Uploaded image for project: 'RichFaces'
  1. RichFaces
  2. RF-14099

a4j:mediaOutput : Unauthorized deserialization attempt

    Details

    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      Add "com.sun.faces.facelets.el.TagMethodExpression" to the list in /org/richfaces/resource/resource-serialization.properties which is located in richfaces-core-4.5.2.Final-redhat-1.jar

      Show
      Add "com.sun.faces.facelets.el.TagMethodExpression" to the list in /org/richfaces/resource/resource-serialization.properties which is located in richfaces-core-4.5.2.Final-redhat-1.jar

      Description

      The following exception occurs on EAP 6.4 when using <a4j:mediaOutput>

      10:23:11,055 SEVERE [org.richfaces.log.Resource] (http-localhost/127.0.0.1:8080-2) Input error for deserialize data : java.io.InvalidClassException: Unauthorized deserialization attempt; com.sun.faces.facelets.el.TagMethodExpression
              at org.richfaces.util.LookAheadObjectInputStream.resolveClass(LookAheadObjectInputStream.java:99) [richfaces-core-4.5.2.Final-redhat-1.jar:4.5.2.Final-redhat-1]
              at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1612) [rt.jar:1.7.0_60]
              at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1517) [rt.jar:1.7.0_60]
              at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1771) [rt.jar:1.7.0_60]
              at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1350) [rt.jar:1.7.0_60]
              at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1990) [rt.jar:1.7.0_60]
              at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1915) [rt.jar:1.7.0_60]
              at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1798) [rt.jar:1.7.0_60]
              at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1350) [rt.jar:1.7.0_60]
              at java.io.ObjectInputStream.readArray(ObjectInputStream.java:1706) [rt.jar:1.7.0_60]
              at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1344) [rt.jar:1.7.0_60]
              at java.io.ObjectInputStream.readObject(ObjectInputStream.java:370) [rt.jar:1.7.0_60]
              at org.richfaces.resource.ResourceUtils.decodeObjectData(ResourceUtils.java:247) [richfaces-core-4.5.2.Final-redhat-1.jar:4.5.2.Final-redhat-1]
              at org.richfaces.resource.DefaultCodecResourceRequestData.getData(DefaultCodecResourceRequestData.java:96) [richfaces-core-4.5.2.Final-redhat-1.jar:4.5.2.Final-redhat-1]
              at org.richfaces.resource.ResourceFactoryImpl.createResource(ResourceFactoryImpl.java:325) [richfaces-core-4.5.2.Final-redhat-1.jar:4.5.2.Final-redhat-1]
              at org.richfaces.resource.ResourceHandlerImpl.handleResourceRequest(ResourceHandlerImpl.java:111) [richfaces-core-4.5.2.Final-redhat-1.jar:4.5.2.Final-redhat-1]
              at javax.faces.webapp.FacesServlet.service(FacesServlet.java:591) [jboss-jsf-api_2.1_spec-2.1.28.Final-redhat-1.jar:2.1.28.Final-redhat-1]
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]
              at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.5.1.Final-redhat-3.jar:7.5.1.Final-redhat-3]
              at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.5.1.Final-redhat-3.jar:7.5.1.Final-redhat-3]
              at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.1.Final-redhat-3.jar:7.5.1.Final-redhat-3]
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]
              at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]
              at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]
              at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]
              at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_60]
      
      

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                michpetrov Michal Petrov
                Reporter:
                ivassile Ilia Vassilev
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: