Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.1.0, 1.2.0, 1.3.0, 2.0.0-alpha
-
None
-
JEE Server (Glassfish) where Shiro JAR files are not in the same ClassLoader as the Application JARs
Description
RememberMe functionality does not work because Shiro is in a different class loader than the RememberMe serializable class,
The only thing that needs to change is the resolveClass() function,
and it should use Thread.currentThread().getContextClassLoader().loadClass() to load the class,
as that works in all cases and all class loader configurations.
I fixed this in my code by overriding DefaultSerializer, but this should be the default behavior:
private static class Serialize<T> extends DefaultSerializer<T>
{
@Override
public T deserialize(byte[] serialized) throws SerializationException
{
if (serialized == null)
ByteArrayInputStream bais = new ByteArrayInputStream(serialized);
BufferedInputStream bis = new BufferedInputStream(bais);
try
{
ObjectInputStream ois = new ObjectInputStream(bis)
{
@Override
public Class resolveClass(ObjectStreamClass desc) throws ClassNotFoundException
};
@SuppressWarnings(
)
T deserialized = (T) ois.readObject();
ois.close();
return deserialized;
} catch (Exception e)
}
}