AccessControlException with Wicket on Google App Engine (GAE)

> Hi,
>
> I've encountered now (and have seen reported by other users) several
> different cases where Wicket on GAE throws an AccessControlException
> when serializing an object to a byte array.
>
> Although this is clearly an issue of GAE permissions, I would like to
> ask if someone could give me a hint, why this exception occurs or if
> someone may know a workaround. I've already filed an issue for this on
> the GAE project site [1] and would forward any findings of the wicket
> community.
>
> Below I include snippets of two different stacktraces.
>
> Thanks in advance,
> andr
>
>
> <snip1>
>
> java.security.AccessControlException: access denied
> (java.io.SerializablePermission enableSubclassImplementation)
>     at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>
>     at
> java.security.AccessController.checkPermission(AccessController.java:546)
>     at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>     at
> com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:151)
>
>     at java.io.ObjectOutputStream.<init>(ObjectOutputStream.java:253)
>     at
> org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory$2.<init>(IObjectStreamFactory.java:150)
>
>     at
> org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory.newObjectOutputStream(IObjectStreamFactory.java:114)
>
>     at
> org.apache.wicket.util.lang.Objects.objectToByteArray(Objects.java:1111)
>     at
> org.apache.wicket.protocol.http.pagestore.AbstractPageStore.serializePage(AbstractPageStore.java:203)
>
>
> </snip1>
>
> <snip2>
> (java.io.SerializablePermission enableSubstitution)
>         at java.security.AccessControlContext.checkPermission
> (AccessControlContext.java:264)
>         at java.security.AccessController.checkPermission
> (AccessController.java:427)
>         at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:
> 532)
>         at com.google.appengine.tools.development.DevAppServerFactory
> $CustomSecurityManager.checkPermission(DevAppServerFactory.java:122)
>         at java.io.ObjectOutputStream.enableReplaceObject
> (ObjectOutputStream.java:556)
>         at org.apache.wicket.util.lang.Objects
> $ReplaceObjectOutputStream.<init>(Objects.java:179)
>         at org.apache.wicket.util.lang.Objects
> $ReplaceObjectOutputStream.<init>(Objects.java:170)
>         at
> org.apache.wicket.util.lang.Objects.cloneModel(Objects.java:442)
>         at
> org.apache.wicket.version.undo.ModelChange.<init>(ModelChange.java:
> 103)
>         at
> org.apache.wicket.version.undo.ChangeList.componentModelChanging
> (ChangeList.java:64)
>         at
> org.apache.wicket.version.undo.UndoPageVersionManager.componentModelChangin­g
>
> (UndoPageVersionManager.java:123)
>         at org.apache.wicket.Page.componentModelChanging(Page.java:1555)
>         at org.apache.wicket.Component.modelChanging(Component.java:2197)
>         at
> org.apache.wicket.Component.setDefaultModelObject(Component.java:
> 3020)
>         at
> org.apache.wicket.extensions.markup.html.tabs.TabbedPanel.setSelectedTab
> (TabbedPanel.java:346)
>         at
> org.apache.wicket.extensions.markup.html.tabs.TabbedPanel$5.onClick
> (TabbedPanel.java:327)
>         at
> org.apache.wicket.markup.html.link.Link.onLinkClicked(Link.java:
> 221)
>
>
>
>
> </snip2>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@...
> For additional commands, e-mail: users-help@...
>
>

> I'm sure the answer is "yes" but to be sure: have you done everything
> that is said here
> http://stronglytypedblog.blogspot.com/2009/04/wicket-on-google-app-engine.html
> ?
> Also, what versions of gae sdk and wicket are you using?
>
> A. Maza escribió:
>> Hi,
>>
>> I've encountered now (and have seen reported by other users) several
>> different cases where Wicket on GAE throws an AccessControlException
>> when serializing an object to a byte array.
>>
>> Although this is clearly an issue of GAE permissions, I would like to
>> ask if someone could give me a hint, why this exception occurs or if
>> someone may know a workaround. I've already filed an issue for this on
>> the GAE project site [1] and would forward any findings of the wicket
>> community.
>>
>> Below I include snippets of two different stacktraces.
>>
>> Thanks in advance,
>> andr
>>
>>
>> <snip1>
>>
>> java.security.AccessControlException: access denied
>> (java.io.SerializablePermission enableSubclassImplementation)
>> at
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>
>> at
>> java.security.AccessController.checkPermission(AccessController.java:546)
>> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>> at
>> com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:151)
>>
>> at java.io.ObjectOutputStream.<init>(ObjectOutputStream.java:253)
>> at
>> org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory$2.<init>(IObjectStreamFactory.java:150)
>>
>> at
>> org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory.newObjectOutputStream(IObjectStreamFactory.java:114)
>>
>> at
>> org.apache.wicket.util.lang.Objects.objectToByteArray(Objects.java:1111)
>> at
>> org.apache.wicket.protocol.http.pagestore.AbstractPageStore.serializePage(AbstractPageStore.java:203)
>>
>>
>> </snip1>
>>
>> <snip2>
>> (java.io.SerializablePermission enableSubstitution)
>> at java.security.AccessControlContext.checkPermission
>> (AccessControlContext.java:264)
>> at java.security.AccessController.checkPermission
>> (AccessController.java:427)
>> at java.lang.SecurityManager.checkPermission(SecurityManager.java:
>> 532)
>> at com.google.appengine.tools.development.DevAppServerFactory
>> $CustomSecurityManager.checkPermission(DevAppServerFactory.java:122)
>> at java.io.ObjectOutputStream.enableReplaceObject
>> (ObjectOutputStream.java:556)
>> at org.apache.wicket.util.lang.Objects
>> $ReplaceObjectOutputStream.<init>(Objects.java:179)
>> at org.apache.wicket.util.lang.Objects
>> $ReplaceObjectOutputStream.<init>(Objects.java:170)
>> at org.apache.wicket.util.lang.Objects.cloneModel(Objects.java:442)
>> at org.apache.wicket.version.undo.ModelChange.<init>(ModelChange.java:
>> 103)
>> at org.apache.wicket.version.undo.ChangeList.componentModelChanging
>> (ChangeList.java:64)
>> at
>> org.apache.wicket.version.undo.UndoPageVersionManager.componentModelChangin­g
>>
>> (UndoPageVersionManager.java:123)
>> at org.apache.wicket.Page.componentModelChanging(Page.java:1555)
>> at org.apache.wicket.Component.modelChanging(Component.java:2197)
>> at org.apache.wicket.Component.setDefaultModelObject(Component.java:
>> 3020)
>> at
>> org.apache.wicket.extensions.markup.html.tabs.TabbedPanel.setSelectedTab
>> (TabbedPanel.java:346)
>> at org.apache.wicket.extensions.markup.html.tabs.TabbedPanel$5.onClick
>> (TabbedPanel.java:327)
>> at org.apache.wicket.markup.html.link.Link.onLinkClicked(Link.java:
>> 221)
>>
>>
>>
>>
>> </snip2>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@...
>> For additional commands, e-mail: users-help@...
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@...
> For additional commands, e-mail: users-help@...
>

> yes, except the fact that I am trying to use a Memcache-based
> implementation of the IPageStore instead of the HTTPSessionStore
> (based on the TerracottaPageStore. However, in my case the exception
> occurs when I am trying to serialize the page using the provided
> method of the AbstractPageStore.
>
> The exception of the second stacktrace I posted was reported by
> another user in the GAE forum [1], but happening in a totally
> different scenario.
