Issue

After upgrading to AEM 6.2 or later version the application is failing with "Deserialization not allowed for class" errors (see example below). 

java.lang.UnsupportedOperationException: Deserialization not allowed for class net.sf.ehcache.Element (on Thu Sep 21 12:29:55 CDT 2017)
at org.kantega.notsoserial.DefaultNotSoSerial.preventDeserialization(DefaultNotSoSerial.java:256)
at org.kantega.notsoserial.DefaultNotSoSerial.onBeforeResolveClass(DefaultNotSoSerial.java:248)
at org.kantega.notsoserial.ObjectInputStreamClassVisitor.onBeforeResolveClass(ObjectInputStreamClassVisitor.java:48)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1613)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1518)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1774)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1351)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:371)
at net.sf.ehcache.store.disk.DiskStorageFactory.read(DiskStorageFactory.java:370)
at net.sf.ehcache.store.disk.DiskStorageFactory.retrieve(DiskStorageFactory.java:886)
at net.sf.ehcache.store.disk.Segment.decode(Segment.java:172)
at net.sf.ehcache.store.disk.Segment.put(Segment.java:449)
at net.sf.ehcache.store.disk.DiskStore.put(DiskStore.java:438)
at net.sf.ehcache.store.FrontEndCacheTier.put(FrontEndCacheTier.java:267)
at net.sf.ehcache.Cache.putInternal(Cache.java:1455)
at net.sf.ehcache.Cache.put(Cache.java:1383)
at net.sf.ehcache.Cache.put(Cache.java:1348)

Environment

AEM 6.2 and later versions

Cause

This is caused by the nososerial security fix which is applied to AEM.  To fix the error you can whitelist certain java classes allowing deserialization.

Add a whitelist file by adding this JVM parameter:

-Dnotsoserial.whitelist=is-deserialized.txt

Resolution

-javaagent:notsoserial.jar -Dnotsoserial.whitelist=empty.txt -Dnotsoserial.dryrun=is-deserialized.txt

Dit werk is gelicentieerd onder de Creative Commons Naamsvermelding/Niet-commercieel/Gelijk delen 3.0 Unported-licentie  De voorwaarden van Creative Commons zijn niet van toepassing op Twitter™- en Facebook-berichten.

Juridische kennisgevingen   |   Online privacybeleid