You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Maarten Billemont (JIRA)" <ji...@apache.org> on 2011/03/23 11:08:07 UTC

[jira] [Created] (WICKET-3549) Use context classloader when deserializing proxies.

Use context classloader when deserializing proxies.
---------------------------------------------------

                 Key: WICKET-3549
                 URL: https://issues.apache.org/jira/browse/WICKET-3549
             Project: Wicket
          Issue Type: Bug
            Reporter: Maarten Billemont


LazyInitProxyFactory's ProxyReplacement's readResolve loads the target class using Class.forName()

This is dodgy because it uses the *caller*'s classloader, which is the classloader that loaded the ProxyReplacement class.  This is not necessarily the context Classloader.

Specifically, in our case, wicket is in JBoss' server/default/lib, we inject an EJB proxy into a wicket page using a ComponentInitializationListener, but when the component is serialized and later deserialized, the EJB client interface class cannot be found anymore by this forName() call, while the interface can be found just fine using the context Classloader.

Wicket classes are loaded by the org.jboss.classloader.spi.base.BaseClassLoader which doesn't know our EJB client interfaces.  The context classloader is that of our WAR which does know them.

As a result, deserialization of our EJB-injected wicket pages is broken.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (WICKET-3549) Use context classloader when deserializing proxies.

Posted by "Martin Grigorov (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/WICKET-3549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Grigorov resolved WICKET-3549.
-------------------------------------

    Resolution: Duplicate

Duplicate of WICKET-3503.
Will be in next releases.

> Use context classloader when deserializing proxies.
> ---------------------------------------------------
>
>                 Key: WICKET-3549
>                 URL: https://issues.apache.org/jira/browse/WICKET-3549
>             Project: Wicket
>          Issue Type: Bug
>            Reporter: Maarten Billemont
>
> LazyInitProxyFactory's ProxyReplacement's readResolve loads the target class using Class.forName()
> This is dodgy because it uses the *caller*'s classloader, which is the classloader that loaded the ProxyReplacement class.  This is not necessarily the context Classloader.
> Specifically, in our case, wicket is in JBoss' server/default/lib, we inject an EJB proxy into a wicket page using a ComponentInitializationListener, but when the component is serialized and later deserialized, the EJB client interface class cannot be found anymore by this forName() call, while the interface can be found just fine using the context Classloader.
> Wicket classes are loaded by the org.jboss.classloader.spi.base.BaseClassLoader which doesn't know our EJB client interfaces.  The context classloader is that of our WAR which does know them.
> As a result, deserialization of our EJB-injected wicket pages is broken.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira