Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
1.5.2
-
None
Description
I used Spring boot to build an web project, when i replaced the web container with undertow, i found that the remeberMe cookie cannot be deserialized successful.
But when i used tomcat , the cookie can be deserialized.
I found that when using tomcat, the function -- ClassUtil.forName(String fqcn) can load the class [C (Primitive DataType) , but undertow cannot.
When using tomcat,the THREAD_CL_ACCESSOR is TomcatEmbeddedWebappClassLoader which can load Primitive DataType.
When using undertow,the THREAD_CL_ACCESSOR is AppClassLoader which cannot load Primitive DataType.
Beacase classLoder(AppClassLoader).loadClass() cannot load Primitive DataType, i think that it would be better to use the function – Class.forName() to load class.
such as : clazz = Class.forName(fqcn,false,cl);
/** * @since 1.0 */ private static abstract class ExceptionIgnoringAccessor implements ClassLoaderAccessor { public Class loadClass(String fqcn) { Class clazz = null; ClassLoader cl = getClassLoader(); if (cl != null) { try { // replace cl.loadClass(fqcn) clazz = Class.forName(fqcn,false,cl); } catch (ClassNotFoundException e) { if (log.isTraceEnabled()) { log.trace("Unable to load clazz named [" + fqcn + "] from class loader [" + cl + "]"); } } } return clazz; } //... }
This is a demo to reproduce the error:https://github.com/ddddyyyy/shiro-demo
the exception stack when the cookie deserialized failed on undertow
2020-05-06 12:45:45.332 WARN 23162 --- [ XNIO-1 task-5] o.a.shiro.mgt.DefaultSecurityManager : Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals(). org.apache.shiro.io.SerializationException: Unable to deserialize argument byte array. at org.apache.shiro.io.DefaultSerializer.deserialize(DefaultSerializer.java:82) ~[shiro-core-1.5.2.jar:1.5.2] at org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:507) ~[shiro-core-1.5.2.jar:1.5.2] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:421) ~[shiro-core-1.5.2.jar:1.5.2] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:386) ~[shiro-core-1.5.2.jar:1.5.2] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:613) [shiro-core-1.5.2.jar:1.5.2] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:501) [shiro-core-1.5.2.jar:1.5.2] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:347) [shiro-core-1.5.2.jar:1.5.2] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:845) [shiro-core-1.5.2.jar:1.5.2] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) [shiro-web-1.5.2.jar:1.5.2] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) [shiro-web-1.5.2.jar:1.5.2] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) [shiro-web-1.5.2.jar:1.5.2] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.5.2.jar:1.5.2] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:94) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE] at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.0.29.Final.jar:2.0.29.Final] at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-2.0.29.Final.jar:2.0.29.Final] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.0.29.Final.jar:2.0.29.Final] at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99) [undertow-servlet-2.0.29.Final.jar:2.0.29.Final] at io.undertow.server.Connectors.executeRootHandler(Connectors.java:376) [undertow-core-2.0.29.Final.jar:2.0.29.Final] at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-2.0.29.Final.jar:2.0.29.Final] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_231] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_231] at java.lang.Thread.run(Thread.java:748) [na:1.8.0_231]Caused by: java.io.StreamCorruptedException: invalid type code: 00 at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1601) ~[na:1.8.0_231] at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1950) ~[na:1.8.0_231] at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567) ~[na:1.8.0_231] at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431) ~[na:1.8.0_231] at java.util.HashSet.readObject(HashSet.java:341) ~[na:1.8.0_231] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_231] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_231] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_231] at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_231] at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1170) ~[na:1.8.0_231] at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2178) ~[na:1.8.0_231] at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2069) ~[na:1.8.0_231] at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1573) ~[na:1.8.0_231] at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431) ~[na:1.8.0_231] at java.util.HashMap.readObject(HashMap.java:1412) ~[na:1.8.0_231] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_231] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_231] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_231] at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_231] at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1170) ~[na:1.8.0_231] at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2178) ~[na:1.8.0_231] at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2069) ~[na:1.8.0_231] at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1573) ~[na:1.8.0_231] at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2287) ~[na:1.8.0_231] at java.io.ObjectInputStream.defaultReadObject(ObjectInputStream.java:561) ~[na:1.8.0_231] at org.apache.shiro.subject.SimplePrincipalCollection.readObject(SimplePrincipalCollection.java:295) ~[shiro-core-1.5.2.jar:1.5.2] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_231] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_231] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_231] at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_231] at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1170) ~[na:1.8.0_231] at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2178) ~[na:1.8.0_231] at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2069) ~[na:1.8.0_231] at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1573) ~[na:1.8.0_231] at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431) ~[na:1.8.0_231] at org.apache.shiro.io.DefaultSerializer.deserialize(DefaultSerializer.java:77) ~[shiro-core-1.5.2.jar:1.5.2] ... 58 common frames omitted
classLoder 详细X
没有英汉互译结果
请尝试网页搜索
Attachments
Attachments
Issue Links
- links to