Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-11209

Switchyard remote invoker doesn't to work after jackson fixes

    XMLWordPrintable

Details

    • Bug
    • Resolution: Not a Bug
    • Blocker
    • None
    • jboss-fuse-6.3
    • SwitchYard
    • None
    • % %

    Description

      Switchyard Remote invoker feature stops working with new Fuse6.3.0 R13. This patch prevents Jackson to deserialize org.switchyard.serial.graph.Graph["references"] for security reasons.

      Reproducer:

      jackson.deserialization.whitelist.packages=org.switchyard.serial.graph

      Error:

      org.codehaus.jackson.map.JsonMappingException: Illegal type (java.util.LinkedHashMap) to deserialize: prevented for security reasons (through reference chain: org.switchyard.serial.graph.Graph["references"])
    at org.codehaus.jackson.map.TypeDeserializer.checkLegalTypes (TypeDeserializer.java:177)
    at org.codehaus.jackson.map.jsontype.impl.TypeDeserializerBase._findDeserializer (TypeDeserializerBase.java:122)
    at org.codehaus.jackson.map.jsontype.impl.AsArrayTypeDeserializer._deserialize (AsArrayTypeDeserializer.java:87)
    at org.codehaus.jackson.map.jsontype.impl.AsArrayTypeDeserializer.deserializeTypedFromObject (AsArrayTypeDeserializer.java:55)
    at org.codehaus.jackson.map.deser.std.MapDeserializer.deserializeWithType (MapDeserializer.java:273)
    at org.codehaus.jackson.map.deser.SettableBeanProperty.deserialize (SettableBeanProperty.java:297)
    at org.codehaus.jackson.map.deser.SettableBeanProperty$MethodProperty.deserializeAndSet (SettableBeanProperty.java:414)
    at org.codehaus.jackson.map.deser.BeanDeserializer.deserializeFromObject (BeanDeserializer.java:697)
    at org.codehaus.jackson.map.deser.BeanDeserializer.deserialize (BeanDeserializer.java:580)
    at org.codehaus.jackson.map.ObjectMapper._readMapAndClose (ObjectMapper.java:2732)
    at org.codehaus.jackson.map.ObjectMapper.readValue (ObjectMapper.java:1909)
    at org.switchyard.serial.jackson.format.JSONJacksonSerializer.deserialize (JSONJacksonSerializer.java:80)
    at org.switchyard.serial.graph.GraphSerializer.deserialize (GraphSerializer.java:60)
    at org.switchyard.remote.http.HttpInvoker.invoke (HttpInvoker.java:124)
    at org.switchyard.quickstarts.remoteinvoker.RemoteClient.main (RemoteClient.java:59)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:498)
    at org.codehaus.mojo.exec.ExecJavaMojo$1.run (ExecJavaMojo.java:282)
    at java.lang.Thread.run (Thread.java:748)

      Attachments

        Activity

          People

            tcunning@redhat.com Thomas Cunningham
            tturek@redhat.com Tomas Turek
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: