[
https://issues.apache.org/jira/browse/SHIRO-767?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francois Papon resolved SHIRO-767.
----------------------------------
Resolution: Fixed
> org.apache.shiro.util.ClassUtil cannot load the array of Primitive DataType
> when use undertown as web container
> ---------------------------------------------------------------------------------------------------------------
>
> Key: SHIRO-767
> URL: https://issues.apache.org/jira/browse/SHIRO-767
> Project: Shiro
> Issue Type: Bug
> Components: RememberMe
> Affects Versions: 1.5.2
> Reporter: madongyu
> Assignee: Benjamin Marwell
> Priority: Minor
> Fix For: 2.0.0, 1.6.1
>
> Attachments: image-2020-05-06-11-40-55-592.png
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> I used Spring boot to build an web project, when i replaced the web container
> with undertow, i found that the remeberMe cookie cannot be deserialized
> successful.
> But when i used tomcat , the cookie can be deserialized.
> I found that when using tomcat, the function --
> {color:#de350b}ClassUtil.forName(String fqcn) can load the class [C{color}
> (Primitive DataType) , {color:#172b4d}but undertow cannot{color}.
> When using tomcat,the THREAD_CL_ACCESSOR is
> {color:#de350b}TomcatEmbeddedWebappClassLoader {color}which can load
> Primitive DataType.
> When using undertow,the {color:#de350b}THREAD_CL_ACCESSOR{color} is
> {color:#de350b}AppClassLoader {color}which cannot load Primitive DataType.
> Beacase classLoder(AppClassLoader).loadClass() cannot load Primitive
> DataType, i think that it would be better to use the function –
> {color:#de350b}Class.forName(){color} to load class.
> such as : {color:#de350b}clazz = Class.forName(fqcn,false,cl); {color}
> {code:java}
> /**
> * @since 1.0
> */
> private static abstract class ExceptionIgnoringAccessor implements
> ClassLoaderAccessor {
> public Class loadClass(String fqcn) {
> Class clazz = null;
> ClassLoader cl = getClassLoader();
> if (cl != null) {
> try {
> // replace cl.loadClass(fqcn)
> clazz = Class.forName(fqcn,false,cl);
> } catch (ClassNotFoundException e) {
> if (log.isTraceEnabled()) {
> log.trace("Unable to load clazz named [" + fqcn + "] from
> class loader [" + cl + "]");
> }
> }
> }
> return clazz;
> }
> //...
> }
> {code}
>
>
> This is a demo to reproduce the error:[https://github.com/ddddyyyy/shiro-demo]
>
> {quote}the exception stack when the cookie deserialized failed on undertow
> {quote}
> {code:java}
> 2020-05-06 12:45:45.332 WARN 23162 --- [ XNIO-1 task-5]
> o.a.shiro.mgt.DefaultSecurityManager : Delegate RememberMeManager
> instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an
> exception during getRememberedPrincipals().
> org.apache.shiro.io.SerializationException: Unable to deserialize argument
> byte array.
> at
> org.apache.shiro.io.DefaultSerializer.deserialize(DefaultSerializer.java:82)
> ~[shiro-core-1.5.2.jar:1.5.2]
> at
> org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:507)
> ~[shiro-core-1.5.2.jar:1.5.2]
> at
> org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:421)
> ~[shiro-core-1.5.2.jar:1.5.2]
> at
> org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:386)
> ~[shiro-core-1.5.2.jar:1.5.2]
> at
> org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:613)
> [shiro-core-1.5.2.jar:1.5.2]
> at
> org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:501)
> [shiro-core-1.5.2.jar:1.5.2]
> at
> org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:347)
> [shiro-core-1.5.2.jar:1.5.2]
> at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:845)
> [shiro-core-1.5.2.jar:1.5.2]
> at
> org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
> [shiro-web-1.5.2.jar:1.5.2]
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
> [shiro-web-1.5.2.jar:1.5.2]
> at
> org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
> [shiro-web-1.5.2.jar:1.5.2]
> at
> org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
> [shiro-web-1.5.2.jar:1.5.2]
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
> [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
> [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
> [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
> [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:94)
> [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
> [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
> [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
> [spring-web-5.1.13.RELEASE.jar:5.1.13.RELEASE]
> at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> [undertow-core-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> [undertow-core-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> [undertow-core-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> [undertow-core-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> [undertow-core-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> [undertow-core-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
> [undertow-servlet-2.0.29.Final.jar:2.0.29.Final]
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:376)
> [undertow-core-2.0.29.Final.jar:2.0.29.Final]
> at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
> [undertow-core-2.0.29.Final.jar:2.0.29.Final]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> [na:1.8.0_231]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> [na:1.8.0_231]
> at java.lang.Thread.run(Thread.java:748) [na:1.8.0_231]Caused by:
> java.io.StreamCorruptedException: invalid type code: 00
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1601)
> ~[na:1.8.0_231]
> at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1950)
> ~[na:1.8.0_231]
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1567)
> ~[na:1.8.0_231]
> at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431)
> ~[na:1.8.0_231]
> at java.util.HashSet.readObject(HashSet.java:341) ~[na:1.8.0_231]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.8.0_231]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[na:1.8.0_231]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.8.0_231]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_231]
> at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1170)
> ~[na:1.8.0_231]
> at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2178)
> ~[na:1.8.0_231]
> at
> java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2069)
> ~[na:1.8.0_231]
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1573)
> ~[na:1.8.0_231]
> at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431)
> ~[na:1.8.0_231]
> at java.util.HashMap.readObject(HashMap.java:1412) ~[na:1.8.0_231]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.8.0_231]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[na:1.8.0_231]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.8.0_231]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_231]
> at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1170)
> ~[na:1.8.0_231]
> at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2178)
> ~[na:1.8.0_231]
> at
> java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2069)
> ~[na:1.8.0_231]
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1573)
> ~[na:1.8.0_231]
> at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2287)
> ~[na:1.8.0_231]
> at java.io.ObjectInputStream.defaultReadObject(ObjectInputStream.java:561)
> ~[na:1.8.0_231]
> at
> org.apache.shiro.subject.SimplePrincipalCollection.readObject(SimplePrincipalCollection.java:295)
> ~[shiro-core-1.5.2.jar:1.5.2]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.8.0_231]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[na:1.8.0_231]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.8.0_231]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_231]
> at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1170)
> ~[na:1.8.0_231]
> at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2178)
> ~[na:1.8.0_231]
> at
> java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2069)
> ~[na:1.8.0_231]
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1573)
> ~[na:1.8.0_231]
> at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431)
> ~[na:1.8.0_231]
> at
> org.apache.shiro.io.DefaultSerializer.deserialize(DefaultSerializer.java:77)
> ~[shiro-core-1.5.2.jar:1.5.2]
> ... 58 common frames omitted
> {code}
>
>
>
> [classLoder|http://dict.youdao.com/search?q=classLoder&keyfrom=chrome.extension]
>
> [详细|http://www.youdao.com/search?q=classLoder&ue=utf8&keyfrom=chrome.extension]X
> 没有英汉互译结果
>
> [请尝试网页搜索|http://www.youdao.com/search?q=classLoder&ue=utf8&keyfrom=chrome.extension]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
