SimpleSession cannot be deserialized
------------------------------------
Key: SHIRO-182
URL: https://issues.apache.org/jira/browse/SHIRO-182
Project: Shiro
Issue Type: Bug
Environment: Linux 2.6.34 x86_64
java version "1.5.0_12"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04)
Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_12-b04, mixed mode)
Reporter: Favio D. DeMarco
org.apache.shiro.session.mgt.SimpleSession fails deserialization with the
following error:
at
java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2666)
at
java.io.ObjectInputStream$BlockDataInputStream.readUTFChar(ObjectInputStream.java:3058)
at
java.io.ObjectInputStream$BlockDataInputStream.readUTFBody(ObjectInputStream.java:2955)
at
java.io.ObjectInputStream$BlockDataInputStream.readUTF(ObjectInputStream.java:2764)
at java.io.ObjectInputStream.readUTF(ObjectInputStream.java:1032)
at
org.apache.shiro.session.mgt.SimpleSession.readObject(SimpleSession.java:481)
There is a problem with the way the 'expired' flag is managed. In writeObject
the 'expired' flag is written if it's set:
if (expired) {
out.writeBoolean(expired);
}
But, in getAlteredFieldsBitMask, the bit in the bit mask is only set when the
'exprired' flag is not set:
bitMask = !expired ? bitMask | EXPIRED_BIT_MASK : bitMask;
A short test:
SimpleSession session = new SimpleSession("localhost");
// This doesn't work either
// session.setExpired(true);
ByteArrayOutputStream serialized = new ByteArrayOutputStream();
ObjectOutputStream serializer = new ObjectOutputStream(serialized);
serializer.writeObject(session);
serializer.close();
new ObjectInputStream(new
ByteArrayInputStream(serialized.toByteArray())).readObject();
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
