I'm using Shiro with Grails, for Single Sign On and shared sessions, with Redis as a backing store. It's working fine for most stuff, but there's a little problem I've run into which I would hope to be able to work around, although I'm wondering if it might be unavoidable.
I have two applications, let's call them myapp1 and myapp2, sharing sessions, so that when I am authenticated in myapp1 I can store a string value, say, in the session, switch to myapp2 without having to sign in, and then retrieve the value from the session. With strings, etc., and any classes which are defined in both applications, this works fine. Let's say I have a serializable class called Policy in myapp1, though, which is not present in myapp2. I can store a Policy object in the session in myapp1, but as soon as i switch to myapp2 an exception is thrown because of the missing class, without my having made any attempt to retrieve this Policy object from the session. That is, merely loading the shared session in myapp2 is enough to cause the problem. I'm wondering whether this is something I may be able to do something about - if so what? Or is it intrinsic? In the meantime I'm actually marshalling the domain objects in question to JSON and storing them as JSON strings in the session (and unmarshalling them back to Java classes, of course). This is workable but an extra step I'd prefer to avoid if I could.
