記錄Shiro的rememberMe Cookie序列化失敗的情況的解決方案

原創 -madongyu- 2019-07-30 13:47

    在開發的時候遇到一個十分詭異的情況,shiro打開了記住我的功能,請求的cookie也帶上了,但是卻總是拋出用戶未登錄的異常。無奈打開了所有的日誌,發現每次請求都會拋出下面這個WARN
    排查調試之後我發現我遇到的序列化失敗的原因就是因爲使用了undertow當服務器,解決方法也很簡單,換回tomcat就可以了。。。最簡單粗暴的方法。
    下面列出我拋出的警告和發現問題的大致過程。

2019-07-10 20:19:05  WARN  org.apache.shiro.mgt.AbstractRememberMeManager(onRememberedPrincipalFailure:449) - There was a failure while trying to retrieve remembered principals.  This could be due to a configuration problem or corrupted principals.  This could also be due to a recently changed encryption key, if you are using a shiro.ini file, this property would be 'securityManager.rememberMeManager.cipherKey' see: http://shiro.apache.org/web.html#Web-RememberMeServices. The remembered identity will be forgotten and not used for this request.
2019-07-10 20:19:05  WARN  org.apache.shiro.mgt.DefaultSecurityManager(getRememberedIdentity:617) - Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
org.apache.shiro.io.SerializationException: Unable to deserialize argument byte array.
	at org.apache.shiro.io.DefaultSerializer.deserialize(DefaultSerializer.java:82) ~[shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:507) ~[shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:421) ~[shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:386) ~[shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:612) [shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:500) [shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:346) [shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:845) [shiro-core-1.4.0.jar:1.4.0]
	at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) [shiro-web-1.4.0.jar:1.4.0]
	at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) [shiro-web-1.4.0.jar:1.4.0]
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) [shiro-web-1.4.0.jar:1.4.0]
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.4.0.jar:1.4.0]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:64) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) [undertow-servlet-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:336) [undertow-core-1.4.25.Final.jar:1.4.25.Final]
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) [undertow-core-1.4.25.Final.jar:1.4.25.Final]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
Caused by: java.io.StreamCorruptedException: invalid type code: 00
	at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1599) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1948) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1565) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2285) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2209) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2067) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1571) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431) ~[?:1.8.0_171]
	at java.util.HashSet.readObject(HashSet.java:341) ~[?:1.8.0_171]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_171]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_171]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]
	at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1158) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2176) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2067) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1571) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431) ~[?:1.8.0_171]
	at java.util.HashMap.readObject(HashMap.java:1409) ~[?:1.8.0_171]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_171]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_171]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]
	at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1158) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2176) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2067) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1571) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2285) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.defaultReadObject(ObjectInputStream.java:561) ~[?:1.8.0_171]
	at org.apache.shiro.subject.SimplePrincipalCollection.readObject(SimplePrincipalCollection.java:295) ~[shiro-core-1.4.0.jar:1.4.0]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_171]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_171]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]
	at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1158) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2176) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2067) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1571) ~[?:1.8.0_171]
	at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431) ~[?:1.8.0_171]
	at org.apache.shiro.io.DefaultSerializer.deserialize(DefaultSerializer.java:77) ~[shiro-core-1.4.0.jar:1.4.0]
	... 57 more

    嘗試了其給的官網方案,並沒有什麼用處。無奈只能打開調試,由於是解碼的地方出錯,在排除掉序列化後的數據格式錯誤的猜想之後,剩下的可能性也只有拿到的數據出錯了。最後調試到一個地方,在解碼的時候遇到了一個特殊的字節[C,然後就拋異常了(當時忘了截圖了,這個是idea展示的值。。。)
    十分神奇的是我用tomcat當服務器時候就不會,而是用undertow就會出現這種情況,暫時沒找出爲什麼使用undertow會出現這個問題,沒有精力再繼續往上調試了,在這裏先記錄一下。

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

向量數據庫

  隨着LLM的起飛,向量數據庫也跟着火爆,好多做向量數據庫的初創企業ppt剛寫好,就拿到幾千萬美元的風投。     向量數據庫是一種特殊的數據庫,它是存儲了一堆浮點數,這些浮點數排列到一起就像一個數組,這些浮點數在向量數據庫裏面被稱爲維度

