Re: [jboss-dev] EJB3 remote invocation broken in AS50
Hi,
Sorry I'm late to junp in. Brian, Anil, and Dimitris are all correct.
When I was working on compatibility between JBAS 4.2 and earlier
versions, I had to add a version byte to
org.jboss.remoting.marshal.serializable.SerializableMarshaller.write()
and SerializableUnMarshaller.read(). The unified invoker uses
subclasses org.jboss.invocation.unified.marshall.InvocationMarshaller
and InvocationUnMarshaller, which didn't have the overloaded versions of
read() and write() with the version byte. What is happening is that
InvocationMarshaller, which unwraps the nonserializable
org.jboss.invocation.Invocation and creates from it a serializable
object, gets bypassed, and SerializableMarshaller.write() ends up with
the original Invocation.
The fix is just to add overloaded versions of read() and write() to
InvocationMarshaller and InvocationUnMarshaller, which I did. The
problem is that I was working on the 4.2 branch and didn't think to make
the same correction to trunk. I've now done that. If the problem
doesn't go away, let me know.
-Ron
Thomas Diesler wrote:
Generally all EJB3 remote invocation seems to be broken.
java.rmi.MarshalException: Failed to communicate. Problem during
marshalling/unmarshalling; nested exception is:
java.io.NotSerializableException: org.jboss.invocation.Invocation
at
org.jboss.remoting.transport.socket.SocketClientInvoker.handleException(SocketClientInvoker.java:122)
at
org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:644)
at
org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
at org.jboss.remoting.Client.invoke(Client.java:1550)
at org.jboss.remoting.Client.invoke(Client.java:530)
at
org.jboss.invocation.unified.interfaces.UnifiedInvokerProxy.invoke(UnifiedInvokerProxy.java:161)
at org.jboss.invocation.InvokerInterceptor.invokeInvoker(InvokerInterceptor.java:244)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:181)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:86)
at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:184)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:101)
at $Proxy2.create(Unknown Source)
at
org.jboss.test.ws.jaxrpc.serviceref.ServiceRefEJBTestCase.testEJBClient(ServiceRefEJBTestCase.java:80)
at junit.extensions.TestDecorator.basicRun(TestDecorator.java:22)
at junit.extensions.TestSetup$1.protect(TestSetup.java:19)
at junit.extensions.TestSetup.run(TestSetup.java:23)
Caused by: java.io.NotSerializableException: org.jboss.invocation.Invocation
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1081)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1375)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1347)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1290)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1079)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:302)
at
org.jboss.remoting.serialization.impl.java.JavaSerializationManager.sendObjectVersion2_2(JavaSerializationManager.java:120)
at
org.jboss.remoting.serialization.impl.java.JavaSerializationManager.sendObject(JavaSerializationManager.java:95)
at
org.jboss.remoting.marshal.serializable.SerializableMarshaller.write(SerializableMarshaller.java:120)
at
org.jboss.remoting.transport.socket.MicroSocketClientInvoker.versionedWrite(MicroSocketClientInvoker.java:967)
at
org.jboss.remoting.transport.socket.MicroSocketClientInvoker.transport(MicroSocketClientInvoker.java:557)
... 31 more
On Tue, 2007-06-12 at 12:38 +0200, Thomas Diesler wrote:
> Hi Carlo,
>
> there seem to be basic EJB3 security problems
>
>
http://jbws.dyndns.org:8280/hudson/job/Core-Tests-AS-5.0/26/testReport/or...
>
> This is a remote client trying to connect to an unsecured SLSB.
>
> -thomas
>
>