Bug 1126528 - [GSS] (6.3.1) Marshalling fails on objects that require permissions in their readObject
Summary: [GSS] (6.3.1) Marshalling fails on objects that require permissions in their ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Remoting
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: CR1
: EAP 6.3.1
Assignee: David M. Lloyd
QA Contact: Jitka Kozana
Russell Dickenson
URL:
Whiteboard:
Depends On: 1126489
Blocks: eap631-blockers, eap631-payload, eap63-cp01-blockers 1102266 1126529
TreeView+ depends on / blocked
 
Reported: 2014-08-04 16:16 UTC by Brad Maxwell
Modified: 2018-12-06 17:35 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
With the java security manager enabled, java.security.AccessControlException was thrown when a java.util.Calendar object was passed as an argument or response from an EJB method, even with a java security policy that provides the necessary permissions.. With this fix, the exception is no longer thrown and the marshalling and EJB call succeed.
Clone Of: 1126489
: 1126529 (view as bug list)
Environment:
Last Closed: 2014-10-13 18:37:41 UTC
Type: Bug


Attachments (Terms of Use)
reproducer (20.68 KB, application/octet-stream)
2014-09-02 08:25 UTC, Ladislav Thon
no flags Details


Links
System ID Priority Status Summary Last Updated
JBoss Issue Tracker JBMAR-165 Major Resolved Marshalling fails on objects that require permissions in their readObject 2016-09-05 11:14:10 UTC

Description Brad Maxwell 2014-08-04 16:16:17 UTC
+++ This bug was initially created as a clone of Bug #1126489 +++

The JRE java.util.Calendar object in its readObject requires the permission accessClassInPackage.sun.util.calendar which causes Marshalling to fail.

http://bugs.java.com/bugdatabase/view_bug.do?bug_id=4921945

java.security.AccessControlException: access denied ("java.io.SerializablePermission" "enableSubclassImplementation")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372) [rt.jar:1.7.0_51]
at java.security.AccessController.checkPermission(AccessController.java:559) [rt.jar:1.7.0_51]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [rt.jar:1.7.0_51]
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:322) [rt.jar:1.7.0_51]
at org.jboss.marshalling.MarshallerObjectInputStream.<init>(MarshallerObjectInputStream.java:49)
at org.jboss.marshalling.cloner.SerializingCloner$StepObjectInputStream.<init>(SerializingCloner.java:583)
at org.jboss.marshalling.cloner.SerializingCloner.initSerializableClone(SerializingCloner.java:307)

--- Additional comment from JBoss JIRA Server on 2014-08-04 12:04:46 EDT ---

David Lloyd <david.lloyd@redhat.com> updated the status of jira JBMAR-165 to Resolved

Comment 2 Ladislav Thon 2014-09-02 07:57:57 UTC
Verified with EAP 6.3.1.

Comment 3 Ladislav Thon 2014-09-02 08:25:56 UTC
Created attachment 933649 [details]
reproducer

I have a stripped down version of ClusterBench that I used to verify this. I'm attaching it together with simple repro instructions for future convenience.


Note You need to log in before you can comment on or make changes to this bug.