Re: DefaultObjectStreamFactory | Re: AccessControlException with Wicket on Google App Engine (GAE)
Thanks Igor, I have seen that the Objects class provides a static setter in order to use a different Implementation of IObjectStreamFactory instead of the DefaultObjectStreamFactory. Where would you recommend to place the code to set my own implementation of IObjectStreamFactory using the static setter provided by Objects. I am not sure if it is enough to place it in the init method of my class that derives from org.apache.wicket.Application. (i.e., may the Objects instance be cleared at some time by the GC?) thanks, andr On 02.11.2009 17:28, Igor Vaynberg wrote: that should most likely work without problems. -igor On Mon, Nov 2, 2009 at 1:47 AM, Andreas Mazaandr.m...@gmail.com wrote: just to circumvent the problem for a while, I am thinking of the following workaround: what would be the implications if I change the implementation of IObjectStreamFactor.DefaultObjectStreamFactory so that newObjectInputStream() and newObjectOutputStream return the regular JDK ObjectInputStream and ObjectOutputStream, respectively? To my mind, this would eliminate the AccessControlException problem since I am not subclassing ObjectInputStream and ObjectOutputStream. thanks, andr On 30.10.2009 10:27, A. Maza wrote: yes, except the fact that I am trying to use a Memcache-based implementation of the IPageStore instead of the HTTPSessionStore (based on the TerracottaPageStore. However, in my case the exception occurs when I am trying to serialize the page using the provided method of the AbstractPageStore. The exception of the second stacktrace I posted was reported by another user in the GAE forum [1], but happening in a totally different scenario. In my initial post I forgot the link to the issue I have opened on the GAE project site. [2] I am using Wicket 1.4.3 (I have also tried it with 1.4.2) and the latest GAE SDK (1.2.6) regards, andr [1] http://groups.google.com/group/google-appengine-java/browse_thread/thread/b80648c126778ef5/0a259ba5bba8078f?lnk=gstq=wicket+accesscontrolexception#0a259ba5bba8078f [2]http://code.google.com/p/googleappengine/issues/detail?id=2334 On 29.10.2009 21:56, Esteban Masoero wrote: I'm sure the answer is yes but to be sure: have you done everything that is said here http://stronglytypedblog.blogspot.com/2009/04/wicket-on-google-app-engine.html ? Also, what versions of gae sdk and wicket are you using? A. Maza escribió: Hi, I've encountered now (and have seen reported by other users) several different cases where Wicket on GAE throws an AccessControlException when serializing an object to a byte array. Although this is clearly an issue of GAE permissions, I would like to ask if someone could give me a hint, why this exception occurs or if someone may know a workaround. I've already filed an issue for this on the GAE project site [1] and would forward any findings of the wicket community. Below I include snippets of two different stacktraces. Thanks in advance, andr snip1 java.security.AccessControlException: access denied (java.io.SerializablePermission enableSubclassImplementation) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:151) at java.io.ObjectOutputStream.init(ObjectOutputStream.java:253) at org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory$2.init(IObjectStreamFactory.java:150) at org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory.newObjectOutputStream(IObjectStreamFactory.java:114) at org.apache.wicket.util.lang.Objects.objectToByteArray(Objects.java:) at org.apache.wicket.protocol.http.pagestore.AbstractPageStore.serializePage(AbstractPageStore.java:203) /snip1 snip2 (java.io.SerializablePermission enableSubstitution) at java.security.AccessControlContext.checkPermission (AccessControlContext.java:264) at java.security.AccessController.checkPermission (AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java: 532) at com.google.appengine.tools.development.DevAppServerFactory $CustomSecurityManager.checkPermission(DevAppServerFactory.java:122) at java.io.ObjectOutputStream.enableReplaceObject (ObjectOutputStream.java:556) at org.apache.wicket.util.lang.Objects $ReplaceObjectOutputStream.init(Objects.java:179) at org.apache.wicket.util.lang.Objects $ReplaceObjectOutputStream.init(Objects.java:170) at org.apache.wicket.util.lang.Objects.cloneModel(Objects.java:442) at org.apache.wicket.version.undo.ModelChange.init(ModelChange.java: 103) at org.apache.wicket.version.undo.ChangeList.componentModelChanging (ChangeList.java:64) at org.apache.wicket.version.undo.UndoPageVersionManager.componentModelChanging
