Any news about this SecurityException ? Matija.
On Jun 5, 4:46 pm, dilbert <dilbert.elbo...@gmail.com> wrote: > I am having trouble with Hessian on Google App Engine. First I will > describe the setup. I have a persistent class MessageDb declared as > (It contains a String and an arraylist of strings): > > @PersistenceCapable > public class MessageDb { > @PrimaryKey > private String user; > > @Persistent > private ArrayList<String> words = new ArrayList<String>(); > /* getters and setters ...*/ > > } > > I have the following service interface: > public interface IService { > ArrayList<String> testMessage(); > /* Some other methods ... */ > } > > The Service is implemented on App engine in the following way: > public class Service extends HessianServlet implements IService { > private static final PersistenceManagerFactory pmfInstance = > JDOHelper.getPersistenceManagerFactory("transactions-optional"); > > @Override > public ArrayList<String> testMessage() { > PersistenceManager pm = null; > try { > pm = pmfInstance.getPersistenceManager(); > > MessageDb messageDb; > try { > messageDb = pm.getObjectById(MessageDb.class, > "testMessage"); > } catch (JDOObjectNotFoundException e) { > return null; > } > return messageDb.getWords(); > //return new ArrayList<String>(messageDb.getWords()); > } finally { > if (pm != null) > pm.close(); > } > } > > } > > The service simply retrieves an MessageDb object by key and returns > the object's ArrayList<String>. This code works fine on the local > development server but it fails when deployed on remote Google servers > with the following exception: > > java.lang.SecurityException: java.lang.IllegalAccessException: > Reflection is not allowed on private int java.util.ArrayList.size > at > com.google.appengine.runtime.Request.process-0c4ab611241850c6(Request.java) > at java.lang.reflect.Field.setAccessible(Field.java:166) > at > com.caucho.hessian.io.JavaSerializer.introspect(JavaSerializer.java: > 122) > at com.caucho.hessian.io.JavaSerializer.<init>(JavaSerializer.java: > 81) > at com.caucho.hessian.io.JavaSerializer.create(JavaSerializer.java: > 95) > at > com.caucho.hessian.io.SerializerFactory.getDefaultSerializer(SerializerFact > ory.java: > 348) > at > com.caucho.hessian.io.SerializerFactory.loadSerializer(SerializerFactory.ja > va: > 278) > at > com.caucho.hessian.io.SerializerFactory.getSerializer(SerializerFactory.jav a: > 224) > at > com.caucho.hessian.io.SerializerFactory.getObjectSerializer(SerializerFacto > ry.java: > 197) > at > com.caucho.hessian.io.Hessian2Output.writeObject(Hessian2Output.java: > 418) > at > com.caucho.hessian.io.AbstractHessianOutput.writeReply(AbstractHessianOutpu > t.java: > 558) > at > com.caucho.hessian.server.HessianSkeleton.invoke(HessianSkeleton.java: > 323) > at > com.caucho.hessian.server.HessianSkeleton.invoke(HessianSkeleton.java: > 202) > at > com.caucho.hessian.server.HessianServlet.invoke(HessianServlet.java: > 389) > at > com.caucho.hessian.server.HessianServlet.service(HessianServlet.java: > 369) > at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java: > 511) > at org.mortbay.jetty.servlet.ServletHandler > $CachedChain.doFilter(ServletHandler.java:1166) > at > com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlo > bUploadFilter.java: > 97) > at org.mortbay.jetty.servlet.ServletHandler > $CachedChain.doFilter(ServletHandler.java:1157) > at > com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionF > ilter.java: > 35) > at org.mortbay.jetty.servlet.ServletHandler > $CachedChain.doFilter(ServletHandler.java:1157) > at > com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(Trans > actionCleanupFilter.java: > 43) > at org.mortbay.jetty.servlet.ServletHandler > $CachedChain.doFilter(ServletHandler.java:1157) > at > org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java: > 388) > at > org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java: > 216) > at > org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java: > 182) > at > org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java: > 765) > at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java: > 418) > at > com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionH > andlerMap.java: > 238) > at > org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java: > 152) > at org.mortbay.jetty.Server.handle(Server.java:326) > at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java: > 542) > at org.mortbay.jetty.HttpConnection > $RequestHandler.headerComplete(HttpConnection.java:923) > at > com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequ > estParser.java: > 76) > at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) > at > com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceReques > t(JettyServletEngineAdapter.java: > 135) > at > com.google.apphosting.runtime.JavaRuntime.handleRequest(JavaRuntime.java: > 250) > at com.google.apphosting.base.RuntimePb$EvaluationRuntime > $6.handleBlockingRequest(RuntimePb.java:5838) > at com.google.apphosting.base.RuntimePb$EvaluationRuntime > $6.handleBlockingRequest(RuntimePb.java:5836) > at > com.google.net.rpc.impl.BlockingApplicationHandler.handleRequest(BlockingAp > plicationHandler.java: > 24) > at com.google.net.rpc.impl.RpcUtil.runRpcInApplication(RpcUtil.java: > 398) > at com.google.net.rpc.impl.Server$2.run(Server.java:852) > at > com.google.tracing.LocalTraceSpanRunnable.run(LocalTraceSpanRunnable.java: > 56) > at > com.google.tracing.LocalTraceSpanBuilder.internalContinueSpan(LocalTraceSpa > nBuilder.java: > 576) > at com.google.net.rpc.impl.Server.startRpc(Server.java:807) > at com.google.net.rpc.impl.Server.processRequest(Server.java:369) > at > com.google.net.rpc.impl.ServerConnection.messageReceived(ServerConnection.j > ava: > 442) > at > com.google.net.rpc.impl.RpcConnection.parseMessages(RpcConnection.java: > 319) > at > com.google.net.rpc.impl.RpcConnection.dataReceived(RpcConnection.java: > 290) > at com.google.net.async.Connection.handleReadEvent(Connection.java: > 474) > at > com.google.net.async.EventDispatcher.processNetworkEvents(EventDispatcher.j > ava: > 831) > at > com.google.net.async.EventDispatcher.internalLoop(EventDispatcher.java: > 207) > at com.google.net.async.EventDispatcher.loop(EventDispatcher.java: > 103) > at > com.google.net.rpc.RpcService.runUntilServerShutdown(RpcService.java: > 251) > at com.google.apphosting.runtime.JavaRuntime > $RpcRunnable.run(JavaRuntime.java:413) > at java.lang.Thread.run(Unknown Source) > Caused by: java.lang.IllegalAccessException: Reflection is not allowed > on private int java.util.ArrayList.size > ... 55 more > > I am not sure if this security exception is a bug in Hessian (for > using an "forbidden" API) or In App engine (too tight security check) > so I would like to hear what You think about it. I think this is > perhaps connected with the datanucleus enhancements of the persistent > class MessageDb. When the arrayList elements are copied in a new > arrayList (like so: return new > ArrayList<String>(messageDb.getWords()); ) then the exception does not > occur. > > Another problem that I ran into is similar but it has to do with > exceptions. I will start with an example. First the exception > declaration: > public class TestException extends RuntimeException {} > > Next the service declaration: > public interface IService { > void testException();} > > And finally the service implementation: > public class Service extends HessianServlet implements IService { > public void testException() { > throw new TestException(); > }} > > As You can see this is a trivial implementation to test the exception. > When executed on Google servers it dies like this: > > java.lang.SecurityException: java.lang.IllegalAccessException: > Reflection is not allowed on private java.lang.Throwable > java.lang.Throwable.cause > at > com.google.appengine.runtime.Request.process-9880ff155b30e983(Request.java) > at java.lang.reflect.Field.setAccessible(Field.java:166) > at > com.caucho.hessian.io.JavaSerializer.introspect(JavaSerializer.java: > 122) > at com.caucho.hessian.io.JavaSerializer.<init>(JavaSerializer.java: > 81) > at > com.caucho.hessian.io.ThrowableSerializer.<init>(ThrowableSerializer.java: > 59) > at > com.caucho.hessian.io.SerializerFactory.loadSerializer(SerializerFactory.ja > va: > 301) > at > com.caucho.hessian.io.SerializerFactory.getSerializer(SerializerFactory.jav a: > 224) > at > com.caucho.hessian.io.SerializerFactory.getObjectSerializer(SerializerFacto > ry.java: > 197) > at > com.caucho.hessian.io.Hessian2Output.writeObject(Hessian2Output.java: > 418) > at > com.caucho.hessian.io.Hessian2Output.writeFault(Hessian2Output.java: > 400) > at > com.caucho.hessian.server.HessianSkeleton.invoke(HessianSkeleton.java: > 314) > at > com.caucho.hessian.server.HessianSkeleton.invoke(HessianSkeleton.java: > 202) > at > com.caucho.hessian.server.HessianServlet.invoke(HessianServlet.java: > 389) > at > com.caucho.hessian.server.HessianServlet.service(HessianServlet.java: > 369) > at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java: > 511) > at org.mortbay.jetty.servlet.ServletHandler > $CachedChain.doFilter(ServletHandler.java:1166) > at > com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlo > bUploadFilter.java: > 97) > at org.mortbay.jetty.servlet.ServletHandler > $CachedChain.doFilter(ServletHandler.java:1157) > at > com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionF > ilter.java: > 35) > at org.mortbay.jetty.servlet.ServletHandler > $CachedChain.doFilter(ServletHandler.java:1157) > at > com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(Trans > actionCleanupFilter.java: > 43) > at org.mortbay.jetty.servlet.ServletHandler > $CachedChain.doFilter(ServletHandler.java:1157) > at > org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java: > 388) > at > org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java: > 216) > at > org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java: > 182) > at > org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java: > 765) > at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java: > 418) > at > com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionH > andlerMap.java: > 238) > at > org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java: > 152) > at org.mortbay.jetty.Server.handle(Server.java:326) > at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java: > 542) > at org.mortbay.jetty.HttpConnection > $RequestHandler.headerComplete(HttpConnection.java:923) > at > com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequ > estParser.java: > 76) > at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) > at > com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceReques > t(JettyServletEngineAdapter.java: > 135) > at > com.google.apphosting.runtime.JavaRuntime.handleRequest(JavaRuntime.java: > 250) > at com.google.apphosting.base.RuntimePb$EvaluationRuntime > $6.handleBlockingRequest(RuntimePb.java:5838) > at com.google.apphosting.base.RuntimePb$EvaluationRuntime > $6.handleBlockingRequest(RuntimePb.java:5836) > at > com.google.net.rpc.impl.BlockingApplicationHandler.handleRequest(BlockingAp > plicationHandler.java: > 24) > at com.google.net.rpc.impl.RpcUtil.runRpcInApplication(RpcUtil.java: > 398) > at com.google.net.rpc.impl.Server$2.run(Server.java:852) > at > com.google.tracing.LocalTraceSpanRunnable.run(LocalTraceSpanRunnable.java: > 56) > at > com.google.tracing.LocalTraceSpanBuilder.internalContinueSpan(LocalTraceSpa > nBuilder.java: > 576) > at com.google.net.rpc.impl.Server.startRpc(Server.java:807) > at com.google.net.rpc.impl.Server.processRequest(Server.java:369) > at > com.google.net.rpc.impl.ServerConnection.messageReceived(ServerConnection.j > ava: > 442) > at > com.google.net.rpc.impl.RpcConnection.parseMessages(RpcConnection.java: > 319) > at > com.google.net.rpc.impl.RpcConnection.dataReceived(RpcConnection.java: > 290) > at com.google.net.async.Connection.handleReadEvent(Connection.java: > 474) > at > com.google.net.async.EventDispatcher.processNetworkEvents(EventDispatcher.j > ava: > 831) > at > com.google.net.async.EventDispatcher.internalLoop(EventDispatcher.java: > 207) > at com.google.net.async.EventDispatcher.loop(EventDispatcher.java: > 103) > at > com.google.net.rpc.RpcService.runUntilServerShutdown(RpcService.java: > 251) > at com.google.apphosting.runtime.JavaRuntime > $RpcRunnable.run(JavaRuntime.java:413) > at java.lang.Thread.run(Unknown Source) > Caused by: java.lang.IllegalAccessException: Reflection is not allowed > on private java.lang.Throwable java.lang.Throwable.cause > ... 54 more > > On the client I get something like this: > java.lang.reflect.UndeclaredThrowableException > at $Proxy0.testException(Unknown Source) > at com.noveideje.testHessian.client.Main.main(Main.java:37) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: > 57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp > l.java: > 43) > at java.lang.reflect.Method.invoke(Method.java:616) > at com.intellij.rt.execution.application.AppMain.main(AppMain.java: > 110) > Caused by: java.io.EOFException: readObject: unexpected end of file > at > com.caucho.hessian.io.Hessian2Input.readObject(Hessian2Input.java: > 2133) > at > com.caucho.hessian.io.MapDeserializer.readMap(MapDeserializer.java: > 114) > at > com.caucho.hessian.io.Hessian2Input.readObject(Hessian2Input.java: > 1653) > at > com.caucho.hessian.io.Hessian2Input.readReply(Hessian2Input.java:348) > at com.caucho.hessian.client.HessianProxy.invoke(HessianProxy.java: > 194) > ... 7 more > > The ArrayList case also ends in an java.io.EOFException on the client. > Tell me what do You think about this issue. If you have any additional > questions do not hesitate to ask. Thank you for your time. > > P.S. The following link contains a test project which contains the > code needed to reproduce the errors. The project uses GAE 1.3.2 and > Hessian > 4.0.6https://docs.google.com/leaf?id=0BzRGFZP1yPUwMzFmNjZiM2YtMzExYi00NDdi... -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.