Uploaded image for project: 'Drools'
  1. Drools
  2. DROOLS-3429

Serialization of KiePackages fails when SecurityManager is enabled

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 6.5.0.Final, 7.15.0.Final
    • Fix Version/s: 7.17.0.Final
    • Component/s: core engine
    • Labels:
      None
    • Environment:

      Running with IBM JDK 1.8

    • Sprint:
      2018 Week 48-50, 2019 Week 02-04, 2018 Week 51-01
    • Story Points:
      3
    • Steps to Reproduce:
      Hide
      • Write a simple rule with a consequence part
      • compile the rule with 6.5.0.Final or 7.15.0.Final
      • Serialize the KnowledgePackage or KiePackage
      • Observe that everything works fine
      • enable the SecurityManager and set permissive policies for the Java application and the rules (AllPermission)
      • serialization will now throw the aforementioned exception
      Show
      Write a simple rule with a consequence part compile the rule with 6.5.0.Final or 7.15.0.Final Serialize the KnowledgePackage or KiePackage Observe that everything works fine enable the SecurityManager and set permissive policies for the Java application and the rules (AllPermission) serialization will now throw the aforementioned exception
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Our Drools setup:

      • users write rules in a combination of DSL and Java code
      • rules are compiled
      • packages are stored in a database (rules are seldom changed but often ran)

      This has been working fine but in order to improve security, we've enabled the SecurityManager. This throws an exception while trying to serialize the consequence part of the rule:

      Caused by: java.io.NotSerializableException: com.redacted.Rule_Events_REDACTED61028857611DefaultConsequenceInvoker
      	- field (class "org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence", name: "delegate", type: "interface org.drools.core.spi.Consequence")
      	- object (class "org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence", org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence@93071816)
      	- writeExternal data
      	- object (class "org.drools.core.definitions.rule.impl.RuleImpl", [Rule name=REDACTED, agendaGroup=end, salience=0, no-loop=true])
      	- writeExternal data
      	- object (class "org.drools.core.rule.JavaDialectRuntimeData", org.drools.core.rule.JavaDialectRuntimeData{...})
      	- custom writeObject data (class "java.util.HashMap")
      	- object (class "java.util.HashMap", {java=org.drools.core.rule.JavaDialectRuntimeData{...}, mvel=org.drools.core.rule.MVELDialectRuntimeData@b99ea6b2})
      	- writeExternal data
      	- root object (class "org.drools.core.rule.DialectRuntimeRegistry", org.drools.core.rule.DialectRuntimeRegistry@2d9acae8)
      	at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1213)
      	at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1615)
      	at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1576)
      	at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1499)
      	at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1209)
      	at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:365)
      	at org.drools.core.definitions.rule.impl.RuleImpl.writeExternal(RuleImpl.java:180)
      

      Possible cause:
      Class RuleImpl, method writeExternal will write out null if the consequence is of type CompiledInvoker. But if the SecurityManager is enabled, the method wire will wrap the Consequence inside a SafeConsequence. A SafeConsequence, in contrast to the wrapped consequence is not a CompiledInvoker, so writeExternal will attempt to serialize it, instead of just writing null and fails.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                tzimanyi Tibor Zimányi
                Reporter:
                aboukhal Marcel Abou Khalil
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: