steinarb opened a new issue, #2083: URL: https://github.com/apache/shiro/issues/2083
### Search before asking - [x] I had searched in the [issues](https://github.com/apache/shiro/issues?q=is%3Aissue) and found no similar issues. ### Environment Apache karaf 4.4.7, Java 21.0.4+8-LTS-274, debian 12.10 "bookworm", amd64 ### Shiro version Shiro 2.0.2 ### What was the actual outcome? When restoring rememberme sessions I get the following stack traces in the log: ``` 2025-04-12T21:00:38,643 | WARN | qtp1776555921-646 | DefaultSecurityManager | 199 - org.apache.shiro.core - 2.0.2 | Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals(). org.apache.shiro.lang.io.SerializationException: Unable to deserialize argument byte array. at org.apache.shiro.lang.io.DefaultSerializer.deserialize(DefaultSerializer.java:90) ~[!/:2.0.2] at org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:523) ~[!/:2.0.2] at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:436) ~[!/:2.0.2] at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:399) ~[!/:2.0.2] at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:618) ~[!/:2.0.2] at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:506) ~[!/:2.0.2] at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:350) ~[!/:2.0.2] at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:844) ~[!/:2.0.2] at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) ~[!/:2.0.2] at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:306) ~[!/:2.0.2] at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:374) ~[!/:2.0.2] at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:156) ~[!/:2.0.2] at org.ops4j.pax.web.service.spi.servlet.OsgiInitializedFilter.doFilter(OsgiInitializedFilter.java:176) ~[!/:?] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201) ~[!/:9.4.57.v20241219] at org.ops4j.pax.web.service.jetty.internal.PaxWebFilterHolder.doFilter(PaxWebFilterHolder.java:208) ~[!/:?] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[!/:9.4.57.v20241219] at org.ops4j.pax.web.service.spi.servlet.OsgiFilterChain.doFilter(OsgiFilterChain.java:113) ~[!/:?] at org.ops4j.pax.web.service.jetty.internal.PaxWebServletHandler.doHandle(PaxWebServletHandler.java:334) ~[!/:?] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234) ~[!/:9.4.57.v20241219] at org.ops4j.pax.web.service.jetty.internal.PrioritizedHandlerCollection.handle(PrioritizedHandlerCollection.java:96) ~[!/:?] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) ~[!/:9.4.57.v20241219] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) ~[!/:9.4.57.v20241219] at java.lang.Thread.run(Thread.java:1583) [?:?] Caused by: java.lang.ClassNotFoundException: Unable to load ObjectStreamClass [org.apache.shiro.subject.SimplePrincipalCollection: static final long serialVersionUID = -6305224034025797558L;]: at org.apache.shiro.lang.io.ClassResolvingObjectInputStream.resolveClass(ClassResolvingObjectInputStream.java:55) ~[!/:2.0.2] at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2061) ~[?:?] at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1927) ~[?:?] at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2252) ~[?:?] at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1762) ~[?:?] at java.io.ObjectInputStream.readObject(ObjectInputStream.java:540) ~[?:?] at java.io.ObjectInputStream.readObject(ObjectInputStream.java:498) ~[?:?] at org.apache.shiro.lang.io.DefaultSerializer.deserialize(DefaultSerializer.java:85) ~[!/:2.0.2] ... 44 more Caused by: org.apache.shiro.lang.util.UnknownClassException: Unable to load class named [org.apache.shiro.subject.SimplePrincipalCollection] from the thread context, current, or system/application ClassLoaders. All heuristics have been exhausted. Class could not be found. at org.apache.shiro.lang.util.ClassUtils.forName(ClassUtils.java:179) ~[!/:2.0.2] at org.apache.shiro.lang.io.ClassResolvingObjectInputStream.resolveClass(ClassResolvingObjectInputStream.java:53) ~[!/:2.0.2] at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2061) ~[?:?] at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1927) ~[?:?] at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2252) ~[?:?] at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1762) ~[?:?] at java.io.ObjectInputStream.readObject(ObjectInputStream.java:540) ~[?:?] at java.io.ObjectInputStream.readObject(ObjectInputStream.java:498) ~[?:?] at org.apache.shiro.lang.io.DefaultSerializer.deserialize(DefaultSerializer.java:85) ~[!/:2.0.2] ... 44 more ``` ### What was the expected outcome? No errors on rememberme restore. ### How to reproduce Run an application that uses shiro rememberme shiro on an OSGi platform ### Debug logs _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@shiro.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@shiro.apache.org For additional commands, e-mail: issues-h...@shiro.apache.org
