[richfaces-issues] [JBoss JIRA] (RF-13195) Showcase: Unauthorized deserialization attempt with MyFaces

Brian Leathem (JIRA) jira-events at lists.jboss.org
Tue Sep 17 12:28:03 EDT 2013 

     [ https://issues.jboss.org/browse/RF-13195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brian Leathem resolved RF-13195.
--------------------------------

    Resolution: Done


Added javax.faces.view.Location to the resrouce-serialisation.properties file
                
> Showcase: Unauthorized deserialization attempt with MyFaces
> -----------------------------------------------------------
>
>                 Key: RF-13195
>                 URL: https://issues.jboss.org/browse/RF-13195
>             Project: RichFaces
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: examples
>    Affects Versions: 4.3.4
>         Environment: Showcase 4.3.4.Final
>            Reporter: Pavol Pitonak
>             Fix For: 4.3.4
>
>
> # deploy richfaces-showcase-4.3.4.Final-myfaces.war to Tomcat 7.0.42
> # open sample for media output
> result:
> * console log contains this exception:
> {quote}
> Sep 16, 2013 4:55:40 PM org.richfaces.util.Util decodeObjectData
> SEVERE: Input error for deserialize data 
> java.io.InvalidClassException: Unauthorized deserialization attempt; javax.faces.view.Location
> at org.richfaces.util.LookAheadObjectInputStream.resolveClass(LookAheadObjectInputStream.java:97)
> at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1610)
> at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1515)
> at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1771)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1348)
> at java.io.ObjectInputStream.readObject(ObjectInputStream.java:370)
> at org.apache.myfaces.view.facelets.el.ContextAwareTagMethodExpression.readExternal(ContextAwareTagMethodExpression.java:162)
> at java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:1837)
> at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1796)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1348)
> at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1704)
> at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1342)
> at java.io.ObjectInputStream.readObject(ObjectInputStream.java:370)
> at org.richfaces.util.Util.decodeObjectData(Util.java:237)
> at org.richfaces.resource.DefaultCodecResourceRequestData.getData(DefaultCodecResourceRequestData.java:97)
> at org.richfaces.resource.ResourceFactoryImpl.createResource(ResourceFactoryImpl.java:337)
> at org.richfaces.resource.ResourceHandlerImpl.handleResourceRequest(ResourceHandlerImpl.java:156)
> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:191)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at org.richfaces.webapp.PushFilter.doFilter(PushFilter.java:129)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:172)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
> at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
> at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:724)
> {quote}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the richfaces-issues mailing list