在开发的时候遇到一个十分诡异的情况,shiro打开了记住我的功能,请求的cookie也带上了,但是却总是抛出用户未登录的异常。无奈打开了所有的日志,发现每次请求都会抛出下面这个WARN
    排查调试之后我发现我遇到的序列化失败的原因就是因为使用了undertow当服务器,解决方法也很简单,换回tomcat就可以了。。。最简单粗暴的方法。
    下面列出我抛出的警告和发现问题的大致过程。

2019-07-10 20:19:05  WARN  org.apache.shiro.mgt.AbstractRememberMeManager(onRememberedPrincipalFailure:449) - There was a failure while trying to retrieve remembered principals.  This could be due to a configuration problem or corrupted principals.  This could also be due to a recently changed encryption key, if you are using a shiro.ini file, this property would be 'securityManager.rememberMeManager.cipherKey' see: http://shiro.apache.org/web.html#Web-RememberMeServices. The remembered identity will be forgotten and not used for this request.
2019-07-10 20:19:05  WARN  org.apache.shiro.mgt.DefaultSecurityManager(getRememberedIdentity:617) - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
org.apache.shiro.io.SerializationException: Unable to deserialize argument byte array.at org.apache.shiro.io.DefaultSerializer.deserialize(DefaultSerializer.java:82) ~[shiro-core-1.4.0.jar:1.4.0]at org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:507) ~[shiro-core-1.4.0.jar:1.4.0]at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:421) ~[shiro-core-1.4.0.jar:1.4.0]at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:386) ~[shiro-core-1.4.0.jar:1.4.0]at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:612) [shiro-core-1.4.0.jar:1.4.0]at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:500) [shiro-core-1.4.0.jar:1.4.0]at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:346) [shiro-core-1.4.0.jar:1.4.0]at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:845) [shiro-core-1.4.0.jar:1.4.0]at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) [shiro-web-1.4.0.jar:1.4.0]at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) [shiro-web-1.4.0.jar:1.4.0]at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) [shiro-web-1.4.0.jar:1.4.0]at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.4.0.jar:1.4.0]at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:64) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.25.Final.jar:1.4.25.Final]at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-1.4.25.Final.jar:1.4.25.Final]at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.25.Final.jar:1.4.25.Final]at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]at io.undertow.server.Connectors.executeRootHandler(Connectors.java:336) [undertow-core-1.4.25.Final.jar:1.4.25.Final]at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-1.4.25.Final.jar:1.4.25.Final]at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
Caused by: java.io.StreamCorruptedException: invalid type code: 00at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1599) ~[?:1.8.0_171]at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1948) ~[?:1.8.0_171]at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1565) ~[?:1.8.0_171]at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2285) ~[?:1.8.0_171]at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2209) ~[?:1.8.0_171]at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2067) ~[?:1.8.0_171]at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1571) ~[?:1.8.0_171]at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431) ~[?:1.8.0_171]at java.util.HashSet.readObject(HashSet.java:341) ~[?:1.8.0_171]at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_171]at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_171]at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171]at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1158) ~[?:1.8.0_171]at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2176) ~[?:1.8.0_171]at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2067) ~[?:1.8.0_171]at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1571) ~[?:1.8.0_171]at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431) ~[?:1.8.0_171]at java.util.HashMap.readObject(HashMap.java:1409) ~[?:1.8.0_171]at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_171]at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_171]at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171]at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1158) ~[?:1.8.0_171]at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2176) ~[?:1.8.0_171]at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2067) ~[?:1.8.0_171]at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1571) ~[?:1.8.0_171]at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2285) ~[?:1.8.0_171]at java.io.ObjectInputStream.defaultReadObject(ObjectInputStream.java:561) ~[?:1.8.0_171]at org.apache.shiro.subject.SimplePrincipalCollection.readObject(SimplePrincipalCollection.java:295) ~[shiro-core-1.4.0.jar:1.4.0]at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_171]at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_171]at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171]at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1158) ~[?:1.8.0_171]at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2176) ~[?:1.8.0_171]at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2067) ~[?:1.8.0_171]at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1571) ~[?:1.8.0_171]at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431) ~[?:1.8.0_171]at org.apache.shiro.io.DefaultSerializer.deserialize(DefaultSerializer.java:77) ~[shiro-core-1.4.0.jar:1.4.0]... 57 more

尝试了其给的官网方案,并没有什么用处。无奈只能打开调试,由于是解码的地方出错,在排除掉序列化后的数据格式错误的猜想之后,剩下的可能性也只有拿到的数据出错了。
    十分神奇的是我用tomcat当服务器时候就不会,而是用undertow就会出现这种情况,暂时没找出为什么使用undertow会出现这个问题,没有精力再继续往上调试了,在这里先记录一下。

