shiro记住我无效_原因及解决办法

1、错误信息

Delegate RememberMeManager instance of type [" + rmm.getClass().getName() + "]

threw an exception during onSuccessfulLogin. RememberMe services will not be " + 

"performed for account [" + info + "].

 

2、原因

rememberMe记录cookie时cookie的序列化出问题

可能是实体类无法序列化

或是cookie本身序列化出错

protected void rememberMeSuccessfulLogin(AuthenticationToken token, AuthenticationInfo info, Subject subject) {
    RememberMeManager rmm = getRememberMeManager();
    if (rmm != null) {
        try {
            rmm.onSuccessfulLogin(subject, token, info);
        } catch (Exception e) {
            if (log.isWarnEnabled()) {
                String msg = "Delegate RememberMeManager instance of type [" + rmm.getClass().getName() +
                        "] threw an exception during onSuccessfulLogin.  RememberMe services will not be " +
                        "performed for account [" + info + "].";
                log.warn(msg, e);
            }
        }
    } else {
        if (log.isTraceEnabled()) {
            log.trace("This " + getClass().getName() + " instance does not have a " +
                    "[" + RememberMeManager.class.getName() + "] instance configured.  RememberMe services " +
                    "will not be performed for account [" + info + "].");
        }
    }
}

如果shiro开启了rememberMe，则在登录成功后，会通过后置方法来到上面的代码

可以看到执行 rmm.onSuccessfulLogin(subject, token, info) 下面有个catch方法

进入onSuccessfulLogin

public void onSuccessfulLogin(Subject subject, AuthenticationToken token, AuthenticationInfo info) {
    //always clear any previous identity:
    forgetIdentity(subject);//先执行forgetIdentity(subject)清除原来的cookie

    //now save the new identity:
    if (isRememberMe(token)) {
        rememberIdentity(subject, token, info);//生成cookie并保存到浏览器
    } else {
        if (log.isDebugEnabled()) {
            log.debug("AuthenticationToken did not indicate RememberMe is requested.  " +
                    "RememberMe functionality will not be executed for corresponding account.");
        }
    }
}

进入rememberIdentity(subject, token, info)内部会来到如下：

protected void rememberSerializedIdentity(Subject subject, byte[] serialized) {

    if (!WebUtils.isHttp(subject)) {
        if (log.isDebugEnabled()) {
            String msg = "Subject argument is not an HTTP-aware instance.  This is required to obtain a servlet " +
                    "request and response in order to set the rememberMe cookie. Returning immediately and " +
                    "ignoring rememberMe operation.";
            log.debug(msg);
        }
        return;
    }


    HttpServletRequest request = WebUtils.getHttpRequest(subject);
    HttpServletResponse response = WebUtils.getHttpResponse(subject);

    //base 64 encode it and store as a cookie:
    String base64 = Base64.encodeToString(serialized);

    Cookie template = getCookie(); //the class attribute is really a template for the outgoing cookies
    Cookie cookie = new SimpleCookie(template);
    cookie.setValue(base64);
    cookie.saveTo(request, response);
}

最后几行创建cookie实例，这中间就可能出现序列化或者cookie属性缺少等问题

 

3、解决办法

可能的解决办法

确保subject.login()方法中传入的实体类可以序列化

确保cookie参数完整（如必须有name属性）

如果以上还是没有解决，按上面的步骤调试进入内部查找