Saturday, July 27, 2019

Serialization Filtering in Java10

in WebLogic:

Caused by: java.io.InvalidClassException: filter status: REJECTED
     at java.io.ObjectInputStream.filterCheck(ObjectInputStream.java:1258)
     at java.io.ObjectInputStream.readHandle(ObjectInputStream.java:1705)
     at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1556)
     at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2288)
     at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2212)
     at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2070)

Caused by: java.lang.StackOverflowError
                at java.io.ObjectStreamClass$FieldReflector.getPrimFieldValues(ObjectStreamClass.java:2153)
                at java.io.ObjectStreamClass.getPrimFieldValues(ObjectStreamClass.java:1390)
                at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1532)
                at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:440)
                at com.sun.org.apache.xerces.internal.dom.NodeImpl.writeObject(NodeImpl.java:2019)
                at sun.reflect.GeneratedMethodAccessor2392.invoke(Unknown Source)

Solution:

-Dweblogic.oif.serialFilterMode=disable

Also consider the other info here :

https://docs.oracle.com/javase/10/core/serialization-filtering1.htm#JSCOR-GUID-91735293-E38E-4A81-85DC-719AFEB36026

and the value of jdk.serialFilter Security property ($JAVA_HOME/lib/security/java.security )


Posted by vernetto at 12:00 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)