> Basically, all I need is some way to extract the user name or user ID from > the cookie. The output above should contain the ID number 1834 somewhere, > but I really don't want to write a Java object deserializer in Javascript! > (Although, if I did, this might be useful: > http://docs.oracle.com/javase/6/docs/platform/serialization/spec/protocol.html > ) > > Any suggestions? I don't think writing a custom Serializer that only saves > the User ID would work, since Shiro is expecting to deserialize the entire > PrincipalsCollection data. >
Hi Tauren, Shiro does not use its XMLSerializer by default because the XMLSerializer _only_ serializes/deserializes JavaBean object graphs - i.e. every object has a default no-arg constructor and public getter/setters to read/set properties (it uses the java.beans.XMLEncoder and java.beans.XMLDecoder classes in its implementation). Since Shiro can't know if the objects in a PrincipalCollection are all guaranteed to be beans, it defaults to the DefaultSerializer, which will work in any Java environment (i.e. it's 'safer' as a default). But that doesn't mean you can't use it. If you can be assured that every object you (or your realms) adds to the PrincipalCollection is a bean (or I think a primitive), the XMLSerializer will work fine. But if for some reason that won't work, then the best bet is to create a Serializer implementation for which you have a parallel implementation in JavaScript (this is after all why we created a separate interface for this instead of hard-coding serialization logic in the RememberMeManager implementation ;)). HTH, -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk
