I posted a new bug report to the Hessian people: http://bugs.caucho.com/view.php?id=4080 There is also some information about this bug here: http://groups.google.com/group/google-appengine-java/browse_thread/thread/ccb9d0ff6b88545/
On Jun 8, 10:31 am, Matija <matija.jerko...@gmail.com> wrote: > Any news about this SecurityException ? > > Matija. > > On Jun 5, 4:46 pm, dilbert <dilbert.elbo...@gmail.com> wrote: > > > I am having trouble with Hessian on Google App Engine. First I will > > describe the setup. I have a persistent class MessageDb declared as > > (It contains a String and an arraylist of strings): > > > @PersistenceCapable > > public class MessageDb { > > @PrimaryKey > > private String user; > > > @Persistent > > private ArrayList<String> words = new ArrayList<String>(); > > /* getters and setters ...*/ > > > } > > > I have the following service interface: > > public interface IService { > > ArrayList<String> testMessage(); > > /* Some other methods ... */ > > } > > > The Service is implemented on App engine in the following way: > > public class Service extends HessianServlet implements IService { > > private static final PersistenceManagerFactory pmfInstance = > > JDOHelper.getPersistenceManagerFactory("transactions-optional"); > > > @Override > > public ArrayList<String> testMessage() { > > PersistenceManager pm = null; > > try { > > pm = pmfInstance.getPersistenceManager(); > > > MessageDb messageDb; > > try { > > messageDb = pm.getObjectById(MessageDb.class, > > "testMessage"); > > } catch (JDOObjectNotFoundException e) { > > return null; > > } > > return messageDb.getWords(); > > //return new ArrayList<String>(messageDb.getWords()); > > } finally { > > if (pm != null) > > pm.close(); > > } > > } > > > } > > > The service simply retrieves an MessageDb object by key and returns > > the object's ArrayList<String>. This code works fine on the local > > development server but it fails when deployed on remote Google servers > > with the following exception: > > > java.lang.SecurityException: java.lang.IllegalAccessException: > > Reflection is not allowed on private int java.util.ArrayList.size > > at > > com.google.appengine.runtime.Request.process-0c4ab611241850c6(Request.java) > > at java.lang.reflect.Field.setAccessible(Field.java:166) > > at > > com.caucho.hessian.io.JavaSerializer.introspect(JavaSerializer.java: > > 122) > > at com.caucho.hessian.io.JavaSerializer.<init>(JavaSerializer.java: > > 81) > > at com.caucho.hessian.io.JavaSerializer.create(JavaSerializer.java: > > 95) > > at > > com.caucho.hessian.io.SerializerFactory.getDefaultSerializer(SerializerFact > > ory.java: > > 348) > > at > > com.caucho.hessian.io.SerializerFactory.loadSerializer(SerializerFactory.ja > > va: > > 278) > > at > > com.caucho.hessian.io.SerializerFactory.getSerializer(SerializerFactory.jav > > a: > > 224) > > at > > com.caucho.hessian.io.SerializerFactory.getObjectSerializer(SerializerFacto > > ry.java: > > 197) > > at > > com.caucho.hessian.io.Hessian2Output.writeObject(Hessian2Output.java: > > 418) > > at > > com.caucho.hessian.io.AbstractHessianOutput.writeReply(AbstractHessianOutpu > > t.java: > > 558) > > at > > com.caucho.hessian.server.HessianSkeleton.invoke(HessianSkeleton.java: > > 323) > > at > > com.caucho.hessian.server.HessianSkeleton.invoke(HessianSkeleton.java: > > 202) > > at > > com.caucho.hessian.server.HessianServlet.invoke(HessianServlet.java: > > 389) > > at > > com.caucho.hessian.server.HessianServlet.service(HessianServlet.java: > > 369) > > at > > org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java: > > 511) > > at org.mortbay.jetty.servlet.ServletHandler > > $CachedChain.doFilter(ServletHandler.java:1166) > > at > > com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlo > > bUploadFilter.java: > > 97) > > at org.mortbay.jetty.servlet.ServletHandler > > $CachedChain.doFilter(ServletHandler.java:1157) > > at > > com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionF > > ilter.java: > > 35) > > at org.mortbay.jetty.servlet.ServletHandler > > $CachedChain.doFilter(ServletHandler.java:1157) > > at > > com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(Trans > > actionCleanupFilter.java: > > 43) > > at org.mortbay.jetty.servlet.ServletHandler > > $CachedChain.doFilter(ServletHandler.java:1157) > > at > > org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java: > > 388) > > at > > org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java: > > 216) > > at > > org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java: > > 182) > > at > > org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java: > > 