[jira] [Created] (SHIRO-334) DefaultSerializer does not load classes from the ContextClassLoader, causing RememberMe to not work

Wed, 14 Dec 2011 09:34:01 -0800 

DefaultSerializer does not load classes from the ContextClassLoader, causing 
RememberMe to not work
---------------------------------------------------------------------------------------------------

                 Key: SHIRO-334
                 URL: https://issues.apache.org/jira/browse/SHIRO-334
             Project: Shiro
          Issue Type: Bug
          Components: Authentication (log-in)
    Affects Versions: 1.1.0, 1.2.0, 1.3.0, 2.0.0
         Environment: JEE Server (Glassfish) where Shiro JAR files are not in 
the same ClassLoader as the Application JARs
            Reporter: Lenny Primak


RememberMe functionality does not work because Shiro is in a different class 
loader than the RememberMe serializable class,

The only thing that needs to change is the resolveClass() function,
and it should use Thread.currentThread().getContextClassLoader().loadClass() to 
load the class,
as that works in all cases and all class loader configurations.

I fixed this in my code by overriding DefaultSerializer, but this should be the 
default behavior:

    private static class Serialize<T> extends DefaultSerializer<T> 
    {
        @Override
        public T deserialize(byte[] serialized) throws SerializationException
        {
            if (serialized == null)
            {
                String msg = "argument cannot be null.";
                throw new IllegalArgumentException(msg);
            }
            ByteArrayInputStream bais = new ByteArrayInputStream(serialized);
            BufferedInputStream bis = new BufferedInputStream(bais);
            try
            {
                ObjectInputStream ois = new ObjectInputStream(bis)
                {
                    @Override
                    public Class resolveClass(ObjectStreamClass desc) throws 
ClassNotFoundException
                    {
                        // ************ THIS IS THE LINE THAT WAS CHANGED 
********************
                        return 
Thread.currentThread().getContextClassLoader().loadClass(desc.getName());
                    }
                };
                @SuppressWarnings({"unchecked"})
                T deserialized = (T) ois.readObject();
                ois.close();
                return deserialized;
            } catch (Exception e)
            {
                String msg = "Unable to deserialze argument byte array.";
                throw new SerializationException(msg, e);
            }
        }
    }    


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to