2020.4.22 重新整理

通过调试,发现shiro加载要序列化的类的时候,不同服务器使用的class loader 是不一样的。
    当使用tomcat的时候,classloader为TomcatEmbeddedWebappClassLoader,而使用undertow的时候,classloader为AppClassLoader,前者可以找到[C(char数组类型,原生类型),而后者不行,会抛出ClassNotFound错误,因此导致cookie还原登录信息失败。
    由于系统的ClassLoader的loadClass无法加载原生类型,而forName可以,因此我认为可以对shiro源码的ClassUtil类的代码进行一点修改,使用Class.forName函数(PS:修改ClassUtil后的shiro-lang包)。
    官方的1.6.1、2.0.0版本已修复

    private static abstract class ExceptionIgnoringAccessor implements ClassLoaderAccessor {public Class loadClass(String fqcn) {Class clazz = null;ClassLoader cl = getClassLoader();if (cl != null) {try {// 使用forName加载clazz = Class.forName(fqcn,false,cl);
//                    clazz = cl.loadClass(fqcn);} catch (ClassNotFoundException e) {if (log.isTraceEnabled()) {log.trace("Unable to load clazz named [" + fqcn + "] from class loader [" + cl + "]");}}}return clazz;}// 省略其余代码}

记录Shiro的rememberMe Cookie序列化失败的情况的解决方案相关推荐

  1. 关于Shiro使用密码加密加盐之后序列化失败的问题(十四)

    原文:https://blog.csdn.net/qq_34021712/article/details/84567437 shiro使用密码加盐之后,序列化失败 ERROR Failed to se ...

  2. 《Shiro安全框架》专题(十)-Shiro之rememberMe

    文章目录 1.Remember me简介 2.登录表单中添加记住我复选框 3.配置文件中配置 4.登录控制器 5.测试 1.Remember me简介 Shiro提供了记住我(RememberMe)的 ...

  3. Shiro 实现 RememberMe 功能

    本文内容:Shiro 中RememberMe 功能的介绍以及实现. 1 介绍 Shiron 提供了记住我(RememberMe)的功能,比如访问如淘宝等一些网站时,关闭了浏览器下次再打开时还是能记住你 ...

  4. SpringBoot学习:整合shiro(rememberMe记住我功能)

    项目下载地址:http://download.csdn.NET/detail/aqsunkai/9805821 首先在shiro配置类中注入rememberMe管理器 /*** cookie对象;* ...

  5. Shiro的 rememberMe 功能使用指导(为什么rememberMe设置了没作用?)

    问题 shiro中提供了rememberMe功能,它用起来是这样的 UsernamePasswordToken token = new UsernamePasswordToken(loginForm. ...

  6. SpringBoot整合Shiro实现RememberMe

    接上Springboot Shiro实现用户验 shiro提供了RememberMe功能,用户登录状态不会因为浏览器的关闭而失效,知道cookie过期 更改ShiroConfig 加入cookie管理 ...

  7. SpringBoot+shiro 实现rememberMe

    ShiroConfig.java @Configuration public class ShiroConfig {//注入自定义的realm,告诉shiro如何获取用户信息来做登录或权限控制@Bea ...

  8. Shiro 通过配置Cookie 解决多个二级域名的单点登录问题。

    当前配置只对于相同的 一级域名  ,严格来讲就是相同的主域名,比如sojson.com ,本站用到的有 e.sojson.com  ,ping.sojson.com ,www.sojson.com , ...

  9. SpringDataJPA使用getOne(id)导致Json序列化失败

    为了把对象扔进redis中,要给查询到的数据做JSON序列化,一开始都是好好的,直到遇到了如下的报错: org.codehaus.jackson.map.JsonMappingException: N ...

最新文章

  1. 如何理解和评价机器学习中的表达能力、训练难度和泛化性能
  2. 【数据科学】 推荐一个更高效的数据清洗方法,建议收藏
  3. 关于JUnit5 你必须知道的(一) JUnit5架构和环境搭建
  4. C#使用了未赋值的局部变量
  5. java 切换后台程序_将 Android 程序切换到后台及从后台切换到前台实现
  6. SQL SERVER如何通过SQL语句获服务器硬件和系统信息
  7. WCF去掉证书验证(转载)
  8. 如何以最低廉的价格(249元!!)组装一台Mac黑苹果主机,垃圾佬极限装机!!
  9. 高性能MySQL读书笔记——开天辟地
  10. 毕达哥拉斯定理/勾股定理
  11. OneNote如何同步到OneDrive,并且如何在PC和手机上完美使用OneNote
  12. Java学习笔记: HashMap 和 HashSet
  13. python优雅编程之旅
  14. 2022-2027年中国仓储物流机器人行业发展前景及投资战略咨询报告
  15. 通过PHP保存图片到mysql,如何使用MySQL保存一个图片并且用PHP得到它
  16. Transformer8
  17. java浮点数减法_浮点数的相关运算Java实现
  18. 蛋白结构分析实操教程
  19. 算法提升(一)二分法
  20. 非常全面的支付宝钱包系统架构图解

热门文章

  1. 用计算机求解的问题可以分为,大计基--第1章--基于计算机的问题求解.ppt
  2. 中国电信张东:数据治理与城市感知网的建设与运营
  3. CapsLocker for Mac(Capslock键开关)
  4. 红外传感器型号和参数_热释电红外传感器结构及型号
  5. windows 关闭自动播放
  6. 编程修养——千金甜果
  7. SAP HR 工资核算异常的一些处理方式
  8. 【Effection C++】读书笔记 条款32~条款33
  9. R语言——聚类分析——处理错误:NAs introduced by coercion
  10. python是什么?能做什么?为什么要学?