>
> In my initial post I forgot the link to the issue I have opened on the
> GAE project site. [2]
>
> I am using Wicket 1.4.3 (I have also tried it with 1.4.2) and the
> latest GAE SDK (1.2.6)
>
> regards,
> andr
>
>
>
> [1]
> <http://groups.google.com/group/google-appengine-java/browse_thread/thread/b80648c126778ef5/0a259ba5bba8078f?lnk=gst&q=wicket+accesscontrolexception#0a259ba5bba8078f>
>
>
> [2] <http://code.google.com/p/googleappengine/issues/detail?id=2334>
>
>
>
>
>
>
>
> On 29.10.2009 21:56, Esteban Masoero wrote:
>> I'm sure the answer is "yes" but to be sure: have you done everything
>> that is said here
>> http://stronglytypedblog.blogspot.com/2009/04/wicket-on-google-app-engine.html 
>>
>> ?
>> Also, what versions of gae sdk and wicket are you using?
>>
>> A. Maza escribió:
>>> Hi,
>>>
>>> I've encountered now (and have seen reported by other users) several
>>> different cases where Wicket on GAE throws an AccessControlException
>>> when serializing an object to a byte array.
>>>
>>> Although this is clearly an issue of GAE permissions, I would like to
>>> ask if someone could give me a hint, why this exception occurs or if
>>> someone may know a workaround. I've already filed an issue for this on
>>> the GAE project site [1] and would forward any findings of the wicket
>>> community.
>>>
>>> Below I include snippets of two different stacktraces.
>>>
>>> Thanks in advance,
>>> andr
>>>
>>>
>>> <snip1>
>>>
>>> java.security.AccessControlException: access denied
>>> (java.io.SerializablePermission enableSubclassImplementation)
>>> at
>>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>>
>>>
>>> at
>>> java.security.AccessController.checkPermission(AccessController.java:546)
>>>
>>> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>> at
>>> com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:151)
>>>
>>>
>>> at java.io.ObjectOutputStream.<init>(ObjectOutputStream.java:253)
>>> at
>>> org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory$2.<init>(IObjectStreamFactory.java:150)
>>>
>>>
>>> at
>>> org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory.newObjectOutputStream(IObjectStreamFactory.java:114)
>>>
>>>
>>> at
>>> org.apache.wicket.util.lang.Objects.objectToByteArray(Objects.java:1111)
>>>
>>> at
>>> org.apache.wicket.protocol.http.pagestore.AbstractPageStore.serializePage(AbstractPageStore.java:203)
>>>
>>>
>>>
>>> </snip1>
>>>
>>> <snip2>
>>> (java.io.SerializablePermission enableSubstitution)
>>> at java.security.AccessControlContext.checkPermission
>>> (AccessControlContext.java:264)
>>> at java.security.AccessController.checkPermission
>>> (AccessController.java:427)
>>> at java.lang.SecurityManager.checkPermission(SecurityManager.java:
>>> 532)
>>> at com.google.appengine.tools.development.DevAppServerFactory
>>> $CustomSecurityManager.checkPermission(DevAppServerFactory.java:122)
>>> at java.io.ObjectOutputStream.enableReplaceObject
>>> (ObjectOutputStream.java:556)
>>> at org.apache.wicket.util.lang.Objects
>>> $ReplaceObjectOutputStream.<init>(Objects.java:179)
>>> at org.apache.wicket.util.lang.Objects
>>> $ReplaceObjectOutputStream.<init>(Objects.java:170)
>>> at org.apache.wicket.util.lang.Objects.cloneModel(Objects.java:442)
>>> at org.apache.wicket.version.undo.ModelChange.<init>(ModelChange.java:
>>> 103)
>>> at org.apache.wicket.version.undo.ChangeList.componentModelChanging
>>> (ChangeList.java:64)
>>> at
>>> org.apache.wicket.version.undo.UndoPageVersionManager.componentModelChangin­g
>>>
>>>
>>> (UndoPageVersionManager.java:123)
>>> at org.apache.wicket.Page.componentModelChanging(Page.java:1555)
>>> at org.apache.wicket.Component.modelChanging(Component.java:2197)
>>> at org.apache.wicket.Component.setDefaultModelObject(Component.java:
>>> 3020)
>>> at
>>> org.apache.wicket.extensions.markup.html.tabs.TabbedPanel.setSelectedTab
>>>
>>> (TabbedPanel.java:346)
>>> at org.apache.wicket.extensions.markup.html.tabs.TabbedPanel$5.onClick
>>> (TabbedPanel.java:327)
>>> at org.apache.wicket.markup.html.link.Link.onLinkClicked(Link.java:
>>> 221)
>>>
>>>
>>>
>>>
>>> </snip2>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@...
