[jboss-jira] [JBoss JIRA] (DROOLS-3429) Serialization of KiePackages fails when SecurityManager is enabled
Marcel Abou Khalil (Jira)
issues at jboss.org
Fri Dec 21 07:54:00 EST 2018
[ https://issues.jboss.org/browse/DROOLS-3429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13677035#comment-13677035 ]
Marcel Abou Khalil commented on DROOLS-3429:
--------------------------------------------
Hi [~tzimanyi],
thanks for your test case. It is perfect in demonstrating the bug. It seems you just forgot to set the property { -Dkie.security.policy="replace_me_with_path_to_policy_file_for_rules" }. If you run the test with that property (you can even point it to the same permissive policy that you used for the whole JVM) you should see the exception.
> Serialization of KiePackages fails when SecurityManager is enabled
> ------------------------------------------------------------------
>
> Key: DROOLS-3429
> URL: https://issues.jboss.org/browse/DROOLS-3429
> Project: Drools
> Issue Type: Bug
> Components: core engine
> Affects Versions: 6.5.0.Final, 7.15.0.Final
> Environment: Running with IBM JDK 1.8
> Reporter: Marcel Abou Khalil
> Assignee: Mario Fusco
> Priority: Major
>
> Our Drools setup:
> - users write rules in a combination of DSL and Java code
> - rules are compiled
> - packages are stored in a database (rules are seldom changed but often ran)
> This has been working fine but in order to improve security, we've enabled the SecurityManager. This throws an exception while trying to serialize the consequence part of the rule:
> {code:java}
> Caused by: java.io.NotSerializableException: com.redacted.Rule_Events_REDACTED61028857611DefaultConsequenceInvoker
> - field (class "org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence", name: "delegate", type: "interface org.drools.core.spi.Consequence")
> - object (class "org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence", org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence at 93071816)
> - writeExternal data
> - object (class "org.drools.core.definitions.rule.impl.RuleImpl", [Rule name=REDACTED, agendaGroup=end, salience=0, no-loop=true])
> - writeExternal data
> - object (class "org.drools.core.rule.JavaDialectRuntimeData", org.drools.core.rule.JavaDialectRuntimeData{...})
> - custom writeObject data (class "java.util.HashMap")
> - object (class "java.util.HashMap", {java=org.drools.core.rule.JavaDialectRuntimeData{...}, mvel=org.drools.core.rule.MVELDialectRuntimeData at b99ea6b2})
> - writeExternal data
> - root object (class "org.drools.core.rule.DialectRuntimeRegistry", org.drools.core.rule.DialectRuntimeRegistry at 2d9acae8)
> at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1213)
> at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1615)
> at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1576)
> at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1499)
> at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1209)
> at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:365)
> at org.drools.core.definitions.rule.impl.RuleImpl.writeExternal(RuleImpl.java:180)
> {code}
> Possible cause:
> Class {{RuleImpl}}, method {{writeExternal}} will write out {{null}} if the consequence is of type {{CompiledInvoker}}. But if the SecurityManager is enabled, the method {{wire}} will wrap the Consequence inside a {{SafeConsequence}}. A {{SafeConsequence}}, in contrast to the wrapped consequence is not a {{CompiledInvoker}}, so {{writeExternal}} will attempt to serialize it, instead of just writing {{null}} and fails.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list