Re: DefaultObjectStreamFactory | Re: AccessControlException with Wicket on Google App Engine (GAE)
application init should be fine. -igor On Tue, Nov 3, 2009 at 5:02 AM, A. Maza andr.m...@gmail.com wrote: Thanks Igor, I have seen that the Objects class provides a static setter in order to use a different Implementation of IObjectStreamFactory instead of the DefaultObjectStreamFactory. Where would you recommend to place the code to set my own implementation of IObjectStreamFactory using the static setter provided by Objects. I am not sure if it is enough to place it in the init method of my class that derives from org.apache.wicket.Application. (i.e., may the Objects instance be cleared at some time by the GC?) thanks, andr On 02.11.2009 17:28, Igor Vaynberg wrote: that should most likely work without problems. -igor On Mon, Nov 2, 2009 at 1:47 AM, Andreas Mazaandr.m...@gmail.com wrote: just to circumvent the problem for a while, I am thinking of the following workaround: what would be the implications if I change the implementation of IObjectStreamFactor.DefaultObjectStreamFactory so that newObjectInputStream() and newObjectOutputStream return the regular JDK ObjectInputStream and ObjectOutputStream, respectively? To my mind, this would eliminate the AccessControlException problem since I am not subclassing ObjectInputStream and ObjectOutputStream. thanks, andr On 30.10.2009 10:27, A. Maza wrote: yes, except the fact that I am trying to use a Memcache-based implementation of the IPageStore instead of the HTTPSessionStore (based on the TerracottaPageStore. However, in my case the exception occurs when I am trying to serialize the page using the provided method of the AbstractPageStore. The exception of the second stacktrace I posted was reported by another user in the GAE forum [1], but happening in a totally different scenario. In my initial post I forgot the link to the issue I have opened on the GAE project site. [2] I am using Wicket 1.4.3 (I have also tried it with 1.4.2) and the latest GAE SDK (1.2.6) regards, andr [1] http://groups.google.com/group/google-appengine-java/browse_thread/thread/b80648c126778ef5/0a259ba5bba8078f?lnk=gstq=wicket+accesscontrolexception#0a259ba5bba8078f [2]http://code.google.com/p/googleappengine/issues/detail?id=2334 On 29.10.2009 21:56, Esteban Masoero wrote: I'm sure the answer is yes but to be sure: have you done everything that is said here http://stronglytypedblog.blogspot.com/2009/04/wicket-on-google-app-engine.html ? Also, what versions of gae sdk and wicket are you using? A. Maza escribió: Hi, I've encountered now (and have seen reported by other users) several different cases where Wicket on GAE throws an AccessControlException when serializing an object to a byte array. Although this is clearly an issue of GAE permissions, I would like to ask if someone could give me a hint, why this exception occurs or if someone may know a workaround. I've already filed an issue for this on the GAE project site [1] and would forward any findings of the wicket community. Below I include snippets of two different stacktraces. Thanks in advance, andr snip1 java.security.AccessControlException: access denied (java.io.SerializablePermission enableSubclassImplementation) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:151) at java.io.ObjectOutputStream.init(ObjectOutputStream.java:253) at org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory$2.init(IObjectStreamFactory.java:150) at org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory.newObjectOutputStream(IObjectStreamFactory.java:114) at org.apache.wicket.util.lang.Objects.objectToByteArray(Objects.java:) at org.apache.wicket.protocol.http.pagestore.AbstractPageStore.serializePage(AbstractPageStore.java:203) /snip1 snip2 (java.io.SerializablePermission enableSubstitution) at java.security.AccessControlContext.checkPermission (AccessControlContext.java:264) at java.security.AccessController.checkPermission (AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java: 532) at com.google.appengine.tools.development.DevAppServerFactory $CustomSecurityManager.checkPermission(DevAppServerFactory.java:122) at java.io.ObjectOutputStream.enableReplaceObject (ObjectOutputStream.java:556) at org.apache.wicket.util.lang.Objects $ReplaceObjectOutputStream.init(Objects.java:179) at org.apache.wicket.util.lang.Objects $ReplaceObjectOutputStream.init(Objects.java:170) at org.apache.wicket.util.lang.Objects.cloneModel(Objects.java:442) at
