Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-182

SimpleSession cannot be deserialized

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.0
    • Fix Version/s: 1.1.0
    • Labels:
      None
    • Environment:
      Linux 2.6.34 x86_64
      java version "1.5.0_12"
      Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04)
      Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_12-b04, mixed mode)

      Description

      org.apache.shiro.session.mgt.SimpleSession fails deserialization with the following error:

      at java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2666)
      at java.io.ObjectInputStream$BlockDataInputStream.readUTFChar(ObjectInputStream.java:3058)
      at java.io.ObjectInputStream$BlockDataInputStream.readUTFBody(ObjectInputStream.java:2955)
      at java.io.ObjectInputStream$BlockDataInputStream.readUTF(ObjectInputStream.java:2764)
      at java.io.ObjectInputStream.readUTF(ObjectInputStream.java:1032)
      at org.apache.shiro.session.mgt.SimpleSession.readObject(SimpleSession.java:481)

      There is a problem with the way the 'expired' flag is managed. In writeObject the 'expired' flag is written if it's set:

      if (expired) {
      out.writeBoolean(expired);
      }

      But, in getAlteredFieldsBitMask, the bit in the bit mask is only set when the 'exprired' flag is not set:

      bitMask = !expired ? bitMask | EXPIRED_BIT_MASK : bitMask;

      A short test:

      SimpleSession session = new SimpleSession("localhost");
      // This doesn't work either
      // session.setExpired(true);
      ByteArrayOutputStream serialized = new ByteArrayOutputStream();
      ObjectOutputStream serializer = new ObjectOutputStream(serialized);
      serializer.writeObject(session);
      serializer.close();
      new ObjectInputStream(new ByteArrayInputStream(serialized.toByteArray())).readObject();

        Attachments

          Activity

            People

            • Assignee:
              kaosko Kalle Korhonen
              Reporter:
              fdemarco Favio D. DeMarco
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: