Issue

After upgrading to AEM 6.2 or later version the application is failing with "Deserialization not allowed for class" errors (see example below). 

java.lang.UnsupportedOperationException: Deserialization not allowed for class net.sf.ehcache.Element (on Thu Sep 21 12:29:55 CDT 2017)
at org.kantega.notsoserial.DefaultNotSoSerial.preventDeserialization(DefaultNotSoSerial.java:256)
at org.kantega.notsoserial.DefaultNotSoSerial.onBeforeResolveClass(DefaultNotSoSerial.java:248)
at org.kantega.notsoserial.ObjectInputStreamClassVisitor.onBeforeResolveClass(ObjectInputStreamClassVisitor.java:48)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1613)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1518)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1774)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1351)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:371)
at net.sf.ehcache.store.disk.DiskStorageFactory.read(DiskStorageFactory.java:370)
at net.sf.ehcache.store.disk.DiskStorageFactory.retrieve(DiskStorageFactory.java:886)
at net.sf.ehcache.store.disk.Segment.decode(Segment.java:172)
at net.sf.ehcache.store.disk.Segment.put(Segment.java:449)
at net.sf.ehcache.store.disk.DiskStore.put(DiskStore.java:438)
at net.sf.ehcache.store.FrontEndCacheTier.put(FrontEndCacheTier.java:267)
at net.sf.ehcache.Cache.putInternal(Cache.java:1455)
at net.sf.ehcache.Cache.put(Cache.java:1383)
at net.sf.ehcache.Cache.put(Cache.java:1348)

Environment

AEM 6.2 and later versions

Cause

This is caused by the nososerial security fix which is applied to AEM.  To fix the error you can whitelist certain java classes allowing deserialization.

Add a whitelist file by adding this JVM parameter:

-Dnotsoserial.whitelist=is-deserialized.txt

Resolution

-javaagent:notsoserial.jar -Dnotsoserial.whitelist=empty.txt -Dnotsoserial.dryrun=is-deserialized.txt

Този материал е лицензиран под лиценз Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported  Публикациите в Twitter™ и Facebook не попадат под клаузите на Creative Commons.

Правни бележки   |   Правила за онлайн поверителност