Shiro
  1. Shiro
  2. SHIRO-334

DefaultSerializer does not load classes from the ContextClassLoader, causing RememberMe to not work

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.0, 1.2.0, 1.3.0, 2.0.0
    • Fix Version/s: 1.2.0
    • Labels:
      None
    • Environment:
      JEE Server (Glassfish) where Shiro JAR files are not in the same ClassLoader as the Application JARs

      Description

      RememberMe functionality does not work because Shiro is in a different class loader than the RememberMe serializable class,

      The only thing that needs to change is the resolveClass() function,
      and it should use Thread.currentThread().getContextClassLoader().loadClass() to load the class,
      as that works in all cases and all class loader configurations.

      I fixed this in my code by overriding DefaultSerializer, but this should be the default behavior:

      private static class Serialize<T> extends DefaultSerializer<T>
      {
      @Override
      public T deserialize(byte[] serialized) throws SerializationException
      {
      if (serialized == null)

      { String msg = "argument cannot be null."; throw new IllegalArgumentException(msg); }

      ByteArrayInputStream bais = new ByteArrayInputStream(serialized);
      BufferedInputStream bis = new BufferedInputStream(bais);
      try
      {
      ObjectInputStream ois = new ObjectInputStream(bis)
      {
      @Override
      public Class resolveClass(ObjectStreamClass desc) throws ClassNotFoundException

      { // ************ THIS IS THE LINE THAT WAS CHANGED ******************** return Thread.currentThread().getContextClassLoader().loadClass(desc.getName()); }

      };
      @SuppressWarnings(

      {"unchecked"}

      )
      T deserialized = (T) ois.readObject();
      ois.close();
      return deserialized;
      } catch (Exception e)

      { String msg = "Unable to deserialze argument byte array."; throw new SerializationException(msg, e); }

      }
      }

        Activity

          People

          • Assignee:
            Les Hazlewood
            Reporter:
            Lenny Primak
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development