Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-1665

Wrong Classloader Used When Deserializing Bean Handle

    XMLWordPrintable

Details

    • Hide
      1. Get a javax.ejb.Handle-object 
          @EJB
  JustProvideEJBHandle handleProvider;
  ...
  Handle handle = handleProvider.getHandle();

        with the remote interface JustProvideEJBHandle of a stateful session bean:

        JustProvideEJBHandle.java
        public interface JustProvideEJBHandle extends EJBObject
{}
      2. Serialize and deserialize handle 
          byte[] serializedHandle;
  try (ByteArrayOutputStream byteArrayOutStream = new ByteArrayOutputStream();
      ObjectOutputStream objectOutStream = new ObjectOutputStream(byteArrayOutStream))
  {
    objectOutStream.writeObject(handle);
    objectOutStream.flush();
    serializedHandle = byteArrayOutStream.toByteArray();
  }

  try (ByteArrayInputStream byteArrayInStream = new ByteArrayInputStream(serializedHandle);
      ObjectInputStream objectInStream = new ObjectInputStream(byteArrayInStream))
  {
    objectInStream.readObject();
  }
      Show
      Get a javax.ejb.Handle-object @EJB JustProvideEJBHandle handleProvider; ... Handle handle = handleProvider.getHandle(); with the remote interface JustProvideEJBHandle of a stateful session bean: JustProvideEJBHandle.java public interface JustProvideEJBHandle extends EJBObject {} Serialize and deserialize handle byte [] serializedHandle; try (ByteArrayOutputStream byteArrayOutStream = new ByteArrayOutputStream(); ObjectOutputStream objectOutStream = new ObjectOutputStream(byteArrayOutStream)) { objectOutStream.writeObject(handle); objectOutStream.flush(); serializedHandle = byteArrayOutStream.toByteArray(); } try (ByteArrayInputStream byteArrayInStream = new ByteArrayInputStream(serializedHandle); ObjectInputStream objectInStream = new ObjectInputStream(byteArrayInStream)) { objectInStream.readObject(); }

    Description

      The attempt to deserialize a javax.ejb.Handle-object fails with a ClassNotFoundException (just after serializing the handle in the same method call). The missing class is the remote interface of the stateful session bean the handle refers to.

      java.lang.ClassNotFoundException: bar.ejb.JustProvideEJBHandle from [Module "org.jboss.ejb-client:main" from local module loader @1af1bd6 (finder: local module finder @14c7f77 (roots: C:\Arbeit\Projekte\SWDevelopment\wildfly-8.0.0.Alpha2\modules,C:\Arbeit\Projekte\SWDevelopment\wildfly-8.0.0.Alpha2\modules\system\layers\base))]
  at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:196)
  at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:444)
  at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:432)
  at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:374)
  at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:119)
  at java.lang.Class.forName0(Native Method)
  at java.lang.Class.forName(Class.java:266)
  at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:623)
  at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1610)
  at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1515)
  at java.io.ObjectInputStream.readClass(ObjectInputStream.java:1481)
  at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1331)
  at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1989)
  at java.io.ObjectInputStream.defaultReadObject(ObjectInputStream.java:499)
  at org.jboss.ejb.client.EJBLocator.readObject(EJBLocator.java:221)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:601)
  at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1004)
  at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1891)
  at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1796)
  at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1348)
  at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1989)
  at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1913)
  at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1796)
  at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1348)
  at java.io.ObjectInputStream.readObject(ObjectInputStream.java:370)
  at bar.ejb.DeserializeHandleBean.deserializeHandle(DeserializeHandleBean.java:33)
  at bar.ejb.DeserializeHandleBean.doBoth(DeserializeHandleBean.java:40)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:601)
  at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
  at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53)
  at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.as.jpa.interceptor.SFSBInvocationInterceptor.processInvocation(SFSBInvocationInterceptor.java:58)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.as.ejb3.component.stateful.StatefulSessionSynchronizationInterceptor.processInvocation(StatefulSessionSynchronizationInterceptor.java:156)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
  at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.as.ejb3.component.stateful.StatefulComponentInstanceInterceptor.processInvocation(StatefulComponentInstanceInterceptor.java:66)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:273)
  at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:340)
  at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:239)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.as.ejb3.remote.EJBRemoteTransactionPropagatingInterceptor.processInvocation(EJBRemoteTransactionPropagatingInterceptor.java:79)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:43)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:90)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:55)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:55)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:305)
  at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:428)
  at org.wildfly.security.manager.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:63)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:305)
  at java.security.AccessController.doPrivileged(Native Method)
  at org.jboss.invocation.PrivilegedInterceptor.processInvocation(PrivilegedInterceptor.java:65)
  at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:289)
  at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
  at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
  at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:329)
  at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$100(MethodInvocationMessageHandler.java:70)
  at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:203)
  at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
  at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
  at java.util.concurrent.FutureTask.run(FutureTask.java:166)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
  at java.lang.Thread.run(Thread.java:722)
  at org.jboss.threads.JBossThread.run(JBossThread.java:122)
  at ...asynchronous invocation...(Unknown Source)
  at org.jboss.ejb.client.remoting.InvocationExceptionResponseHandler$MethodInvocationExceptionResultProducer.getResult(InvocationExceptionResponseHandler.java:99)
  at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:270)
  at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:47)
  at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:272)
  at org.jboss.ejb.client.ReceiverInterceptor.handleInvocationResult(ReceiverInterceptor.java:129)
  at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:260)
  at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:435)
  at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:140)
  at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:121)
  at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:104)
  at com.sun.proxy.$Proxy4.doBoth(Unknown Source)
  at bar.test.DeserializationBugIT.testDeserializationBugInOneStep(DeserializationBugIT.java:26)

      Attachments

        Activity

          People

            dlloyd@redhat.com David Lloyd
            bartmann_d Dieter Bartmann (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: