]
Marcel Abou Khalil commented on DROOLS-3429:
--------------------------------------------
Hi [~tzimanyi],
thanks for your test case. It is perfect in demonstrating the bug. It seems you just
forgot to set the property {
-Dkie.security.policy="replace_me_with_path_to_policy_file_for_rules" }. If you
run the test with that property (you can even point it to the same permissive policy that
you used for the whole JVM) you should see the exception.
Serialization of KiePackages fails when SecurityManager is enabled
------------------------------------------------------------------
Key: DROOLS-3429
URL:
https://issues.jboss.org/browse/DROOLS-3429
Project: Drools
Issue Type: Bug
Components: core engine
Affects Versions: 6.5.0.Final, 7.15.0.Final
Environment: Running with IBM JDK 1.8
Reporter: Marcel Abou Khalil
Assignee: Mario Fusco
Priority: Major
Our Drools setup:
- users write rules in a combination of DSL and Java code
- rules are compiled
- packages are stored in a database (rules are seldom changed but often ran)
This has been working fine but in order to improve security, we've enabled the
SecurityManager. This throws an exception while trying to serialize the consequence part
of the rule:
{code:java}
Caused by: java.io.NotSerializableException:
com.redacted.Rule_Events_REDACTED61028857611DefaultConsequenceInvoker
- field (class
"org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence", name:
"delegate", type: "interface org.drools.core.spi.Consequence")
- object (class
"org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence",
org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence@93071816)
- writeExternal data
- object (class "org.drools.core.definitions.rule.impl.RuleImpl", [Rule
name=REDACTED, agendaGroup=end, salience=0, no-loop=true])
- writeExternal data
- object (class "org.drools.core.rule.JavaDialectRuntimeData",
org.drools.core.rule.JavaDialectRuntimeData{...})
- custom writeObject data (class "java.util.HashMap")
- object (class "java.util.HashMap",
{java=org.drools.core.rule.JavaDialectRuntimeData{...},
mvel=org.drools.core.rule.MVELDialectRuntimeData@b99ea6b2})
- writeExternal data
- root object (class "org.drools.core.rule.DialectRuntimeRegistry",
org.drools.core.rule.DialectRuntimeRegistry@2d9acae8)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1213)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1615)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1576)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1499)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1209)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:365)
at org.drools.core.definitions.rule.impl.RuleImpl.writeExternal(RuleImpl.java:180)
{code}
Possible cause:
Class {{RuleImpl}}, method {{writeExternal}} will write out {{null}} if the consequence
is of type {{CompiledInvoker}}. But if the SecurityManager is enabled, the method {{wire}}
will wrap the Consequence inside a {{SafeConsequence}}. A {{SafeConsequence}}, in contrast
to the wrapped consequence is not a {{CompiledInvoker}}, so {{writeExternal}} will attempt
to serialize it, instead of just writing {{null}} and fails.