Bug 1126489 - [GSS] (6.4.0) Marshalling fails on objects that require permissions in their readObject
Summary: [GSS] (6.4.0) Marshalling fails on objects that require permissions in their ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Remoting
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: DR1
: EAP 6.4.0
Assignee: Brad Maxwell
QA Contact: Jitka Kozana
URL:
Whiteboard:
Depends On:
Blocks: 1122329 1126528
TreeView+ depends on / blocked
 
Reported: 2014-08-04 14:32 UTC by Brad Maxwell
Modified: 2019-08-19 12:43 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
With the Java Security manager enabled, the java.security.AccessControlException was thrown when a java.util.Calendar object was passed as an argument or response from an EJB method, even with a java security policy that provides the necessary permissions. This issue has been fixed in this release. The exception is no longer thrown and the marshalling and EJB call succeed.
Clone Of:
: 1126528 (view as bug list)
Environment:
Last Closed: 2019-08-19 12:38:36 UTC
Type: Bug


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
JBoss Issue Tracker JBMAR-165 Major Resolved Marshalling fails on objects that require permissions in their readObject 2017-08-07 15:46:56 UTC

Description Brad Maxwell 2014-08-04 14:32:47 UTC
The JRE java.util.Calendar object in its readObject requires the permission accessClassInPackage.sun.util.calendar which causes Marshalling to fail.

http://bugs.java.com/bugdatabase/view_bug.do?bug_id=4921945

java.security.AccessControlException: access denied ("java.io.SerializablePermission" "enableSubclassImplementation")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372) [rt.jar:1.7.0_51]
at java.security.AccessController.checkPermission(AccessController.java:559) [rt.jar:1.7.0_51]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [rt.jar:1.7.0_51]
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:322) [rt.jar:1.7.0_51]
at org.jboss.marshalling.MarshallerObjectInputStream.<init>(MarshallerObjectInputStream.java:49)
at org.jboss.marshalling.cloner.SerializingCloner$StepObjectInputStream.<init>(SerializingCloner.java:583)
at org.jboss.marshalling.cloner.SerializingCloner.initSerializableClone(SerializingCloner.java:307)

Comment 1 JBoss JIRA Server 2014-08-04 16:04:46 UTC
David Lloyd <david.lloyd@redhat.com> updated the status of jira JBMAR-165 to Resolved

Comment 3 Kabir Khan 2014-08-26 20:20:42 UTC
Should be fixed by remoting upgrade to 1.4.8 https://bugzilla.redhat.com/show_bug.cgi?id=1122329

Comment 4 Ladislav Thon 2014-09-26 07:47:50 UTC
Verified with EAP 6.4.0.DR2.


Note You need to log in before you can comment on or make changes to this bug.