Bug 1126528 - [GSS] (6.3.1) Marshalling fails on objects that require permissions in their readObject
Summary: [GSS] (6.3.1) Marshalling fails on objects that require permissions in their ...
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Remoting
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: CR1
: EAP 6.3.1
Assignee: David M. Lloyd
QA Contact: Jitka Kozana
Russell Dickenson
Depends On: 1126489
Blocks: eap631-blockers, eap631-payload, eap63-cp01-blockers 1102266 1126529
TreeView+ depends on / blocked
Reported: 2014-08-04 16:16 UTC by Brad Maxwell
Modified: 2018-12-06 17:35 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
With the java security manager enabled, java.security.AccessControlException was thrown when a java.util.Calendar object was passed as an argument or response from an EJB method, even with a java security policy that provides the necessary permissions.. With this fix, the exception is no longer thrown and the marshalling and EJB call succeed.
Clone Of: 1126489
: 1126529 (view as bug list)
Last Closed: 2014-10-13 18:37:41 UTC
Type: Bug

Attachments (Terms of Use)
reproducer (20.68 KB, application/octet-stream)
2014-09-02 08:25 UTC, Ladislav Thon
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker JBMAR-165 0 Major Resolved Marshalling fails on objects that require permissions in their readObject 2016-09-05 11:14:10 UTC

Description Brad Maxwell 2014-08-04 16:16:17 UTC
+++ This bug was initially created as a clone of Bug #1126489 +++

The JRE java.util.Calendar object in its readObject requires the permission accessClassInPackage.sun.util.calendar which causes Marshalling to fail.


java.security.AccessControlException: access denied ("java.io.SerializablePermission" "enableSubclassImplementation")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372) [rt.jar:1.7.0_51]
at java.security.AccessController.checkPermission(AccessController.java:559) [rt.jar:1.7.0_51]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [rt.jar:1.7.0_51]
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:322) [rt.jar:1.7.0_51]
at org.jboss.marshalling.MarshallerObjectInputStream.<init>(MarshallerObjectInputStream.java:49)
at org.jboss.marshalling.cloner.SerializingCloner$StepObjectInputStream.<init>(SerializingCloner.java:583)
at org.jboss.marshalling.cloner.SerializingCloner.initSerializableClone(SerializingCloner.java:307)

--- Additional comment from JBoss JIRA Server on 2014-08-04 12:04:46 EDT ---

David Lloyd <david.lloyd> updated the status of jira JBMAR-165 to Resolved

Comment 2 Ladislav Thon 2014-09-02 07:57:57 UTC
Verified with EAP 6.3.1.

Comment 3 Ladislav Thon 2014-09-02 08:25:56 UTC
Created attachment 933649 [details]

I have a stripped down version of ClusterBench that I used to verify this. I'm attaching it together with simple repro instructions for future convenience.

Note You need to log in before you can comment on or make changes to this bug.