[jboss-jira] [JBoss JIRA] (DROOLS-3429) Serialization of KiePackages fails when SecurityManager is enabled
Marcel Abou Khalil (Jira)
issues at jboss.org
Wed Dec 12 11:25:00 EST 2018
Marcel Abou Khalil created DROOLS-3429:
------------------------------------------
Summary: Serialization of KiePackages fails when SecurityManager is enabled
Key: DROOLS-3429
URL: https://issues.jboss.org/browse/DROOLS-3429
Project: Drools
Issue Type: Bug
Components: core engine
Affects Versions: 7.15.0.Final, 6.5.0.Final
Environment: Running with IBM JDK 1.8
Reporter: Marcel Abou Khalil
Assignee: Mario Fusco
Our Drools setup:
- users write rules in a combination of DSL and Java code
- rules are compiled
- packages are stored in a database (rules are seldom changed but often ran)
This has been working fine but in order to improve security, we've enabled the SecurityManager. This throws an exception while trying to serialize the consequence part of the rule:
{code:java}
Caused by: java.io.NotSerializableException: com.redacted.Rule_Events_REDACTED61028857611DefaultConsequenceInvoker
- field (class "org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence", name: "delegate", type: "interface org.drools.core.spi.Consequence")
- object (class "org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence", org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence at 93071816)
- writeExternal data
- object (class "org.drools.core.definitions.rule.impl.RuleImpl", [Rule name=REDACTED, agendaGroup=end, salience=0, no-loop=true])
- writeExternal data
- object (class "org.drools.core.rule.JavaDialectRuntimeData", org.drools.core.rule.JavaDialectRuntimeData{...})
- custom writeObject data (class "java.util.HashMap")
- object (class "java.util.HashMap", {java=org.drools.core.rule.JavaDialectRuntimeData{...}, mvel=org.drools.core.rule.MVELDialectRuntimeData at b99ea6b2})
- writeExternal data
- root object (class "org.drools.core.rule.DialectRuntimeRegistry", org.drools.core.rule.DialectRuntimeRegistry at 2d9acae8)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1213)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1615)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1576)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1499)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1209)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:365)
at org.drools.core.definitions.rule.impl.RuleImpl.writeExternal(RuleImpl.java:180)
{code}
Possible cause:
Class
{code:java}
RuleImpl
{code}
, method
{code:java}
writeExternal
{code}
will write out
{code:java}
null
{code}
if the consequence is of type
{code:java}
CompiledInvoker
{code}
. But if the SecurityManager is enabled, the method
{code:java}
wire
{code}
will wrap the Consequence inside a
{code:java}
SafeConsequence
{code}
. A
{code:java}
SafeConsequence
{code}
is not a
{code:java}
CompiledInvoker
{code}
so
{code:java}
writeExternal
{code}
will attempt to serialize it, instead of just writing null and fails.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list