DefaultObjectStreamFactory | Re: AccessControlException with Wicket on Google App Engine (GAE)
just to circumvent the problem for a while, I am thinking of the following workaround: what would be the implications if I change the implementation of IObjectStreamFactor.DefaultObjectStreamFactory so that newObjectInputStream() and newObjectOutputStream return the regular JDK ObjectInputStream and ObjectOutputStream, respectively? To my mind, this would eliminate the AccessControlException problem since I am not subclassing ObjectInputStream and ObjectOutputStream. thanks, andr On 30.10.2009 10:27, A. Maza wrote: yes, except the fact that I am trying to use a Memcache-based implementation of the IPageStore instead of the HTTPSessionStore (based on the TerracottaPageStore. However, in my case the exception occurs when I am trying to serialize the page using the provided method of the AbstractPageStore. The exception of the second stacktrace I posted was reported by another user in the GAE forum [1], but happening in a totally different scenario. In my initial post I forgot the link to the issue I have opened on the GAE project site. [2] I am using Wicket 1.4.3 (I have also tried it with 1.4.2) and the latest GAE SDK (1.2.6) regards, andr [1] http://groups.google.com/group/google-appengine-java/browse_thread/thread/b80648c126778ef5/0a259ba5bba8078f?lnk=gstq=wicket+accesscontrolexception#0a259ba5bba8078f [2] http://code.google.com/p/googleappengine/issues/detail?id=2334 On 29.10.2009 21:56, Esteban Masoero wrote: I'm sure the answer is yes but to be sure: have you done everything that is said here http://stronglytypedblog.blogspot.com/2009/04/wicket-on-google-app-engine.html ? Also, what versions of gae sdk and wicket are you using? A. Maza escribió: Hi, I've encountered now (and have seen reported by other users) several different cases where Wicket on GAE throws an AccessControlException when serializing an object to a byte array. Although this is clearly an issue of GAE permissions, I would like to ask if someone could give me a hint, why this exception occurs or if someone may know a workaround. I've already filed an issue for this on the GAE project site [1] and would forward any findings of the wicket community. Below I include snippets of two different stacktraces. Thanks in advance, andr snip1 java.security.AccessControlException: access denied (java.io.SerializablePermission enableSubclassImplementation) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:151) at java.io.ObjectOutputStream.init(ObjectOutputStream.java:253) at org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory$2.init(IObjectStreamFactory.java:150) at org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory.newObjectOutputStream(IObjectStreamFactory.java:114) at org.apache.wicket.util.lang.Objects.objectToByteArray(Objects.java:) at org.apache.wicket.protocol.http.pagestore.AbstractPageStore.serializePage(AbstractPageStore.java:203) /snip1 snip2 (java.io.SerializablePermission enableSubstitution) at java.security.AccessControlContext.checkPermission (AccessControlContext.java:264) at java.security.AccessController.checkPermission (AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java: 532) at com.google.appengine.tools.development.DevAppServerFactory $CustomSecurityManager.checkPermission(DevAppServerFactory.java:122) at java.io.ObjectOutputStream.enableReplaceObject (ObjectOutputStream.java:556) at org.apache.wicket.util.lang.Objects $ReplaceObjectOutputStream.init(Objects.java:179) at org.apache.wicket.util.lang.Objects $ReplaceObjectOutputStream.init(Objects.java:170) at org.apache.wicket.util.lang.Objects.cloneModel(Objects.java:442) at org.apache.wicket.version.undo.ModelChange.init(ModelChange.java: 103) at org.apache.wicket.version.undo.ChangeList.componentModelChanging (ChangeList.java:64) at org.apache.wicket.version.undo.UndoPageVersionManager.componentModelChanging (UndoPageVersionManager.java:123) at org.apache.wicket.Page.componentModelChanging(Page.java:1555) at org.apache.wicket.Component.modelChanging(Component.java:2197) at org.apache.wicket.Component.setDefaultModelObject(Component.java: 3020) at org.apache.wicket.extensions.markup.html.tabs.TabbedPanel.setSelectedTab (TabbedPanel.java:346) at org.apache.wicket.extensions.markup.html.tabs.TabbedPanel$5.onClick (TabbedPanel.java:327) at org.apache.wicket.markup.html.link.Link.onLinkClicked(Link.java: 221) /snip2 - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail:
