Bug 1126528

Summary: [GSS] (6.3.1) Marshalling fails on objects that require permissions in their readObject
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Brad Maxwell <bmaxwell>
Component: RemotingAssignee: David M. Lloyd <david.lloyd>
Status: CLOSED CURRENTRELEASE QA Contact: Jitka Kozana <jkudrnac>
Severity: unspecified Docs Contact: Russell Dickenson <rdickens>
Priority: unspecified    
Version: 6.3.0CC: bbaranow, jkudrnac, lthon, myarboro, rdickens
Target Milestone: CR1Keywords: Triaged
Target Release: EAP 6.3.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
With the java security manager enabled, java.security.AccessControlException was thrown when a java.util.Calendar object was passed as an argument or response from an EJB method, even with a java security policy that provides the necessary permissions.. With this fix, the exception is no longer thrown and the marshalling and EJB call succeed.
 Story Points: ---
Clone Of: 1126489
: 1126529 (view as bug list) Environment:
Last Closed: 2014-10-13 18:37:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1126489    
Bug Blocks: 1102082, 1102266, 1126529    
Attachments:
Description Flags
reproducer none

Description Brad Maxwell 2014-08-04 16:16:17 UTC 
+++ This bug was initially created as a clone of Bug #1126489 +++

The JRE java.util.Calendar object in its readObject requires the permission accessClassInPackage.sun.util.calendar which causes Marshalling to fail.

http://bugs.java.com/bugdatabase/view_bug.do?bug_id=4921945

java.security.AccessControlException: access denied ("java.io.SerializablePermission" "enableSubclassImplementation")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372) [rt.jar:1.7.0_51]
at java.security.AccessController.checkPermission(AccessController.java:559) [rt.jar:1.7.0_51]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [rt.jar:1.7.0_51]
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:322) [rt.jar:1.7.0_51]
at org.jboss.marshalling.MarshallerObjectInputStream.<init>(MarshallerObjectInputStream.java:49)
at org.jboss.marshalling.cloner.SerializingCloner$StepObjectInputStream.<init>(SerializingCloner.java:583)
at org.jboss.marshalling.cloner.SerializingCloner.initSerializableClone(SerializingCloner.java:307)

--- Additional comment from JBoss JIRA Server on 2014-08-04 12:04:46 EDT ---

David Lloyd <david.lloyd> updated the status of jira JBMAR-165 to Resolved
Comment 2 Ladislav Thon 2014-09-02 07:57:57 UTC 
Verified with EAP 6.3.1.
Comment 3 Ladislav Thon 2014-09-02 08:25:56 UTC 
Created attachment 933649 [details]
reproducer

I have a stripped down version of ClusterBench that I used to verify this. I'm attaching it together with simple repro instructions for future convenience.