>>> For additional commands, e-mail: users-help@...
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@...
>> For additional commands, e-mail: users-help@...
>>
>

> just to circumvent the problem for a while, I am thinking of the following
> workaround:
>
> what would be the implications if I change the implementation of
> IObjectStreamFactor.DefaultObjectStreamFactory so that
> newObjectInputStream() and newObjectOutputStream return the regular  JDK
> ObjectInputStream and ObjectOutputStream, respectively?
>
> To my mind, this would eliminate the AccessControlException problem since I
> am not subclassing ObjectInputStream and ObjectOutputStream.
>
> thanks,
> andr
>
>
> On 30.10.2009 10:27, A. Maza wrote:
>>
>> yes, except the fact that I am trying to use a Memcache-based
>> implementation of the IPageStore instead of the HTTPSessionStore (based on
>> the TerracottaPageStore. However, in my case the exception occurs when I am
>> trying to serialize the page using the provided method of the
>> AbstractPageStore.
>>
>> The exception of the second stacktrace I posted was reported by another
>> user in the GAE forum [1], but happening in a totally different scenario.
>>
>> In my initial post I forgot the link to the issue I have opened on the GAE
>> project site. [2]
>>
>> I am using Wicket 1.4.3 (I have also tried it with 1.4.2) and the latest
>> GAE SDK (1.2.6)
>>
>> regards,
>> andr
>>
>>
>>
>> [1]
>> <http://groups.google.com/group/google-appengine-java/browse_thread/thread/b80648c126778ef5/0a259ba5bba8078f?lnk=gst&q=wicket+accesscontrolexception#0a259ba5bba8078f>
>>
>> [2] <http://code.google.com/p/googleappengine/issues/detail?id=2334>
>>
>>
>>
>>
>>
>>
>>
>> On 29.10.2009 21:56, Esteban Masoero wrote:
>>>
>>> I'm sure the answer is "yes" but to be sure: have you done everything
>>> that is said here
>>>
>>> http://stronglytypedblog.blogspot.com/2009/04/wicket-on-google-app-engine.html
>>> ?
>>> Also, what versions of gae sdk and wicket are you using?
>>>
>>> A. Maza escribió:
>>>>
>>>> Hi,
>>>>
>>>> I've encountered now (and have seen reported by other users) several
>>>> different cases where Wicket on GAE throws an AccessControlException
>>>> when serializing an object to a byte array.
>>>>
>>>> Although this is clearly an issue of GAE permissions, I would like to
>>>> ask if someone could give me a hint, why this exception occurs or if
>>>> someone may know a workaround. I've already filed an issue for this on
>>>> the GAE project site [1] and would forward any findings of the wicket
>>>> community.
>>>>
>>>> Below I include snippets of two different stacktraces.
>>>>
>>>> Thanks in advance,
>>>> andr
>>>>
>>>>
>>>> <snip1>
>>>>
>>>> java.security.AccessControlException: access denied
>>>> (java.io.SerializablePermission enableSubclassImplementation)
>>>> at
>>>>
>>>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>>>
>>>> at
>>>>
>>>> java.security.AccessController.checkPermission(AccessController.java:546)
>>>> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>>> at
>>>>
>>>> com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:151)
>>>>
>>>> at java.io.ObjectOutputStream.<init>(ObjectOutputStream.java:253)
>>>> at
>>>>
>>>> org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory$2.<init>(IObjectStreamFactory.java:150)
>>>>
>>>> at
>>>>
>>>> org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory.newObjectOutputStream(IObjectStreamFactory.java:114)
>>>>
>>>> at
>>>> org.apache.wicket.util.lang.Objects.objectToByteArray(Objects.java:1111)
>>>> at
>>>>
>>>> org.apache.wicket.protocol.http.pagestore.AbstractPageStore.serializePage(AbstractPageStore.java:203)
>>>>
>>>>
>>>> </snip1>
>>>>
>>>> <snip2>
>>>> (java.io.SerializablePermission enableSubstitution)
>>>> at java.security.AccessControlContext.checkPermission
>>>> (AccessControlContext.java:264)
>>>> at java.security.AccessController.checkPermission
>>>> (AccessController.java:427)
>>>> at java.lang.SecurityManager.checkPermission(SecurityManager.java:
>>>> 532)
>>>> at com.google.appengine.tools.development.DevAppServerFactory
>>>> $CustomSecurityManager.checkPermission(DevAppServerFactory.java:122)
>>>> at java.io.ObjectOutputStream.enableReplaceObject
>>>> (ObjectOutputStream.java:556)
>>>> at org.apache.wicket.util.lang.Objects
>>>> $ReplaceObjectOutputStream.<init>(Objects.java:179)
>>>> at org.apache.wicket.util.lang.Objects
>>>> $ReplaceObjectOutputStream.<init>(Objects.java:170)
>>>> at org.apache.wicket.util.lang.Objects.cloneModel(Objects.java:442)
>>>> at org.apache.wicket.version.undo.ModelChange.<init>(ModelChange.java:
>>>> 103)
>>>> at org.apache.wicket.version.undo.ChangeList.componentModelChanging
>>>> (ChangeList.java:64)
>>>> at
>>>>
>>>> org.apache.wicket.version.undo.UndoPageVersionManager.componentModelChangin­g
>>>>
>>>> (UndoPageVersionManager.java:123)
>>>> at org.apache.wicket.Page.componentModelChanging(Page.java:1555)
>>>> at org.apache.wicket.Component.modelChanging(Component.java:2197)
>>>> at org.apache.wicket.Component.setDefaultModelObject(Component.java:
>>>> 3020)
>>>> at
>>>> org.apache.wicket.extensions.markup.html.tabs.TabbedPanel.setSelectedTab
>>>> (TabbedPanel.java:346)
>>>> at org.apache.wicket.extensions.markup.html.tabs.TabbedPanel$5.onClick
>>>> (TabbedPanel.java:327)
>>>> at org.apache.wicket.markup.html.link.Link.onLinkClicked(Link.java:
>>>> 221)
>>>>
>>>>
>>>>
>>>>
>>>> </snip2>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@...
>>>> For additional commands, e-mail: users-help@...
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@...
>>> For additional commands, e-mail: users-help@...
>>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@...
> For additional commands, e-mail: users-help@...
>
>

> that should most likely work without problems.
>
> -igor
>
> On Mon, Nov 2, 2009 at 1:47 AM, Andreas Maza<andr.maza@...>  wrote:
>> just to circumvent the problem for a while, I am thinking of the following
>> workaround:
>>
>> what would be the implications if I change the implementation of
>> IObjectStreamFactor.DefaultObjectStreamFactory so that
>> newObjectInputStream() and newObjectOutputStream return the regular  JDK
>> ObjectInputStream and ObjectOutputStream, respectively?
>>
>> To my mind, this would eliminate the AccessControlException problem since I
>> am not subclassing ObjectInputStream and ObjectOutputStream.
>>
>> thanks,
>> andr
>>
>>
>> On 30.10.2009 10:27, A. Maza wrote:
>>>
>>> yes, except the fact that I am trying to use a Memcache-based
>>> implementation of the IPageStore instead of the HTTPSessionStore (based on
>>> the TerracottaPageStore. However, in my case the exception occurs when I am
>>> trying to serialize the page using the provided method of the
>>> AbstractPageStore.
>>>
>>> The exception of the second stacktrace I posted was reported by another
>>> user in the GAE forum [1], but happening in a totally different scenario.
