Search before asking
Environment
Apache karaf 4.4.7, Java 21.0.4+8-LTS-274, debian 12.10 "bookworm", amd64
Shiro version
Shiro 2.0.2
What was the actual outcome?
When restoring rememberme sessions I get the following stack traces in the log:
2025-04-12T21:00:38,643 | WARN | qtp1776555921-646 | DefaultSecurityManager | 199 - org.apache.shiro.core - 2.0.2 | Delegate RememberMeManager instance of type [org.apache.shiro.web.mgt.CookieRememberMeManager] threw an exception during getRememberedPrincipals().
org.apache.shiro.lang.io.SerializationException: Unable to deserialize argument byte array.
at org.apache.shiro.lang.io.DefaultSerializer.deserialize(DefaultSerializer.java:90) ~[!/:2.0.2]
at org.apache.shiro.mgt.AbstractRememberMeManager.deserialize(AbstractRememberMeManager.java:523) ~[!/:2.0.2]
at org.apache.shiro.mgt.AbstractRememberMeManager.convertBytesToPrincipals(AbstractRememberMeManager.java:436) ~[!/:2.0.2]
at org.apache.shiro.mgt.AbstractRememberMeManager.getRememberedPrincipals(AbstractRememberMeManager.java:399) ~[!/:2.0.2]
at org.apache.shiro.mgt.DefaultSecurityManager.getRememberedIdentity(DefaultSecurityManager.java:618) ~[!/:2.0.2]
at org.apache.shiro.mgt.DefaultSecurityManager.resolvePrincipals(DefaultSecurityManager.java:506) ~[!/:2.0.2]
at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:350) ~[!/:2.0.2]
at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:844) ~[!/:2.0.2]
at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) ~[!/:2.0.2]
at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:306) ~[!/:2.0.2]
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:374) ~[!/:2.0.2]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:156) ~[!/:2.0.2]
at org.ops4j.pax.web.service.spi.servlet.OsgiInitializedFilter.doFilter(OsgiInitializedFilter.java:176) ~[!/:?]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201) ~[!/:9.4.57.v20241219]
at org.ops4j.pax.web.service.jetty.internal.PaxWebFilterHolder.doFilter(PaxWebFilterHolder.java:208) ~[!/:?]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626) ~[!/:9.4.57.v20241219]
at org.ops4j.pax.web.service.spi.servlet.OsgiFilterChain.doFilter(OsgiFilterChain.java:113) ~[!/:?]
at org.ops4j.pax.web.service.jetty.internal.PaxWebServletHandler.doHandle(PaxWebServletHandler.java:334) ~[!/:?]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:234) ~[!/:9.4.57.v20241219]
at org.ops4j.pax.web.service.jetty.internal.PrioritizedHandlerCollection.handle(PrioritizedHandlerCollection.java:96) ~[!/:?]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) ~[!/:9.4.57.v20241219]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) ~[!/:9.4.57.v20241219]
at java.lang.Thread.run(Thread.java:1583) [?:?]
Caused by: java.lang.ClassNotFoundException: Unable to load ObjectStreamClass [org.apache.shiro.subject.SimplePrincipalCollection: static final long serialVersionUID = -6305224034025797558L;]:
at org.apache.shiro.lang.io.ClassResolvingObjectInputStream.resolveClass(ClassResolvingObjectInputStream.java:55) ~[!/:2.0.2]
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2061) ~[?:?]
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1927) ~[?:?]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2252) ~[?:?]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1762) ~[?:?]
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:540) ~[?:?]
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:498) ~[?:?]
at org.apache.shiro.lang.io.DefaultSerializer.deserialize(DefaultSerializer.java:85) ~[!/:2.0.2]
... 44 more
Caused by: org.apache.shiro.lang.util.UnknownClassException: Unable to load class named [org.apache.shiro.subject.SimplePrincipalCollection] from the thread context, current, or system/application ClassLoaders. All heuristics have been exhausted. Class could not be found.
at org.apache.shiro.lang.util.ClassUtils.forName(ClassUtils.java:179) ~[!/:2.0.2]
at org.apache.shiro.lang.io.ClassResolvingObjectInputStream.resolveClass(ClassResolvingObjectInputStream.java:53) ~[!/:2.0.2]
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2061) ~[?:?]
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1927) ~[?:?]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2252) ~[?:?]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1762) ~[?:?]
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:540) ~[?:?]
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:498) ~[?:?]
at org.apache.shiro.lang.io.DefaultSerializer.deserialize(DefaultSerializer.java:85) ~[!/:2.0.2]
... 44 more
What was the expected outcome?
No errors on rememberme restore.
How to reproduce
Run an application that uses shiro rememberme shiro on an OSGi platform
Debug logs
No response
Search before asking
Environment
Apache karaf 4.4.7, Java 21.0.4+8-LTS-274, debian 12.10 "bookworm", amd64
Shiro version
Shiro 2.0.2
What was the actual outcome?
When restoring rememberme sessions I get the following stack traces in the log:
What was the expected outcome?
No errors on rememberme restore.
How to reproduce
Run an application that uses shiro rememberme shiro on an OSGi platform
Debug logs
No response