人不瘋狂枉一生 2024-05-25 14:23:07

推薦2款開源、美觀的WinForm UI控件庫

前言 今天大姚給大家分享2款開源、美觀的WinForm UI控件庫,希望可以幫助到有需要的同學。 WinForm介紹 WinForm是一個傳統的桌面應用程序框架,它基於 Windows 操作系統的原生控件和窗體。通過簡單易用的 API,開發

追逐時光 2024-05-25 14:22:06

條款50:瞭解 new 和 delete 的合理替換時機

    *-*

htj10 2024-05-25 14:21:56

傳奇永恆的單機版下載地址

我是學霸 傳奇永恆 https://f9a5o6xqpg.feishu.cn/docx/ZbnBdTtNdoecKcxsMDocIWIanIg 我是學霸君分享的遊戲地址. 這裏面270期就是傳奇永恆的下載地址. 我玩了一下挺好的. 設置裏面

張博的博客 2024-05-25 14:19:56

騰訊ocr 調用方法

推薦這個高精度口: import json import types from tencentcloud.common import credential from tencentcloud.common.profile.client_p

張博的博客 2024-05-25 14:19:56

爲什麼要使用springCloud直接使用RestTemplate不行嗎?

雖然RestTemplate本身是一個強大的工具,用於在Spring應用程序中發送HTTP請求,但在複雜的微服務架構中,直接使用RestTemplate可能不足以滿足所有需求。Spring Cloud提供了更高級別的功能,使得在微服務環境中

uper超人 2024-05-25 14:15:36

springcloud和dubbo分別調用controller層和service層是兩種微服務架構的最大區別?

許多討論微服務架構中springcloud和dubbo區別的文章中,主要強調dubbo只是springcloud的子集,只是服務治理工具,不是完整解決方案。但是看了一下兩者,感覺完全無法兼容,理念完全不同啊。springboot開發的典型應

uper超人 2024-05-25 14:15:36

gitlab-runner

gitlab賬號密碼 第一次登錄 部署gitlab,第一登錄,要註冊,遇到問題 Your account is pending approval from your GitLab administrator and hence blocke

馬昌偉 2024-05-25 14:13:55

keycloak~登出的回調接口

對於用戶的登出/註銷操作,都可以設置一個回調接口,這個接口是作用到client上面的,並且必須是POST接口,相關回調方法的調用,可以參考keycloak14.0.0的這個方法: org.keycloak.services.manager

張佔嶺 2024-05-25 14:12:45

從MASM全局標識符談模塊化開發

  博主學習的第一個編程語言是C語言(跟譚教授學的),當時時就疑惑一個問題,爲什麼要將源碼分成多個文件,每個文件編譯成目標文件(obj)文件後,再通過連接程序(link)將多個目標文件連接成單個執行文件。後來通過更深入的開發一些規模稍大一點

美洲象 2024-05-25 14:11:55

vector 提高效率

1. 插入元素前預分配空間比直接插入元素快。 vector.reserve(n); 2. 插入元素使用emplace_back,比push_back快。 vector.emplace_back(new(class)); 3. 一個向

風影我愛羅 2024-05-25 14:11:45

判斷點在形狀裏,點在線段上

/************************************************************************ 函數名 : OnSegment 功能描述: 判斷點q是否在p1和p2的線段上(調試用)

風影我愛羅 2024-05-25 14:11:45

leetcode 3117. 劃分數組得到最小的值之和(線段樹、dp、二分)

3117. 劃分數組得到最小的值之和 - 力扣(LeetCode) 思路 對於這種劃分區間段的問題,通常我們可以先考慮dp,dp[i][j]表示第i個num數作爲第j段最後一個元素得到的前j段的最小和。用二分去查找合法區間的左右端點,因爲m

SnowLove 2024-05-25 14:10:24

原子、組合與彙編

應用程序裏可以任意寫SQL語句,到了數據庫這層,所有的SQL語句都被做了編排。 在應用層可以同步、異步的投遞SQL語句:s1, s2,s3,...。混在意大利麪條一樣的代碼裏,看不到誰先執行誰後執行。 在數據庫層,這些語句會被編排。編排後

ffl 2024-05-25 14:08:34

gcov 生成的覆蓋率文本的理解

理解 branch Q: 這裏的fallthough 是什麼意思 600000: 116: if (lu_dis >= 0 && ru_dis > 0 && point.y() <= inner_rect_start_y_) { b

ffl 2024-05-25 14:08:34