You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Les Hazlewood (Created) (JIRA)" <ji...@apache.org> on 2011/09/28 00:06:45 UTC
[jira] [Created] (SHIRO-325)
org.apache.shiro.session.mgt.SimpleSession serializes fields twice
org.apache.shiro.session.mgt.SimpleSession serializes fields twice
------------------------------------------------------------------
Key: SHIRO-325
URL: https://issues.apache.org/jira/browse/SHIRO-325
Project: Shiro
Issue Type: Bug
Components: Session Management
Affects Versions: 1.1.0, 1.0.0
Reporter: Les Hazlewood
Assignee: Les Hazlewood
Fix For: 1.2.0
SimpleSession serializes fields twice - once via the 'writeObject' implementations' call to out.writeDefaultObject(), and again via the custom bitmask-based serialization that follows it.
The internal fields should be marked as transient to prevent this. out.writeDefaultObject should still be called for JVM security reasons, but SimpleSession's custom field-based serialization is more efficient so it should be retained. The solution is to mark all custom-serialized fields as transient.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SHIRO-325) SimpleSession serializes fields twice
Posted by "Les Hazlewood (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood updated SHIRO-325:
--------------------------------
Description:
org.apache.shiro.session.mgt.SimpleSession serializes fields twice - once via the 'writeObject' implementations' call to out.writeDefaultObject(), and again via the custom bitmask-based serialization that follows it.
The internal fields should be marked as transient to prevent this. out.writeDefaultObject should still be called for JVM security reasons, but SimpleSession's custom field-based serialization is more efficient so it should be retained. The solution is to mark all custom-serialized fields as transient.
was:
SimpleSession serializes fields twice - once via the 'writeObject' implementations' call to out.writeDefaultObject(), and again via the custom bitmask-based serialization that follows it.
The internal fields should be marked as transient to prevent this. out.writeDefaultObject should still be called for JVM security reasons, but SimpleSession's custom field-based serialization is more efficient so it should be retained. The solution is to mark all custom-serialized fields as transient.
Summary: SimpleSession serializes fields twice (was: org.apache.shiro.session.mgt.SimpleSession serializes fields twice)
> SimpleSession serializes fields twice
> -------------------------------------
>
> Key: SHIRO-325
> URL: https://issues.apache.org/jira/browse/SHIRO-325
> Project: Shiro
> Issue Type: Bug
> Components: Session Management
> Affects Versions: 1.0.0, 1.1.0
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.2.0
>
>
> org.apache.shiro.session.mgt.SimpleSession serializes fields twice - once via the 'writeObject' implementations' call to out.writeDefaultObject(), and again via the custom bitmask-based serialization that follows it.
> The internal fields should be marked as transient to prevent this. out.writeDefaultObject should still be called for JVM security reasons, but SimpleSession's custom field-based serialization is more efficient so it should be retained. The solution is to mark all custom-serialized fields as transient.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (SHIRO-325) SimpleSession serializes fields twice
Posted by "Les Hazlewood (Closed) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood closed SHIRO-325.
-------------------------------
Closing with the 1.2.0 release.
> SimpleSession serializes fields twice
> -------------------------------------
>
> Key: SHIRO-325
> URL: https://issues.apache.org/jira/browse/SHIRO-325
> Project: Shiro
> Issue Type: Bug
> Components: Session Management
> Affects Versions: 1.0.0, 1.1.0
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.2.0
>
>
> org.apache.shiro.session.mgt.SimpleSession serializes fields twice - once via the 'writeObject' implementations' call to out.writeDefaultObject(), and again via the custom bitmask-based serialization that follows it.
> The internal fields should be marked as transient to prevent this. out.writeDefaultObject should still be called for JVM security reasons, but SimpleSession's custom field-based serialization is more efficient so it should be retained. The solution is to mark all custom-serialized fields as transient.
> Discussion thread here: http://mail-archives.apache.org/mod_mbox/shiro-user/201109.mbox/%3C4E81BCBD.8060909@metaphysis.net%3E
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SHIRO-325) SimpleSession serializes fields twice
Posted by "Les Hazlewood (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood updated SHIRO-325:
--------------------------------
Description:
org.apache.shiro.session.mgt.SimpleSession serializes fields twice - once via the 'writeObject' implementations' call to out.writeDefaultObject(), and again via the custom bitmask-based serialization that follows it.
The internal fields should be marked as transient to prevent this. out.writeDefaultObject should still be called for JVM security reasons, but SimpleSession's custom field-based serialization is more efficient so it should be retained. The solution is to mark all custom-serialized fields as transient.
Discussion thread here: http://mail-archives.apache.org/mod_mbox/shiro-user/201109.mbox/%3C4E81BCBD.8060909@metaphysis.net%3E
was:
org.apache.shiro.session.mgt.SimpleSession serializes fields twice - once via the 'writeObject' implementations' call to out.writeDefaultObject(), and again via the custom bitmask-based serialization that follows it.
The internal fields should be marked as transient to prevent this. out.writeDefaultObject should still be called for JVM security reasons, but SimpleSession's custom field-based serialization is more efficient so it should be retained. The solution is to mark all custom-serialized fields as transient.
> SimpleSession serializes fields twice
> -------------------------------------
>
> Key: SHIRO-325
> URL: https://issues.apache.org/jira/browse/SHIRO-325
> Project: Shiro
> Issue Type: Bug
> Components: Session Management
> Affects Versions: 1.0.0, 1.1.0
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.2.0
>
>
> org.apache.shiro.session.mgt.SimpleSession serializes fields twice - once via the 'writeObject' implementations' call to out.writeDefaultObject(), and again via the custom bitmask-based serialization that follows it.
> The internal fields should be marked as transient to prevent this. out.writeDefaultObject should still be called for JVM security reasons, but SimpleSession's custom field-based serialization is more efficient so it should be retained. The solution is to mark all custom-serialized fields as transient.
> Discussion thread here: http://mail-archives.apache.org/mod_mbox/shiro-user/201109.mbox/%3C4E81BCBD.8060909@metaphysis.net%3E
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (SHIRO-325) SimpleSession serializes fields twice
Posted by "Les Hazlewood (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood resolved SHIRO-325.
---------------------------------
Resolution: Fixed
committed to trunk
> SimpleSession serializes fields twice
> -------------------------------------
>
> Key: SHIRO-325
> URL: https://issues.apache.org/jira/browse/SHIRO-325
> Project: Shiro
> Issue Type: Bug
> Components: Session Management
> Affects Versions: 1.0.0, 1.1.0
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.2.0
>
>
> org.apache.shiro.session.mgt.SimpleSession serializes fields twice - once via the 'writeObject' implementations' call to out.writeDefaultObject(), and again via the custom bitmask-based serialization that follows it.
> The internal fields should be marked as transient to prevent this. out.writeDefaultObject should still be called for JVM security reasons, but SimpleSession's custom field-based serialization is more efficient so it should be retained. The solution is to mark all custom-serialized fields as transient.
> Discussion thread here: http://mail-archives.apache.org/mod_mbox/shiro-user/201109.mbox/%3C4E81BCBD.8060909@metaphysis.net%3E
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira