1126528 – [GSS] (6.3.1) Marshalling fails on objects that require permissions in their readObject

Bug 1126528 - [GSS] (6.3.1) Marshalling fails on objects that require permissions in their readObject

Summary: [GSS] (6.3.1) Marshalling fails on objects that require permissions in their ...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Remoting
Sub Component:
Version:	6.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	CR1
Target Release:	EAP 6.3.1
Assignee:	David M. Lloyd
QA Contact:	Jitka Kozana
Docs Contact:	Russell Dickenson
URL:
Whiteboard:
Depends On:	1126489
Blocks:	eap631-blockers, eap631-payload, eap63-cp01-blockers 1102266 1126529
TreeView+	depends on / blocked

Reported:	2014-08-04 16:16 UTC by Brad Maxwell
Modified:	2018-12-06 17:35 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	With the java security manager enabled, java.security.AccessControlException was thrown when a java.util.Calendar object was passed as an argument or response from an EJB method, even with a java security policy that provides the necessary permissions.. With this fix, the exception is no longer thrown and the marshalling and EJB call succeed.
Clone Of:	1126489
Clones:	1126529 (view as bug list)
Environment:
Last Closed:	2014-10-13 18:37:41 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)
reproducer (20.68 KB, application/octet-stream) 2014-09-02 08:25 UTC, Ladislav Thon	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	JBMAR-165	0	Major	Resolved	Marshalling fails on objects that require permissions in their readObject	2016-09-05 11:14:10 UTC

Description Brad Maxwell 2014-08-04 16:16:17 UTC

+++ This bug was initially created as a clone of Bug #1126489 +++

The JRE java.util.Calendar object in its readObject requires the permission accessClassInPackage.sun.util.calendar which causes Marshalling to fail.

http://bugs.java.com/bugdatabase/view_bug.do?bug_id=4921945

java.security.AccessControlException: access denied ("java.io.SerializablePermission" "enableSubclassImplementation")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372) [rt.jar:1.7.0_51]
at java.security.AccessController.checkPermission(AccessController.java:559) [rt.jar:1.7.0_51]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [rt.jar:1.7.0_51]
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:322) [rt.jar:1.7.0_51]
at org.jboss.marshalling.MarshallerObjectInputStream.<init>(MarshallerObjectInputStream.java:49)
at org.jboss.marshalling.cloner.SerializingCloner$StepObjectInputStream.<init>(SerializingCloner.java:583)
at org.jboss.marshalling.cloner.SerializingCloner.initSerializableClone(SerializingCloner.java:307)

--- Additional comment from JBoss JIRA Server on 2014-08-04 12:04:46 EDT ---

David Lloyd <david.lloyd> updated the status of jira JBMAR-165 to Resolved

Comment 2 Ladislav Thon 2014-09-02 07:57:57 UTC

Verified with EAP 6.3.1.

Comment 3 Ladislav Thon 2014-09-02 08:25:56 UTC

Created attachment 933649 [details]
reproducer

I have a stripped down version of ClusterBench that I used to verify this. I'm attaching it together with simple repro instructions for future convenience.

Note You need to log in before you can comment on or make changes to this bug.