765) > > at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java: > > 418) > > at > > com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionH > > andlerMap.java: > > 238) > > at > > org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java: > > 152) > > at org.mortbay.jetty.Server.handle(Server.java:326) > > at > > org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java: > > 542) > > at org.mortbay.jetty.HttpConnection > > $RequestHandler.headerComplete(HttpConnection.java:923) > > at > > com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequ > > estParser.java: > > 76) > > at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) > > at > > com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceReques > > t(JettyServletEngineAdapter.java: > > 135) > > at > > com.google.apphosting.runtime.JavaRuntime.handleRequest(JavaRuntime.java: > > 250) > > at com.google.apphosting.base.RuntimePb$EvaluationRuntime > > $6.handleBlockingRequest(RuntimePb.java:5838) > > at com.google.apphosting.base.RuntimePb$EvaluationRuntime > > $6.handleBlockingRequest(RuntimePb.java:5836) > > at > > com.google.net.rpc.impl.BlockingApplicationHandler.handleRequest(BlockingAp > > plicationHandler.java: > > 24) > > at com.google.net.rpc.impl.RpcUtil.runRpcInApplication(RpcUtil.java: > > 398) > > at com.google.net.rpc.impl.Server$2.run(Server.java:852) > > at > > com.google.tracing.LocalTraceSpanRunnable.run(LocalTraceSpanRunnable.java: > > 56) > > at > > com.google.tracing.LocalTraceSpanBuilder.internalContinueSpan(LocalTraceSpa > > nBuilder.java: > > 576) > > at com.google.net.rpc.impl.Server.startRpc(Server.java:807) > > at com.google.net.rpc.impl.Server.processRequest(Server.java:369) > > at > > com.google.net.rpc.impl.ServerConnection.messageReceived(ServerConnection.j > > ava: > > 442) > > at > > com.google.net.rpc.impl.RpcConnection.parseMessages(RpcConnection.java: > > 319) > > at > > com.google.net.rpc.impl.RpcConnection.dataReceived(RpcConnection.java: > > 290) > > at com.google.net.async.Connection.handleReadEvent(Connection.java: > > 474) > > at > > com.google.net.async.EventDispatcher.processNetworkEvents(EventDispatcher.j > > ava: > > 831) > > at > > com.google.net.async.EventDispatcher.internalLoop(EventDispatcher.java: > > 207) > > at com.google.net.async.EventDispatcher.loop(EventDispatcher.java: > > 103) > > at > > com.google.net.rpc.RpcService.runUntilServerShutdown(RpcService.java: > > 251) > > at com.google.apphosting.runtime.JavaRuntime > > $RpcRunnable.run(JavaRuntime.java:413) > > at java.lang.Thread.run(Unknown Source) > > Caused by: java.lang.IllegalAccessException: Reflection is not allowed > > on private int java.util.ArrayList.size > > ... 55 more > > > I am not sure if this security exception is a bug in Hessian (for > > using an "forbidden" API) or In App engine (too tight security check) > > so I would like to hear what You think about it. I think this is > > perhaps connected with the datanucleus enhancements of the persistent > > class MessageDb. When the arrayList elements are copied in a new > > arrayList (like so: return new > > ArrayList<String>(messageDb.getWords()); ) then the exception does not > > occur. > > > Another problem that I ran into is similar but it has to do with > > exceptions. I will start with an example. First the exception > > declaration: > > public class TestException extends RuntimeException {} > > > Next the service declaration: > > public interface IService { > > void testException();} > > > And finally the service implementation: > > public class Service extends HessianServlet implements IService { > > public void testException() { > > throw new TestException(); > > }} > > > As You can see this is a trivial implementation to test the exception. > > When executed on Google servers it dies like this: > > > java.lang.SecurityException: java.lang.IllegalAccessException: > > Reflection is not allowed on private java.lang.Throwable > > java.lang.Throwable.cause > > at > > com.google.appengine.runtime.Request.process-9880ff155b30e983(Request.java) > > at java.lang.reflect.Field.setAccessible(Field.java:166) > > at > > com.caucho.hessian.io.JavaSerializer.introspect(JavaSerializer.java: > > 122) > > at com.caucho.hessian.io.JavaSerializer.<init>(JavaSerializer.java: > > 81) > > at > > com.caucho.hessian.io.ThrowableSerializer.<init>(ThrowableSerializer.java: > > 59) > > at > > com.caucho.hessian.io.SerializerFactory.loadSerializer(SerializerFactory.ja > > va: > > 301) > > at > > com.caucho.hessian.io.SerializerFactory.getSerializer(SerializerFactory.jav > > a: > > 224) > > at > > ... > > read more » -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.