[#2083] bugfix: added Shiro core additional ClassLoader to be used when seria…

[lprimak]

…lizing / deserializing Principals for remember me

fixes #2083
supersedes #2084

Following this checklist to help us incorporate your contribution quickly and easily:

• Make sure there is a GitHub issue filed
  for the change (usually before you start working on it). Trivial changes like typos do not
  require a GitHub issue. Your pull request should address just this issue, without pulling in other changes.
• Each commit in the pull request should have a meaningful subject line and body.
• Format the pull request title like [#XXX] - Fixes bug in SessionManager,
  where you replace #XXX with the appropriate GitHub issue. Best practice
  is to use the GitHub issue title in the pull request title and in the first line of the commit message.
• Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
• add fixes #XXX if merging the PR should close a related issue.
• Run mvn verify to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.
• If you have a group of commits related to the same change, please squash your commits into one and force push your branch using git rebase -i.
• Committers: Make sure a milestone is set on the PR

Trivial changes like typos do not require a GitHub issue (javadoc, comments...).
In this case, just format the pull request title like [DOC] - Add javadoc in SessionManager.

If this is your first contribution, you have to read the Contribution Guidelines

If your pull request is about ~20 lines of code you don't need to sign an Individual Contributor License Agreement
if you are unsure please ask on the developers list.

To make clear that you license your contribution under the Apache License Version 2.0, January 2004
you have to acknowledge this by using the following check-box.

• I hereby declare this contribution to be licenced under the Apache License Version 2.0, January 2004
• In any other case, please file an Apache Individual Contributor License Agreement.

[steinarb]

Heh... I vaguely seem to remember suggesting something like this last year, before you came up with the TCCL workaround mentioned here #1500 (comment) ...? 😄

Nice and understandable! I like!

Initially LGTM, but I will test the branch on my apps and report back.

[lprimak]

Heh... I vaguely seem to remember suggesting something like this last year, before you came up with the TCCL workaround mentioned here #1500 (comment) ...? 😄

You did. Sorry about that. I guess I was too busy to comprehend what you were truly suggesting at the time, there was a lot going on then :)

Well better late than never.

[steinarb]

I have tested the branch with the apps in myapps and can confirm that everything seems to work normally in a smoke test and no stack traces appeared in the log.

For reference, here is what I did to rebuild:

1. Deleted all of my apps from the local maven cache:

   rm -rf ~/.m2/repository/no/priv/bang
   

2. Set shiro.version to 2.0.0-SNAPSHOT in my master pom (and also set the servlet and authservice versions that are used by others to SNAPSHOT versions)
3. Update servlet, authservice, handlereg, oldalbum, sampleapp to use snapshot version of the master pom
4. Update frontend-karaf-demo to use snapshot version of servlet
   (it was kinda hard to get rid of all places that pulled in shiro 2.0.2 at runtime...)
5. Rebuilt everything (I had to create a script...) https://gist.github.com/steinarb/3ca65de5539b2be9c257032342bdd825
6. Installed the apps and checked with bundle:listthat no shiro 2.0.2 had been pulled in at runtime

   feature:repo-add mvn:no.priv.bang.myapps/myapps/LATEST/xml/features
   feature:install myapps
   bundle:list
   

(lots of stuff but except for bumping the versions the computer did most of the work)

[lprimak]

@fpapon waiting for your approval. Thanks.