You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Favio D. DeMarco (JIRA)" <ji...@apache.org> on 2010/07/05 16:31:49 UTC
[jira] Created: (SHIRO-182) SimpleSession cannot be deserialized
SimpleSession cannot be deserialized
------------------------------------
Key: SHIRO-182
URL: https://issues.apache.org/jira/browse/SHIRO-182
Project: Shiro
Issue Type: Bug
Environment: Linux 2.6.34 x86_64
java version "1.5.0_12"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04)
Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_12-b04, mixed mode)
Reporter: Favio D. DeMarco
org.apache.shiro.session.mgt.SimpleSession fails deserialization with the following error:
at java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2666)
at java.io.ObjectInputStream$BlockDataInputStream.readUTFChar(ObjectInputStream.java:3058)
at java.io.ObjectInputStream$BlockDataInputStream.readUTFBody(ObjectInputStream.java:2955)
at java.io.ObjectInputStream$BlockDataInputStream.readUTF(ObjectInputStream.java:2764)
at java.io.ObjectInputStream.readUTF(ObjectInputStream.java:1032)
at org.apache.shiro.session.mgt.SimpleSession.readObject(SimpleSession.java:481)
There is a problem with the way the 'expired' flag is managed. In writeObject the 'expired' flag is written if it's set:
if (expired) {
out.writeBoolean(expired);
}
But, in getAlteredFieldsBitMask, the bit in the bit mask is only set when the 'exprired' flag is not set:
bitMask = !expired ? bitMask | EXPIRED_BIT_MASK : bitMask;
A short test:
SimpleSession session = new SimpleSession("localhost");
// This doesn't work either
// session.setExpired(true);
ByteArrayOutputStream serialized = new ByteArrayOutputStream();
ObjectOutputStream serializer = new ObjectOutputStream(serialized);
serializer.writeObject(session);
serializer.close();
new ObjectInputStream(new ByteArrayInputStream(serialized.toByteArray())).readObject();
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (SHIRO-182) SimpleSession cannot be deserialized
Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kalle Korhonen updated SHIRO-182:
---------------------------------
Fix Version/s: 1.1.0
Affects Version/s: 1.0.0
(was: Incubation)
Would be an easy merge for 1.0.1 as well.
> SimpleSession cannot be deserialized
> ------------------------------------
>
> Key: SHIRO-182
> URL: https://issues.apache.org/jira/browse/SHIRO-182
> Project: Shiro
> Issue Type: Bug
> Components: Caching , Session Management
> Affects Versions: 1.0.0, 1.1.0
> Environment: Linux 2.6.34 x86_64
> java version "1.5.0_12"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04)
> Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_12-b04, mixed mode)
> Reporter: Favio D. DeMarco
> Assignee: Kalle Korhonen
> Fix For: 1.1.0
>
>
> org.apache.shiro.session.mgt.SimpleSession fails deserialization with the following error:
> at java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2666)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTFChar(ObjectInputStream.java:3058)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTFBody(ObjectInputStream.java:2955)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTF(ObjectInputStream.java:2764)
> at java.io.ObjectInputStream.readUTF(ObjectInputStream.java:1032)
> at org.apache.shiro.session.mgt.SimpleSession.readObject(SimpleSession.java:481)
> There is a problem with the way the 'expired' flag is managed. In writeObject the 'expired' flag is written if it's set:
> if (expired) {
> out.writeBoolean(expired);
> }
> But, in getAlteredFieldsBitMask, the bit in the bit mask is only set when the 'exprired' flag is not set:
> bitMask = !expired ? bitMask | EXPIRED_BIT_MASK : bitMask;
> A short test:
> SimpleSession session = new SimpleSession("localhost");
> // This doesn't work either
> // session.setExpired(true);
> ByteArrayOutputStream serialized = new ByteArrayOutputStream();
> ObjectOutputStream serializer = new ObjectOutputStream(serialized);
> serializer.writeObject(session);
> serializer.close();
> new ObjectInputStream(new ByteArrayInputStream(serialized.toByteArray())).readObject();
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (SHIRO-182) SimpleSession cannot be deserialized
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood updated SHIRO-182:
--------------------------------
Fix Version/s: 1.0.1
(was: 1.1.0)
Updating fix version to 1.0.1 (bug fix without API adjustments)
