I posted a new bug report to the Hessian people:
http://bugs.caucho.com/view.php?id=4080
There is also some information about this bug here:
http://groups.google.com/group/google-appengine-java/browse_thread/thread/ccb9d0ff6b88545/
On Jun 8, 10:31 am, Matija <matija.jerko...@gmail.com> wrote:
> Any news about this SecurityException ?
>
> Matija.
>
> On Jun 5, 4:46 pm, dilbert <dilbert.elbo...@gmail.com> wrote:
>
> > I am having trouble with Hessian on Google App Engine. First I will
> > describe the setup. I have a persistent class MessageDb declared as
> > (It contains a String and an arraylist of strings):
>
> > @PersistenceCapable
> > public class MessageDb {
> > @PrimaryKey
> > private String user;
>
> > @Persistent
> > private ArrayList<String> words = new ArrayList<String>();
> > /* getters and setters ...*/
>
> > }
>
> > I have the following service interface:
> > public interface IService {
> > ArrayList<String> testMessage();
> > /* Some other methods ... */
> > }
>
> > The Service is implemented on App engine in the following way:
> > public class Service extends HessianServlet implements IService {
> > private static final PersistenceManagerFactory pmfInstance =
> > JDOHelper.getPersistenceManagerFactory("transactions-optional");
>
> > @Override
> > public ArrayList<String> testMessage() {
> > PersistenceManager pm = null;
> > try {
> > pm = pmfInstance.getPersistenceManager();
>
> > MessageDb messageDb;
> > try {
> > messageDb = pm.getObjectById(MessageDb.class,
> > "testMessage");
> > } catch (JDOObjectNotFoundException e) {
> > return null;
> > }
> > return messageDb.getWords();
> > //return new ArrayList<String>(messageDb.getWords());
> > } finally {
> > if (pm != null)
> > pm.close();
> > }
> > }
>
> > }
>
> > The service simply retrieves an MessageDb object by key and returns
> > the object's ArrayList<String>. This code works fine on the local
> > development server but it fails when deployed on remote Google servers
> > with the following exception:
>
> > java.lang.SecurityException: java.lang.IllegalAccessException:
> > Reflection is not allowed on private int java.util.ArrayList.size
> > at
> > com.google.appengine.runtime.Request.process-0c4ab611241850c6(Request.java)
> > at java.lang.reflect.Field.setAccessible(Field.java:166)
> > at
> > com.caucho.hessian.io.JavaSerializer.introspect(JavaSerializer.java:
> > 122)
> > at com.caucho.hessian.io.JavaSerializer.<init>(JavaSerializer.java:
> > 81)
> > at com.caucho.hessian.io.JavaSerializer.create(JavaSerializer.java:
> > 95)
> > at
> > com.caucho.hessian.io.SerializerFactory.getDefaultSerializer(SerializerFact
> > ory.java:
> > 348)
> > at
> > com.caucho.hessian.io.SerializerFactory.loadSerializer(SerializerFactory.ja
> > va:
> > 278)
> > at
> > com.caucho.hessian.io.SerializerFactory.getSerializer(SerializerFactory.jav
> > a:
> > 224)
> > at
> > com.caucho.hessian.io.SerializerFactory.getObjectSerializer(SerializerFacto
> > ry.java:
> > 197)
> > at
> > com.caucho.hessian.io.Hessian2Output.writeObject(Hessian2Output.java:
> > 418)
> > at
> > com.caucho.hessian.io.AbstractHessianOutput.writeReply(AbstractHessianOutpu
> > t.java:
> > 558)
> > at
> > com.caucho.hessian.server.HessianSkeleton.invoke(HessianSkeleton.java:
> > 323)
> > at
> > com.caucho.hessian.server.HessianSkeleton.invoke(HessianSkeleton.java:
> > 202)
> > at
> > com.caucho.hessian.server.HessianServlet.invoke(HessianServlet.java:
> > 389)
> > at
> > com.caucho.hessian.server.HessianServlet.service(HessianServlet.java:
> > 369)
> > at
> > org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:
> > 511)
> > at org.mortbay.jetty.servlet.ServletHandler
> > $CachedChain.doFilter(ServletHandler.java:1166)
> > at
> > com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlo
> > bUploadFilter.java:
> > 97)
> > at org.mortbay.jetty.servlet.ServletHandler
> > $CachedChain.doFilter(ServletHandler.java:1157)
> > at
> > com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionF
> > ilter.java:
> > 35)
> > at org.mortbay.jetty.servlet.ServletHandler
> > $CachedChain.doFilter(ServletHandler.java:1157)
> > at
> > com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(Trans
> > actionCleanupFilter.java:
> > 43)
> > at org.mortbay.jetty.servlet.ServletHandler
> > $CachedChain.doFilter(ServletHandler.java:1157)
> > at
> > org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:
> > 388)
> > at
> > org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:
> > 216)
> > at
> > org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:
> > 182)
> > at
> > org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:
> > 765)
> > at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:
> > 418)
> > at
