]
Tibor Zimányi commented on DROOLS-3429:
---------------------------------------
Hi [~aboukhal], I cannot reproduce the problem based on your descripton. I created a test
class [1], then I added AllPermission permission to my java.policy file, added
"-Djava.security.manager" flag to the test run and it works. As you can see from
the test class I also tried to add the policy programatically, with same results. Could
you please check the test if it matches your case? If not, could you please provide a
reproducer? Maybe my test class might help you with developing one. I ran the test using
master branch and 7.14.x branch both with Oracle JDK 8 and IBM JDK 8.
[1]
Serialization of KiePackages fails when SecurityManager is enabled
------------------------------------------------------------------
Key: DROOLS-3429
URL:
https://issues.jboss.org/browse/DROOLS-3429
Project: Drools
Issue Type: Bug
Components: core engine
Affects Versions: 6.5.0.Final, 7.15.0.Final
Environment: Running with IBM JDK 1.8
Reporter: Marcel Abou Khalil
Assignee: Mario Fusco
Priority: Major
Our Drools setup:
- users write rules in a combination of DSL and Java code
- rules are compiled
- packages are stored in a database (rules are seldom changed but often ran)
This has been working fine but in order to improve security, we've enabled the
SecurityManager. This throws an exception while trying to serialize the consequence part
of the rule:
{code:java}
Caused by: java.io.NotSerializableException:
com.redacted.Rule_Events_REDACTED61028857611DefaultConsequenceInvoker
- field (class
"org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence", name:
"delegate", type: "interface org.drools.core.spi.Consequence")
- object (class
"org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence",
org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence@93071816)
- writeExternal data
- object (class "org.drools.core.definitions.rule.impl.RuleImpl", [Rule
name=REDACTED, agendaGroup=end, salience=0, no-loop=true])
- writeExternal data
- object (class "org.drools.core.rule.JavaDialectRuntimeData",
org.drools.core.rule.JavaDialectRuntimeData{...})
- custom writeObject data (class "java.util.HashMap")
- object (class "java.util.HashMap",
{java=org.drools.core.rule.JavaDialectRuntimeData{...},
mvel=org.drools.core.rule.MVELDialectRuntimeData@b99ea6b2})
- writeExternal data
- root object (class "org.drools.core.rule.DialectRuntimeRegistry",
org.drools.core.rule.DialectRuntimeRegistry@2d9acae8)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1213)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1615)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1576)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1499)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1209)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:365)
at org.drools.core.definitions.rule.impl.RuleImpl.writeExternal(RuleImpl.java:180)
{code}
Possible cause:
Class {{RuleImpl}}, method {{writeExternal}} will write out {{null}} if the consequence
is of type {{CompiledInvoker}}. But if the SecurityManager is enabled, the method {{wire}}
will wrap the Consequence inside a {{SafeConsequence}}. A {{SafeConsequence}}, in contrast
to the wrapped consequence is not a {{CompiledInvoker}}, so {{writeExternal}} will attempt
to serialize it, instead of just writing {{null}} and fails.