> SimpleSession cannot be deserialized
> ------------------------------------
>
> Key: SHIRO-182
> URL: https://issues.apache.org/jira/browse/SHIRO-182
> Project: Shiro
> Issue Type: Bug
> Components: Caching , Session Management
> Affects Versions: 1.0.0, 1.1.0
> Environment: Linux 2.6.34 x86_64
> java version "1.5.0_12"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04)
> Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_12-b04, mixed mode)
> Reporter: Favio D. DeMarco
> Assignee: Kalle Korhonen
> Fix For: 1.0.1
>
>
> org.apache.shiro.session.mgt.SimpleSession fails deserialization with the following error:
> at java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2666)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTFChar(ObjectInputStream.java:3058)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTFBody(ObjectInputStream.java:2955)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTF(ObjectInputStream.java:2764)
> at java.io.ObjectInputStream.readUTF(ObjectInputStream.java:1032)
> at org.apache.shiro.session.mgt.SimpleSession.readObject(SimpleSession.java:481)
> There is a problem with the way the 'expired' flag is managed. In writeObject the 'expired' flag is written if it's set:
> if (expired) {
> out.writeBoolean(expired);
> }
> But, in getAlteredFieldsBitMask, the bit in the bit mask is only set when the 'exprired' flag is not set:
> bitMask = !expired ? bitMask | EXPIRED_BIT_MASK : bitMask;
> A short test:
> SimpleSession session = new SimpleSession("localhost");
> // This doesn't work either
> // session.setExpired(true);
> ByteArrayOutputStream serialized = new ByteArrayOutputStream();
> ObjectOutputStream serializer = new ObjectOutputStream(serialized);
> serializer.writeObject(session);
> serializer.close();
> new ObjectInputStream(new ByteArrayInputStream(serialized.toByteArray())).readObject();
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (SHIRO-182) SimpleSession cannot be deserialized
Posted by "Favio D. DeMarco (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Favio D. DeMarco updated SHIRO-182:
-----------------------------------
Affects Version/s: 1.1.0
Incubation
Component/s: Caching
Session Management
Actual version is 1.1.0-incubating-SNAPSHOT, shiro-core-1.1.0-incubating-20100701.070234-9.jar, from MANIFEST.MF:
Hudson-Build-Number: 218
Hudson-Project: Shiro
Hudson-Version: 1.353
> SimpleSession cannot be deserialized
> ------------------------------------
>
> Key: SHIRO-182
> URL: https://issues.apache.org/jira/browse/SHIRO-182
> Project: Shiro
> Issue Type: Bug
> Components: Caching , Session Management
> Affects Versions: 1.1.0, Incubation
> Environment: Linux 2.6.34 x86_64
> java version "1.5.0_12"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04)
> Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_12-b04, mixed mode)
> Reporter: Favio D. DeMarco
>
> org.apache.shiro.session.mgt.SimpleSession fails deserialization with the following error:
> at java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2666)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTFChar(ObjectInputStream.java:3058)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTFBody(ObjectInputStream.java:2955)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTF(ObjectInputStream.java:2764)
> at java.io.ObjectInputStream.readUTF(ObjectInputStream.java:1032)
> at org.apache.shiro.session.mgt.SimpleSession.readObject(SimpleSession.java:481)
> There is a problem with the way the 'expired' flag is managed. In writeObject the 'expired' flag is written if it's set:
> if (expired) {
> out.writeBoolean(expired);
> }
> But, in getAlteredFieldsBitMask, the bit in the bit mask is only set when the 'exprired' flag is not set:
> bitMask = !expired ? bitMask | EXPIRED_BIT_MASK : bitMask;
> A short test:
> SimpleSession session = new SimpleSession("localhost");
> // This doesn't work either
> // session.setExpired(true);
> ByteArrayOutputStream serialized = new ByteArrayOutputStream();
> ObjectOutputStream serializer = new ObjectOutputStream(serialized);
> serializer.writeObject(session);
> serializer.close();
> new ObjectInputStream(new ByteArrayInputStream(serialized.toByteArray())).readObject();
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (SHIRO-182) SimpleSession cannot be deserialized
Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kalle Korhonen resolved SHIRO-182.
