[
https://issues.jboss.org/browse/DROOLS-3429?page=com.atlassian.jira.plugi...
]
Tibor Zimányi edited comment on DROOLS-3429 at 12/21/18 8:38 AM:
-----------------------------------------------------------------
[~aboukhal] thanks for confirmation. Yes, after setting kie.security.policy I can
reproduce the problem. I need to debug that to check if your fix is the correct one. Not
sure when this will happen, because of holidays, but I will definitely take a look at the
beginning of next year at latest, right after holidays. I will keep you updated in the PR
or here.
was (Author: tzimanyi):
[~aboukhal] thanks for confirmation. Yes, after setting kie.security.policy I can
reproduce the problem. I need to debug that to check if your fix is the correct one. Not
sure when this will happen, because of holidays, but I will definitely take a look at the
beginning of next year, right after holidays. I will keep you updated in the PR or here.
Serialization of KiePackages fails when SecurityManager is enabled
------------------------------------------------------------------
Key: DROOLS-3429
URL:
https://issues.jboss.org/browse/DROOLS-3429
Project: Drools
Issue Type: Bug
Components: core engine
Affects Versions: 6.5.0.Final, 7.15.0.Final
Environment: Running with IBM JDK 1.8
Reporter: Marcel Abou Khalil
Assignee: Mario Fusco
Priority: Major
Our Drools setup:
- users write rules in a combination of DSL and Java code
- rules are compiled
- packages are stored in a database (rules are seldom changed but often ran)
This has been working fine but in order to improve security, we've enabled the
SecurityManager. This throws an exception while trying to serialize the consequence part
of the rule:
{code:java}
Caused by: java.io.NotSerializableException:
com.redacted.Rule_Events_REDACTED61028857611DefaultConsequenceInvoker
- field (class
"org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence", name:
"delegate", type: "interface org.drools.core.spi.Consequence")
- object (class
"org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence",
org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence@93071816)
- writeExternal data
- object (class "org.drools.core.definitions.rule.impl.RuleImpl", [Rule
name=REDACTED, agendaGroup=end, salience=0, no-loop=true])
- writeExternal data
- object (class "org.drools.core.rule.JavaDialectRuntimeData",
org.drools.core.rule.JavaDialectRuntimeData{...})
- custom writeObject data (class "java.util.HashMap")
- object (class "java.util.HashMap",
{java=org.drools.core.rule.JavaDialectRuntimeData{...},
mvel=org.drools.core.rule.MVELDialectRuntimeData@b99ea6b2})
- writeExternal data
- root object (class "org.drools.core.rule.DialectRuntimeRegistry",
org.drools.core.rule.DialectRuntimeRegistry@2d9acae8)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1213)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1615)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1576)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1499)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1209)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:365)
at org.drools.core.definitions.rule.impl.RuleImpl.writeExternal(RuleImpl.java:180)
{code}
Possible cause:
Class {{RuleImpl}}, method {{writeExternal}} will write out {{null}} if the consequence
is of type {{CompiledInvoker}}. But if the SecurityManager is enabled, the method {{wire}}
will wrap the Consequence inside a {{SafeConsequence}}. A {{SafeConsequence}}, in contrast
to the wrapped consequence is not a {{CompiledInvoker}}, so {{writeExternal}} will attempt
to serialize it, instead of just writing {{null}} and fails.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)