We can work around the issue by marking all Subject injection points in our code as transient for now.. But if supporting as wide as possible a range of different uses and architectures, is stopping implementation of Serializable at DelegatingSubject level too strict?
Looking forwards to 1.2 release - I know it's been quite close for some time now. Martin -----Original Message----- From: Kalle Korhonen [mailto:[email protected]] Sent: 09 January 2012 16:22 To: [email protected] Subject: Re: DelegatingSubject Serializable change breaks CDI use of Subject On Mon, Jan 9, 2012 at 4:55 AM, Martin Dixon <[email protected]> wrote: > We are using CDI in our application along with Shiro, injecting the > Shiro Subject into the application security layer where needed. This > Shiro change that was committed over the weekend and is in the latest > SNAPSHOT artefact has broken the security layer in our application: > SHIRO-323: removed Serializable from the implements clause > (DelegatingSubjects are not really intended to be used across vm > boundaries) This breaks our injection of the Shiro Subject due to WELD > constraints: > But I see SHIRO-323 change removed Serialisable from DelegatingSubject > class. > I have two questions - firstly, is this an unintended consequence of > the > SHIRO-323 change or is there a problem with the way I am injecting the > Shiro Subject? If unintended consequence, is this a change that could > be rolled back? Thanks for using the snapshots and thanks for reporting. This is certainly serious enough to consider rolling the change back, but perhaps there's a way to make an additional change so the delegatingsubject wouldn't be considered for serialization. I haven't looked into the whole issue yet, but stay active to follow through and we'll likely get it fixed satisfactorily to you and all the interested parties. If you hadn't been using the snapshots, it's quite possible the issue would have gone into the release unnoticed. > Secondly - I'd really like to swap from using SNAPSHOT versions to a > stable Shiro 1.2 release. We are using latest SNAPSHOT version due to > problems with Shiro 1.1.0 that were fixed in later versions. Could > anyone provide an update on a 1.2 release date? Very, very few open source projects provide release dates. However, 1.2 is due for release soon, in a few weeks. Kalle