----------------------------------
Fix Version/s: 1.1.0
(was: 1.0.1)
Resolution: Fixed
Leave a comment if you need it fixed for 1.0.1
> SimpleSession cannot be deserialized
> ------------------------------------
>
> Key: SHIRO-182
> URL: https://issues.apache.org/jira/browse/SHIRO-182
> Project: Shiro
> Issue Type: Bug
> Components: Caching , Session Management
> Affects Versions: 1.0.0
> Environment: Linux 2.6.34 x86_64
> java version "1.5.0_12"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04)
> Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_12-b04, mixed mode)
> Reporter: Favio D. DeMarco
> Assignee: Kalle Korhonen
> Fix For: 1.1.0
>
>
> org.apache.shiro.session.mgt.SimpleSession fails deserialization with the following error:
> at java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2666)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTFChar(ObjectInputStream.java:3058)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTFBody(ObjectInputStream.java:2955)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTF(ObjectInputStream.java:2764)
> at java.io.ObjectInputStream.readUTF(ObjectInputStream.java:1032)
> at org.apache.shiro.session.mgt.SimpleSession.readObject(SimpleSession.java:481)
> There is a problem with the way the 'expired' flag is managed. In writeObject the 'expired' flag is written if it's set:
> if (expired) {
> out.writeBoolean(expired);
> }
> But, in getAlteredFieldsBitMask, the bit in the bit mask is only set when the 'exprired' flag is not set:
> bitMask = !expired ? bitMask | EXPIRED_BIT_MASK : bitMask;
> A short test:
> SimpleSession session = new SimpleSession("localhost");
> // This doesn't work either
> // session.setExpired(true);
> ByteArrayOutputStream serialized = new ByteArrayOutputStream();
> ObjectOutputStream serializer = new ObjectOutputStream(serialized);
> serializer.writeObject(session);
> serializer.close();
> new ObjectInputStream(new ByteArrayInputStream(serialized.toByteArray())).readObject();
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHIRO-182) SimpleSession cannot be deserialized
Posted by "Les Hazlewood (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-182?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12885365#action_12885365 ]
Les Hazlewood commented on SHIRO-182:
-------------------------------------
It will be easy to write a unit test for this - thanks for the example Favio.
> SimpleSession cannot be deserialized
> ------------------------------------
>
> Key: SHIRO-182
> URL: https://issues.apache.org/jira/browse/SHIRO-182
> Project: Shiro
> Issue Type: Bug
> Components: Caching , Session Management
> Affects Versions: 1.0.0, 1.1.0
> Environment: Linux 2.6.34 x86_64
> java version "1.5.0_12"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04)
> Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_12-b04, mixed mode)
> Reporter: Favio D. DeMarco
> Assignee: Kalle Korhonen
> Fix For: 1.0.1
>
>
> org.apache.shiro.session.mgt.SimpleSession fails deserialization with the following error:
> at java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2666)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTFChar(ObjectInputStream.java:3058)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTFBody(ObjectInputStream.java:2955)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTF(ObjectInputStream.java:2764)
> at java.io.ObjectInputStream.readUTF(ObjectInputStream.java:1032)
> at org.apache.shiro.session.mgt.SimpleSession.readObject(SimpleSession.java:481)
> There is a problem with the way the 'expired' flag is managed. In writeObject the 'expired' flag is written if it's set:
> if (expired) {
> out.writeBoolean(expired);
> }
> But, in getAlteredFieldsBitMask, the bit in the bit mask is only set when the 'exprired' flag is not set:
> bitMask = !expired ? bitMask | EXPIRED_BIT_MASK : bitMask;
> A short test:
> SimpleSession session = new SimpleSession("localhost");
> // This doesn't work either
> // session.setExpired(true);
> ByteArrayOutputStream serialized = new ByteArrayOutputStream();
> ObjectOutputStream serializer = new ObjectOutputStream(serialized);
> serializer.writeObject(session);
> serializer.close();
> new ObjectInputStream(new ByteArrayInputStream(serialized.toByteArray())).readObject();
