I forgot to report back previously, but I was able to get this working. I posted details in my blog: http://tauren.com/2013/01/decrypt-java-shiro-rememberme-cookie-in-node-js-express-app/
Maybe this will prove helpful to someone in the future. I'm certainly open to any improvements or suggestions. Thanks for all the help Les! Tauren On Tue, Jan 15, 2013 at 9:21 AM, Les Hazlewood <[email protected]>wrote: > > Basically, all I need is some way to extract the user name or user ID from >> the cookie. The output above should contain the ID number 1834 somewhere, >> but I really don't want to write a Java object deserializer in Javascript! >> (Although, if I did, this might be useful: >> http://docs.oracle.com/javase/6/docs/platform/serialization/spec/protocol.html >> ) >> >> Any suggestions? I don't think writing a custom Serializer that only >> saves the User ID would work, since Shiro is expecting to deserialize the >> entire PrincipalsCollection data. >> > > Hi Tauren, > > Shiro does not use its XMLSerializer by default because the XMLSerializer > _only_ serializes/deserializes JavaBean object graphs - i.e. every object > has a default no-arg constructor and public getter/setters to read/set > properties (it uses the java.beans.XMLEncoder and java.beans.XMLDecoder > classes in its implementation). > > Since Shiro can't know if the objects in a PrincipalCollection are all > guaranteed to be beans, it defaults to the DefaultSerializer, which will > work in any Java environment (i.e. it's 'safer' as a default). > > But that doesn't mean you can't use it. If you can be assured that every > object you (or your realms) adds to the PrincipalCollection is a bean (or I > think a primitive), the XMLSerializer will work fine. > > But if for some reason that won't work, then the best bet is to create a > Serializer implementation for which you have a parallel implementation in > JavaScript (this is after all why we created a separate interface for this > instead of hard-coding serialization logic in the RememberMeManager > implementation ;)). > > HTH, > > -- > Les Hazlewood | @lhazlewood > CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 > Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk >
