异常说明
在学习Shiro使用缓存时,出现:java.io.NotSerializableException:org.apache.shiro.util.SimpleByteSource异常。出现这种情况是因为:SimpleByteSource没有是实现Serializable接口。
解决方案第一步:自定义一个类继承SimpleByteSource实现Serializable接口
public class MySimpleByteSource implements ByteSource, Serializable {
private static final long serialVersionUID = 5175082362119580768L;
private byte[] bytes;
private String cachedHex;
private String cachedBase64;
public MySimpleByteSource(){
}
public MySimpleByteSource(byte[] bytes) {
this.bytes = bytes;
}
public MySimpleByteSource(char[] chars) {
this.bytes = CodecSupport.toBytes(chars);
}
public MySimpleByteSource(String string) {
this.bytes = CodecSupport.toBytes(string);
}
public MySimpleByteSource(ByteSource source) {
this.bytes = source.getBytes();
}
public MySimpleByteSource(File file) {
this.bytes = (new MySimpleByteSource.BytesHelper()).getBytes(file);
}
public MySimpleByteSource(InputStream stream) {
this.bytes = (new MySimpleByteSource.BytesHelper()).getBytes(stream);
}
public static boolean isCompatible(Object o) {
return o instanceof byte[] || o instanceof char[] || o instanceof String || o instanceof ByteSource || o instanceof File || o instanceof InputStream;
}
public void setBytes(byte[] bytes) {
this.bytes = bytes;
}
@Override
public byte[] getBytes() {
return this.bytes;
}
@Override
public String toHex() {
if(this.cachedHex == null) {
this.cachedHex = Hex.encodeToString(this.getBytes());
}
return this.cachedHex;
}
@Override
public String toBase64() {
if(this.cachedBase64 == null) {
this.cachedBase64 = Base64.encodeToString(this.getBytes());
}
return this.cachedBase64;
}
@Override
public boolean isEmpty() {
return this.bytes == null || this.bytes.length == 0;
}
@Override
public String toString() {
return this.toBase64();
}
@Override
public int hashCode() {
return this.bytes != null && this.bytes.length != 0? Arrays.hashCode(this.bytes):0;
}
@Override
public boolean equals(Object o) {
if(o == this) {
return true;
} else if(o instanceof ByteSource) {
ByteSource bs = (ByteSource)o;
return Arrays.equals(this.getBytes(), bs.getBytes());
} else {
return false;
}
}
private static final class BytesHelper extends CodecSupport {
private BytesHelper() {
}
public byte[] getBytes(File file) {
return this.toBytes(file);
}
public byte[] getBytes(InputStream stream) {
return this.toBytes(stream);
}
}
}
第二步:修改UserRealm的doGetAuthenticationInfo()方法
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//模拟从数据库中获取用户名密码
UsernamePasswordToken userToken = (UsernamePasswordToken) token;
User user = userService.getUserByUsername(userToken.getUsername());
//用户不存在
if (null == user) {
return null; //抛出异常UnknownAccountException
}
// 用户被锁定
if (user.getLocked()) {
throw new LockedAccountException("该用户已被锁定,暂时无法登录!");
}
// 获取用户的盐值
//ByteSource salt = ByteSource.Util.bytes(user.getSalt()); //旧代码会抛出NotSerializableException:org异常,替换成下面代码就可以了
MySimpleByteSource salt = new MySimpleByteSource(user.getSalt());
//用户登录成功,将用户信息保存在Shiro的session中
SecurityUtils.getSubject().getSession().setAttribute("currentLoginedUser", user);
//不能自己做密码认证,系统会自己做
// 第一个参数为用户信息,方便授权时查找用户的权限
SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(user, user.getPassword(),salt, getName());
return simpleAuthenticationInfo;
}
网上有很多介绍这个问题的解决办法只需要自定义一个SimpleByteSource类继承SimpleByteSource实现Serializable接口
public class MySimpleByteSource extends SimpleByteSource implements Serializable {
private static final long serialVersionUID = -409798445206117297L;
public MySimpleByteSource(byte[] bytes) {
super(bytes);
}
}
然后在自定义的Realm中的doGetAuthenticationInfo方法中使用即可。 但是经过测试,这种方法虽然在序列化SimpleAuthenticationInfo的时候不报错的,但是在反序列化的时候也会报错:org.apache.commons.lang3.SerializationException: java.io.InvalidClassException。这是因为SimpleByteSource没有默认构造方法,导致反序列化的时候失败。
