[JBoss JIRA] Created: (JBRULES-2098) Internal TupleSink list is not properly cleaned up when removing rules from a RuleBase
by Christian Nedregård (JIRA)
Internal TupleSink list is not properly cleaned up when removing rules from a RuleBase
--------------------------------------------------------------------------------------
Key: JBRULES-2098
URL: https://jira.jboss.org/jira/browse/JBRULES-2098
Project: JBoss Drools
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: drools-core
Affects Versions: 4.0.7
Environment: Drools 4.0.7
Win XP
Sun JDK 1.4.2_11
Reporter: Christian Nedregård
Assignee: Mark Proctor
When a new rule is added to a rule base that has shareBetaNodes=true 'BuildUtils.attachNode' will iterate through existing TupleSink nodes and try to find an equal node to re-use.
In our production code we are seing NoClassDefFoundErrors from 'EvalConditionNode.equals' in scenarios where rules are both removed from and added to a rule base. The NoClassDefFoundErrors occours when a rule has recently been removed from the rule base and we are trying to add a new rule. When BuildUtils.attachNode' iterates through the existing TupleSinks it also encounters TupleSinks that belongs to the rule that was removed. The call to the TupleSinks 'equal' method yields a NoClassDefFoundErrors because the target TupleSink are trying to reference the rule class that has been removed.
In this scenario we have removed rule 10418 and are adding 11140:
java.lang.NoClassDefFoundError: rules.subscriptiontype.Rule_RequiredSubscriptionTypes_10418_0
at rules.subscriptiontype.Rule_RequiredSubscriptionTypes_10418_0Eval0Invoker.class$(Unknown Source)
at rules.subscriptiontype.Rule_RequiredSubscriptionTypes_10418_0Eval0Invoker.getMethodBytecode(Unknown Source)
at rules.subscriptiontype.Rule_RequiredSubscriptionTypes_11140_0Eval0Invoker.equals(Unknown Source)
at org.drools.rule.EvalCondition.equals(EvalCondition.java:121)
at org.drools.reteoo.EvalConditionNode.equals(EvalConditionNode.java:201)
at org.drools.reteoo.builder.BuildUtils.attachNode(BuildUtils.java:101)
Attached is a stand-alone JUnit 4 testcase where the test 'testWithBetaNodeSharing' shows this problem. It does not produce a NoClassDefFoundError but we get a NPE from <removed rule>Eval0Invoker.getMethodBytecode instead (rule 1 has been removed, rule 3 is about to be added):
java.lang.NullPointerException
at failure_on_removal.Rule_rule_1_0Eval0Invoker.getMethodBytecode(Unknown Source)
at failure_on_removal.Rule_rule_3_0Eval0Invoker.equals(Unknown Source)
at org.drools.rule.EvalCondition.equals(EvalCondition.java:121)
at org.drools.reteoo.EvalConditionNode.equals(EvalConditionNode.java:201)
at org.drools.reteoo.builder.BuildUtils.attachNode(BuildUtils.java:101)
We intepret this to be a symptom of the same problem.
The workaround is to disable beta node sharing wich will bypass the TupleSink iteration alltogheter. This is shown in the test 'testWithoutBetaNodeSharing'.
Kind regards
Christian Nedregård
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
16 years, 1 month
[JBoss JIRA] Created: (JBAOP-762) Permission Issue (with AOP) in Applet Environment
by Howard Gao (JIRA)
Permission Issue (with AOP) in Applet Environment
-------------------------------------------------
Key: JBAOP-762
URL: https://jira.jboss.org/jira/browse/JBAOP-762
Project: JBoss AOP
Issue Type: Bug
Security Level: Public (Everyone can see)
Affects Versions: 1.5.6.GA
Reporter: Howard Gao
Fix For: 1.5.7.GA
Attachments: java_console.out
Summary:
JBM client packed in an Applet. The client gets "java.util.PropertyPermission legacyParsing read" AccessControlException when trying to create a JMS connection.
Possible Reason:
The AccessControlContext was changed after JBM going through some AOP stack.
AOP version 1.5.6.GA
To reproduce this issue, I did the following:
1. create a simple applet. The applet create a button "DoWork".
2. Pressing "DoWork" will cause the applet to do a jndi lookup for a connection factory and call creationConnection() on the factory.
In createConnection(), there is a method call on an AOP instrumented object:
createConnection()
{
...
String wok = aopObj.doSomeWork("GoodWook");
...
}
The aopObj is a simple class with one method:
public class FakeInvokerLocatorWithAOP implements Serializable
{
private static final long serialVersionUID = 2223089961647029627L;
public String doSomeWork(String work)
{
return work + " done. : " + System.getProperty("legacyParsing");
}
}
This class has an advice defined in AOP xml :
<aspect class="org.jboss.jms.client.container.SimpleAspect" scope="PER_VM"/>
<bind pointcut="execution(* org.jboss.jms.client.delegate.FakeInvokerLocatorWithAOP->doSomeWork(..))">
<advice name="handleDoSomeWork" aspect="org.jboss.jms.client.container.SimpleAspect"/>
</bind>
The Advice class SimpleAspect is very simple:
public class SimpleAspect {
public Object handleDoSomeWork(Invocation inv) throws Throwable
{
String res = (String)inv.invokeNext();
res = res + " with AOP";
System.out.println("-----res: " + res);
return res;
}
}
So if the call of aopObj.doSomeWork("GoodWook") is successful, the returned value should be something like:
"GoodWook done. " + <value of sys prop 'legacyParsing'> + " with AOP"
But the real situation is that I got the following exception:
java.security.AccessControlException: access denied (java.util.PropertyPermission legacyParsing read)
Debugging shows that once the execution goes inside SimpleAspect.handleDoSomeWork(), the system's AccessControlContext has changed, but the SecurityManager remained same as before. This changed context doesn't allow the above permission.
I also checked the SimpleAspect's ProtectionDomain by
PermissionCollection pcol = this.getClass().getProtectionDomain().getPermissions();
And this proctection domain's permissions implies the above permission, namely
pcol.implies(new PropertyPermission("legacyParsing", "read")) returns true.
Note: you may need to add the following permission to your java.policy in order to get protectionDomain at this point.
permission java.lang.RuntimePermission "getProtectionDomain";
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
16 years, 1 month