Details
-
Bug
-
Resolution: Done
-
Major
-
6.5.0.Final, 7.15.0.Final
-
None
-
2018 Week 48-50, 2019 Week 02-04, 2018 Week 51-01
-
3
-
-
NEW
-
NEW
Description
Our Drools setup:
- users write rules in a combination of DSL and Java code
- rules are compiled
- packages are stored in a database (rules are seldom changed but often ran)
This has been working fine but in order to improve security, we've enabled the SecurityManager. This throws an exception while trying to serialize the consequence part of the rule:
Caused by: java.io.NotSerializableException: com.redacted.Rule_Events_REDACTED61028857611DefaultConsequenceInvoker - field (class "org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence", name: "delegate", type: "interface org.drools.core.spi.Consequence") - object (class "org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence", org.drools.core.definitions.rule.impl.RuleImpl$SafeConsequence@93071816) - writeExternal data - object (class "org.drools.core.definitions.rule.impl.RuleImpl", [Rule name=REDACTED, agendaGroup=end, salience=0, no-loop=true]) - writeExternal data - object (class "org.drools.core.rule.JavaDialectRuntimeData", org.drools.core.rule.JavaDialectRuntimeData{...}) - custom writeObject data (class "java.util.HashMap") - object (class "java.util.HashMap", {java=org.drools.core.rule.JavaDialectRuntimeData{...}, mvel=org.drools.core.rule.MVELDialectRuntimeData@b99ea6b2}) - writeExternal data - root object (class "org.drools.core.rule.DialectRuntimeRegistry", org.drools.core.rule.DialectRuntimeRegistry@2d9acae8) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1213) at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1615) at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1576) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1499) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1209) at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:365) at org.drools.core.definitions.rule.impl.RuleImpl.writeExternal(RuleImpl.java:180)
Possible cause:
Class RuleImpl, method writeExternal will write out null if the consequence is of type CompiledInvoker. But if the SecurityManager is enabled, the method wire will wrap the Consequence inside a SafeConsequence. A SafeConsequence, in contrast to the wrapped consequence is not a CompiledInvoker, so writeExternal will attempt to serialize it, instead of just writing null and fails.
