[jboss-jira] [JBoss JIRA] (DROOLS-3429) Serialization of KiePackages fails when SecurityManager is enabled
Tibor Zimányi (Jira)
issues at jboss.org
Wed Jan 9 03:36:00 EST 2019
[ https://issues.jboss.org/browse/DROOLS-3429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13679743#comment-13679743 ]
Tibor Zimányi commented on DROOLS-3429:
---------------------------------------
[~aboukhal] I am afraid we missed the 7.16.0.Final release, so it will be in 7.17.0.Final, which should be out in a month or so, if nothing blocking happens. We try to release each month now [1].
[1] https://mvnrepository.com/artifact/org.drools/drools-core
> Serialization of KiePackages fails when SecurityManager is enabled
> ------------------------------------------------------------------
>
> Key: DROOLS-3429
> URL: https://issues.jboss.org/browse/DROOLS-3429
> Project: Drools
> Issue Type: Bug
> Components: core engine
> Affects Versions: 6.5.0.Final, 7.15.0.Final
> Environment: Running with IBM JDK 1.8
> Reporter: Marcel Abou Khalil
> Assignee: Tibor Zimányi
> Priority: Major
> Fix For: 7.17.0.Final
>
>
> Our Drools setup:
> - users write rules in a combination of DSL and Java code
> - rules are compiled
> - packages are stored in a database (rules are seldom changed but often ran)
> This has been working fine but in order to improve security, we've enabled the SecurityManager. This throws an exception while trying to serialize the consequence part of the rule:
> {code:java}
> Caused by: java.io.NotSerializableException: com.redacted.Rule_Events_REDACTED61028857611DefaultConsequenceInvoker
> - field (class "org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence", name: "delegate", type: "interface org.drools.core.spi.Consequence")
> - object (class "org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence", org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence at 93071816)
> - writeExternal data
> - object (class "org.drools.core.definitions.rule.impl.RuleImpl", [Rule name=REDACTED, agendaGroup=end, salience=0, no-loop=true])
> - writeExternal data
> - object (class "org.drools.core.rule.JavaDialectRuntimeData", org.drools.core.rule.JavaDialectRuntimeData{...})
> - custom writeObject data (class "java.util.HashMap")
> - object (class "java.util.HashMap", {java=org.drools.core.rule.JavaDialectRuntimeData{...}, mvel=org.drools.core.rule.MVELDialectRuntimeData at b99ea6b2})
> - writeExternal data
> - root object (class "org.drools.core.rule.DialectRuntimeRegistry", org.drools.core.rule.DialectRuntimeRegistry at 2d9acae8)
> at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1213)
> at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1615)
> at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1576)
> at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1499)
> at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1209)
> at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:365)
> at org.drools.core.definitions.rule.impl.RuleImpl.writeExternal(RuleImpl.java:180)
> {code}
> Possible cause:
> Class {{RuleImpl}}, method {{writeExternal}} will write out {{null}} if the consequence is of type {{CompiledInvoker}}. But if the SecurityManager is enabled, the method {{wire}} will wrap the Consequence inside a {{SafeConsequence}}. A {{SafeConsequence}}, in contrast to the wrapped consequence is not a {{CompiledInvoker}}, so {{writeExternal}} will attempt to serialize it, instead of just writing {{null}} and fails.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list