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (SHIRO-182) SimpleSession cannot be deserialized
Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kalle Korhonen reassigned SHIRO-182:
------------------------------------
Assignee: Kalle Korhonen
> SimpleSession cannot be deserialized
> ------------------------------------
>
> Key: SHIRO-182
> URL: https://issues.apache.org/jira/browse/SHIRO-182
> Project: Shiro
> Issue Type: Bug
> Components: Caching , Session Management
> Affects Versions: 1.1.0, Incubation
> Environment: Linux 2.6.34 x86_64
> java version "1.5.0_12"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04)
> Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_12-b04, mixed mode)
> Reporter: Favio D. DeMarco
> Assignee: Kalle Korhonen
>
> org.apache.shiro.session.mgt.SimpleSession fails deserialization with the following error:
> at java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2666)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTFChar(ObjectInputStream.java:3058)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTFBody(ObjectInputStream.java:2955)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTF(ObjectInputStream.java:2764)
> at java.io.ObjectInputStream.readUTF(ObjectInputStream.java:1032)
> at org.apache.shiro.session.mgt.SimpleSession.readObject(SimpleSession.java:481)
> There is a problem with the way the 'expired' flag is managed. In writeObject the 'expired' flag is written if it's set:
> if (expired) {
> out.writeBoolean(expired);
> }
> But, in getAlteredFieldsBitMask, the bit in the bit mask is only set when the 'exprired' flag is not set:
> bitMask = !expired ? bitMask | EXPIRED_BIT_MASK : bitMask;
> A short test:
> SimpleSession session = new SimpleSession("localhost");
> // This doesn't work either
> // session.setExpired(true);
> ByteArrayOutputStream serialized = new ByteArrayOutputStream();
> ObjectOutputStream serializer = new ObjectOutputStream(serialized);
> serializer.writeObject(session);
> serializer.close();
> new ObjectInputStream(new ByteArrayInputStream(serialized.toByteArray())).readObject();
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (SHIRO-182) SimpleSession cannot be deserialized
Posted by "Kalle Korhonen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHIRO-182?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kalle Korhonen updated SHIRO-182:
---------------------------------
Affects Version/s: (was: 1.1.0)
> SimpleSession cannot be deserialized
> ------------------------------------
>
> Key: SHIRO-182
> URL: https://issues.apache.org/jira/browse/SHIRO-182
> Project: Shiro
> Issue Type: Bug
> Components: Caching , Session Management
> Affects Versions: 1.0.0
> Environment: Linux 2.6.34 x86_64
> java version "1.5.0_12"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04)
> Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_12-b04, mixed mode)
> Reporter: Favio D. DeMarco
> Assignee: Kalle Korhonen
> Fix For: 1.0.1
>
>
> org.apache.shiro.session.mgt.SimpleSession fails deserialization with the following error:
> at java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2666)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTFChar(ObjectInputStream.java:3058)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTFBody(ObjectInputStream.java:2955)
> at java.io.ObjectInputStream$BlockDataInputStream.readUTF(ObjectInputStream.java:2764)
> at java.io.ObjectInputStream.readUTF(ObjectInputStream.java:1032)
> at org.apache.shiro.session.mgt.SimpleSession.readObject(SimpleSession.java:481)
> There is a problem with the way the 'expired' flag is managed. In writeObject the 'expired' flag is written if it's set:
> if (expired) {
> out.writeBoolean(expired);
> }
> But, in getAlteredFieldsBitMask, the bit in the bit mask is only set when the 'exprired' flag is not set:
> bitMask = !expired ? bitMask | EXPIRED_BIT_MASK : bitMask;
> A short test:
> SimpleSession session = new SimpleSession("localhost");
> // This doesn't work either
> // session.setExpired(true);
> ByteArrayOutputStream serialized = new ByteArrayOutputStream();
> ObjectOutputStream serializer = new ObjectOutputStream(serialized);
> serializer.writeObject(session);
> serializer.close();
> new ObjectInputStream(new ByteArrayInputStream(serialized.toByteArray())).readObject();
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.