On Mon, Jan 9, 2012 at 4:55 AM, Martin Dixon <[email protected]> wrote: > We are using CDI in our application along with Shiro, injecting the Shiro > Subject into the application security layer where needed. This Shiro change > that was committed over the weekend and is in the latest SNAPSHOT artefact > has broken the security layer in our application: > SHIRO-323: removed Serializable from the implements clause > (DelegatingSubjects are not really intended to be used across vm boundaries) > This breaks our injection of the Shiro Subject due to WELD constraints: > But I see SHIRO-323 change removed Serialisable from DelegatingSubject > class. > I have two questions ā firstly, is this an unintended consequence of the > SHIRO-323 change or is there a problem with the way I am injecting the Shiro > Subject? If unintended consequence, is this a change that could be rolled > back?
Thanks for using the snapshots and thanks for reporting. This is certainly serious enough to consider rolling the change back, but perhaps there's a way to make an additional change so the delegatingsubject wouldn't be considered for serialization. I haven't looked into the whole issue yet, but stay active to follow through and we'll likely get it fixed satisfactorily to you and all the interested parties. If you hadn't been using the snapshots, it's quite possible the issue would have gone into the release unnoticed. > Secondly ā Iād really like to swap from using SNAPSHOT versions to a stable > Shiro 1.2 release. We are using latest SNAPSHOT version due to problems with > Shiro 1.1.0 that were fixed in later versions. Could anyone provide an > update on a 1.2 release date? Very, very few open source projects provide release dates. However, 1.2 is due for release soon, in a few weeks. Kalle