> > com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionH
> > andlerMap.java:
> > 238)
> > at
> > org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:
> > 152)
> > at org.mortbay.jetty.Server.handle(Server.java:326)
> > at
> > org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:
> > 542)
> > at org.mortbay.jetty.HttpConnection
> > $RequestHandler.headerComplete(HttpConnection.java:923)
> > at
> > com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequ
> > estParser.java:
> > 76)
> > at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
> > at
> > com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceReques
> > t(JettyServletEngineAdapter.java:
> > 135)
> > at
> > com.google.apphosting.runtime.JavaRuntime.handleRequest(JavaRuntime.java:
> > 250)
> > at com.google.apphosting.base.RuntimePb$EvaluationRuntime
> > $6.handleBlockingRequest(RuntimePb.java:5838)
> > at com.google.apphosting.base.RuntimePb$EvaluationRuntime
> > $6.handleBlockingRequest(RuntimePb.java:5836)
> > at
> > com.google.net.rpc.impl.BlockingApplicationHandler.handleRequest(BlockingAp
> > plicationHandler.java:
> > 24)
> > at com.google.net.rpc.impl.RpcUtil.runRpcInApplication(RpcUtil.java:
> > 398)
> > at com.google.net.rpc.impl.Server$2.run(Server.java:852)
> > at
> > com.google.tracing.LocalTraceSpanRunnable.run(LocalTraceSpanRunnable.java:
> > 56)
> > at
> > com.google.tracing.LocalTraceSpanBuilder.internalContinueSpan(LocalTraceSpa
> > nBuilder.java:
> > 576)
> > at com.google.net.rpc.impl.Server.startRpc(Server.java:807)
> > at com.google.net.rpc.impl.Server.processRequest(Server.java:369)
> > at
> > com.google.net.rpc.impl.ServerConnection.messageReceived(ServerConnection.j
> > ava:
> > 442)
> > at
> > com.google.net.rpc.impl.RpcConnection.parseMessages(RpcConnection.java:
> > 319)
> > at
> > com.google.net.rpc.impl.RpcConnection.dataReceived(RpcConnection.java:
> > 290)
> > at com.google.net.async.Connection.handleReadEvent(Connection.java:
> > 474)
> > at
> > com.google.net.async.EventDispatcher.processNetworkEvents(EventDispatcher.j
> > ava:
> > 831)
> > at
> > com.google.net.async.EventDispatcher.internalLoop(EventDispatcher.java:
> > 207)
> > at com.google.net.async.EventDispatcher.loop(EventDispatcher.java:
> > 103)
> > at
> > com.google.net.rpc.RpcService.runUntilServerShutdown(RpcService.java:
> > 251)
> > at com.google.apphosting.runtime.JavaRuntime
> > $RpcRunnable.run(JavaRuntime.java:413)
> > at java.lang.Thread.run(Unknown Source)
> > Caused by: java.lang.IllegalAccessException: Reflection is not allowed
> > on private int java.util.ArrayList.size
> > ... 55 more
>
> > I am not sure if this security exception is a bug in Hessian (for
> > using an "forbidden" API) or In App engine (too tight security check)
> > so I would like to hear what You think about it. I think this is
> > perhaps connected with the datanucleus enhancements of the persistent
> > class MessageDb. When the arrayList elements are copied in a new
> > arrayList (like so: return new
> > ArrayList<String>(messageDb.getWords()); ) then the exception does not
> > occur.
>
> > Another problem that I ran into is similar but it has to do with
> > exceptions. I will start with an example. First the exception
> > declaration:
> > public class TestException extends RuntimeException {}
>
> > Next the service declaration:
> > public interface IService {
> > void testException();}
>
> > And finally the service implementation:
> > public class Service extends HessianServlet implements IService {
> > public void testException() {
> > throw new TestException();
> > }}
>
> > As You can see this is a trivial implementation to test the exception.
> > When executed on Google servers it dies like this:
>
> > java.lang.SecurityException: java.lang.IllegalAccessException:
> > Reflection is not allowed on private java.lang.Throwable
> > java.lang.Throwable.cause
> > at
> > com.google.appengine.runtime.Request.process-9880ff155b30e983(Request.java)
> > at java.lang.reflect.Field.setAccessible(Field.java:166)
> > at
> > com.caucho.hessian.io.JavaSerializer.introspect(JavaSerializer.java:
> > 122)
> > at com.caucho.hessian.io.JavaSerializer.<init>(JavaSerializer.java:
> > 81)
> > at
> > com.caucho.hessian.io.ThrowableSerializer.<init>(ThrowableSerializer.java:
> > 59)
> > at
> > com.caucho.hessian.io.SerializerFactory.loadSerializer(SerializerFactory.ja
> > va:
> > 301)
> > at
> > com.caucho.hessian.io.SerializerFactory.getSerializer(SerializerFactory.jav
> > a:
> > 224)
> > at
>
> ...
>
> read more »
--
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to google-appengine-j...@googlegroups.com.
To unsubscribe from this group, send email to
google-appengine-java+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en.
