You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openwebbeans.apache.org by "Mark Struberg (JIRA)" <ji...@apache.org> on 2011/03/24 22:26:05 UTC

[jira] [Resolved] (OWB-469) JSR299TCK: Security Error / Passivation errors during readObject

     [ https://issues.apache.org/jira/browse/OWB-469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mark Struberg resolved OWB-469.
-------------------------------

    Resolution: Fixed

> JSR299TCK: Security Error / Passivation errors during readObject
> ----------------------------------------------------------------
>
>                 Key: OWB-469
>                 URL: https://issues.apache.org/jira/browse/OWB-469
>             Project: OpenWebBeans
>          Issue Type: Bug
>          Components: Events
>    Affects Versions: 1.0.1, 1.1.0, 1.0.0-alpha-2
>         Environment: win server 2003
>            Reporter: Rohit Dilip Kelapure
>            Assignee: Rohit Dilip Kelapure
>             Fix For: 1.1.0
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> JIRA opened on behalf of Paul Reder. 
> Problem Observed: 
> Snippet for failure:
>    @SpecAssertions({
>       @SpecAssertion(section = "10.3.2", id = "g"),
>       @SpecAssertion(section = "6.6.2", id = "e")
>    })
>    public void testImplicitEventIsPassivationCapable() throws IOException, ClassNotFoundException
>    {
>       StudentDirectory directory = getInstanceByType(StudentDirectory.class);
>       directory.reset();
>       Registration registration = getInstanceByType(Registration.class);
>       Event<StudentRegisteredEvent> event = registration.getInjectedStudentRegisteredEvent();
>       assert Serializable.class.isAssignableFrom(event.getClass());
>       byte[] serializedEvent = serialize(event);
>       ...
>       Event<StudentRegisteredEvent> eventCopy = (Event<StudentRegisteredEvent>) deserialize(serializedEvent); // <--- error here
>       ...
> Error:
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessClassInPackage.com.xxx.oti.reflect)
> 		 at java.security.AccessController.checkPermission(AccessController.java:108)
> 		 at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> 		 at com.xxx.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> 		 at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1528)
> 		 at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:343)
> 		 at java.lang.ClassLoader.loadClass(ClassLoader.java:619)
> 		 at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:438)
> 		 at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:422)
> 		 at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:410)
> 		 at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:103)
> 		 at java.lang.ClassLoader.loadClass(ClassLoader.java:619)
> 		 at java.lang.Class.forNameImpl(Native Method)
> 		 at java.lang.Class.forName(Class.java:169)
> 		 at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:605)
> 		 at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1559)
> 		 at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1500)
> 		 at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1736)
> 		 at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1333)
> 		 at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1951)
> 		 at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1875)
> 		 at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1757)
> 		 at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1333)
> 		 at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1671)
> 		 at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1327)
> 		 at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1951)
> 		 at java.io.ObjectInputStream.defaultReadObject(ObjectInputStream.java:481)
> 		 at org.apache.webbeans.event.EventImpl.readObject(EventImpl.java:153)
> 		 at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1033)
> 		 at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1853)
> 		 at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1757)
> 		 at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1333)
> 		 at java.io.ObjectInputStream.readObject(ObjectInputStream.java:352)
> 		 at org.jboss.jsr299.tck.AbstractJSR299Test.deserialize(AbstractJSR299Test.java:63)
> 		 at org.jboss.jsr299.tck.tests.event.implicit.ImplicitEventTest.testImplicitEventIsPassivationCapable(ImplicitEventTest.java:118)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira