containerbase.java:1384）[tomcat-embed-core-9.0.45.jar:9.0.45]在org.apache.catalina.core.containerbase$startchild.call（containerbase.java:1374）[-tomcat-embed-core-core-9.0.45][na:1.8.0_202]在java.util.concurrent.futuretask.run（futuretask.java）[na:1.8.0_202]在org.apache.tomcat.util.threads.inlineexecutorservice.execute（inlineexecutorservice.java:75）[tomcat-embed-core-9.0.45.jar:9.0.45]在java.util.concurrent.abstractexecutorservice.submit（abstractexecutorservice.java:134）[:na:1.8.0202]在org.apache.catalina.core.containerbase.startinternal（containerbase.java:909）[tomcat-embed-core-9.0.45.jar:9.0.45]在org.apache.catalina.core.standardhost.startinternal（standardhost.java:843）[tomcat-embed-core-9.0.45.jar:9.0.45]在org.apache.catalina.util.util.lifecyclebase.start（lifeclebase.java:183）[]org.apache.catalina.core.containerbase$startchild.call（containerbase.java:1384）[tomcat-embed-core-9.0.45.jar:9.0.45]在org.apache.catalina.core.containerbase.core.containerbase$startchild.call（containerbase.java:1374）[tomcat-embed-core-9.0.45.jar:9.0.45]在java.util.concurrent.futuretask.futuretask.run$$capture（futuretask.java:266）[:na:1.8.0.0]java.util.concurrent.futuretask.run（futuretask.java）[na:1.8.0_202]位于org.apache.tomcat.util.threads.inlineexecutorservice.execute（inlineexecutorservice.java:75）[tomcat-embed-core-9.0.45.jar:9.0.45]位于java.util.concurrent.abstractexecutorservice.submit（abstractexecutorservice.java:134）[na:1.8.0_202]位于org.apache.catalina.core.containerbase.startinternal（containerbase.java:909）[tomcat-embed-core-9.0.45.jar:9.0.45]在org.apache.catalina.core.standardengine.startinternal（standardengine.java:262）[tomcat-embed-core-9.0.45.jar:9.0.45]在org.apache.catalina.util.util.lifecyclebase.start（lifecyclebase.java:183）[]org.apache.catalina.core.standardservice.startinternal（standardservice.java:433）[tomcat-embed-core-9.0.45.jar:9.0.45]位于org.apache.catalina.util.lifecyclebase.start（lifecyclebase.java:183）[tomcat-embed-core-9.0.45]位于org.apache.catalina.core.core.standardserver.startinternal（standardserver.java:930）[-tomcat-embed-core-9.0.45]org.apache.catalina.util.lifecyclebase.start（lifecyclebase.java:183）[tomcat-embed-core-9.0.45.jar:9.0.45]org.apache.catalina.startup.tomcat.start（tomcat.java:486）[tomcat-embed-core-9.0.45.jar:9.0.45]org.springframework.boot.web.embedded.tomcat.tomcatwebserver.initialize（tomcatwebserver.java:123）[-spring-boot-2.4.5.jar:2.4.5]