Re: DefaultObjectStreamFactory | Re: AccessControlException with Wicket on Google App Engine (GAE)
that should most likely work without problems. -igor On Mon, Nov 2, 2009 at 1:47 AM, Andreas Maza andr.m...@gmail.com wrote: just to circumvent the problem for a while, I am thinking of the following workaround: what would be the implications if I change the implementation of IObjectStreamFactor.DefaultObjectStreamFactory so that newObjectInputStream() and newObjectOutputStream return the regular JDK ObjectInputStream and ObjectOutputStream, respectively? To my mind, this would eliminate the AccessControlException problem since I am not subclassing ObjectInputStream and ObjectOutputStream. thanks, andr On 30.10.2009 10:27, A. Maza wrote: yes, except the fact that I am trying to use a Memcache-based implementation of the IPageStore instead of the HTTPSessionStore (based on the TerracottaPageStore. However, in my case the exception occurs when I am trying to serialize the page using the provided method of the AbstractPageStore. The exception of the second stacktrace I posted was reported by another user in the GAE forum [1], but happening in a totally different scenario. In my initial post I forgot the link to the issue I have opened on the GAE project site. [2] I am using Wicket 1.4.3 (I have also tried it with 1.4.2) and the latest GAE SDK (1.2.6) regards, andr [1] http://groups.google.com/group/google-appengine-java/browse_thread/thread/b80648c126778ef5/0a259ba5bba8078f?lnk=gstq=wicket+accesscontrolexception#0a259ba5bba8078f [2] http://code.google.com/p/googleappengine/issues/detail?id=2334 On 29.10.2009 21:56, Esteban Masoero wrote: I'm sure the answer is yes but to be sure: have you done everything that is said here http://stronglytypedblog.blogspot.com/2009/04/wicket-on-google-app-engine.html ? Also, what versions of gae sdk and wicket are you using? A. Maza escribió: Hi, I've encountered now (and have seen reported by other users) several different cases where Wicket on GAE throws an AccessControlException when serializing an object to a byte array. Although this is clearly an issue of GAE permissions, I would like to ask if someone could give me a hint, why this exception occurs or if someone may know a workaround. I've already filed an issue for this on the GAE project site [1] and would forward any findings of the wicket community. Below I include snippets of two different stacktraces. Thanks in advance, andr snip1 java.security.AccessControlException: access denied (java.io.SerializablePermission enableSubclassImplementation) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:151) at java.io.ObjectOutputStream.init(ObjectOutputStream.java:253) at org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory$2.init(IObjectStreamFactory.java:150) at org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory.newObjectOutputStream(IObjectStreamFactory.java:114) at org.apache.wicket.util.lang.Objects.objectToByteArray(Objects.java:) at org.apache.wicket.protocol.http.pagestore.AbstractPageStore.serializePage(AbstractPageStore.java:203) /snip1 snip2 (java.io.SerializablePermission enableSubstitution) at java.security.AccessControlContext.checkPermission (AccessControlContext.java:264) at java.security.AccessController.checkPermission (AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java: 532) at com.google.appengine.tools.development.DevAppServerFactory $CustomSecurityManager.checkPermission(DevAppServerFactory.java:122) at java.io.ObjectOutputStream.enableReplaceObject (ObjectOutputStream.java:556) at org.apache.wicket.util.lang.Objects $ReplaceObjectOutputStream.init(Objects.java:179) at org.apache.wicket.util.lang.Objects $ReplaceObjectOutputStream.init(Objects.java:170) at org.apache.wicket.util.lang.Objects.cloneModel(Objects.java:442) at org.apache.wicket.version.undo.ModelChange.init(ModelChange.java: 103) at org.apache.wicket.version.undo.ChangeList.componentModelChanging (ChangeList.java:64) at org.apache.wicket.version.undo.UndoPageVersionManager.componentModelChanging (UndoPageVersionManager.java:123) at org.apache.wicket.Page.componentModelChanging(Page.java:1555) at org.apache.wicket.Component.modelChanging(Component.java:2197) at org.apache.wicket.Component.setDefaultModelObject(Component.java: 3020) at org.apache.wicket.extensions.markup.html.tabs.TabbedPanel.setSelectedTab (TabbedPanel.java:346) at org.apache.wicket.extensions.markup.html.tabs.TabbedPanel$5.onClick (TabbedPanel.java:327) at org.apache.wicket.markup.html.link.Link.onLinkClicked(Link.java: 221)