>>>
>>> In my initial post I forgot the link to the issue I have opened on the GAE
>>> project site. [2]
>>>
>>> I am using Wicket 1.4.3 (I have also tried it with 1.4.2) and the latest
>>> GAE SDK (1.2.6)
>>>
>>> regards,
>>> andr
>>>
>>>
>>>
>>> [1]
>>> <http://groups.google.com/group/google-appengine-java/browse_thread/thread/b80648c126778ef5/0a259ba5bba8078f?lnk=gst&q=wicket+accesscontrolexception#0a259ba5bba8078f>
>>>
>>> [2]<http://code.google.com/p/googleappengine/issues/detail?id=2334>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 29.10.2009 21:56, Esteban Masoero wrote:
>>>>
>>>> I'm sure the answer is "yes" but to be sure: have you done everything
>>>> that is said here
>>>>
>>>> http://stronglytypedblog.blogspot.com/2009/04/wicket-on-google-app-engine.html
>>>> ?
>>>> Also, what versions of gae sdk and wicket are you using?
>>>>
>>>> A. Maza escribió:
>>>>>
>>>>> Hi,
>>>>>
>>>>> I've encountered now (and have seen reported by other users) several
>>>>> different cases where Wicket on GAE throws an AccessControlException
>>>>> when serializing an object to a byte array.
>>>>>
>>>>> Although this is clearly an issue of GAE permissions, I would like to
>>>>> ask if someone could give me a hint, why this exception occurs or if
>>>>> someone may know a workaround. I've already filed an issue for this on
>>>>> the GAE project site [1] and would forward any findings of the wicket
>>>>> community.
>>>>>
>>>>> Below I include snippets of two different stacktraces.
>>>>>
>>>>> Thanks in advance,
>>>>> andr
>>>>>
>>>>>
>>>>> <snip1>
>>>>>
>>>>> java.security.AccessControlException: access denied
>>>>> (java.io.SerializablePermission enableSubclassImplementation)
>>>>> at
>>>>>
>>>>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>>>>
>>>>> at
>>>>>
>>>>> java.security.AccessController.checkPermission(AccessController.java:546)
>>>>> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>>>> at
>>>>>
>>>>> com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:151)
>>>>>
>>>>> at java.io.ObjectOutputStream.<init>(ObjectOutputStream.java:253)
>>>>> at
>>>>>
>>>>> org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory$2.<init>(IObjectStreamFactory.java:150)
>>>>>
>>>>> at
>>>>>
>>>>> org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory.newObjectOutputStream(IObjectStreamFactory.java:114)
>>>>>
>>>>> at
>>>>> org.apache.wicket.util.lang.Objects.objectToByteArray(Objects.java:1111)
>>>>> at
>>>>>
>>>>> org.apache.wicket.protocol.http.pagestore.AbstractPageStore.serializePage(AbstractPageStore.java:203)
>>>>>
>>>>>
>>>>> </snip1>
>>>>>
>>>>> <snip2>
>>>>> (java.io.SerializablePermission enableSubstitution)
>>>>> at java.security.AccessControlContext.checkPermission
>>>>> (AccessControlContext.java:264)
>>>>> at java.security.AccessController.checkPermission
>>>>> (AccessController.java:427)
>>>>> at java.lang.SecurityManager.checkPermission(SecurityManager.java:
>>>>> 532)
>>>>> at com.google.appengine.tools.development.DevAppServerFactory
>>>>> $CustomSecurityManager.checkPermission(DevAppServerFactory.java:122)
>>>>> at java.io.ObjectOutputStream.enableReplaceObject
>>>>> (ObjectOutputStream.java:556)
>>>>> at org.apache.wicket.util.lang.Objects
>>>>> $ReplaceObjectOutputStream.<init>(Objects.java:179)
>>>>> at org.apache.wicket.util.lang.Objects
>>>>> $ReplaceObjectOutputStream.<init>(Objects.java:170)
>>>>> at org.apache.wicket.util.lang.Objects.cloneModel(Objects.java:442)
>>>>> at org.apache.wicket.version.undo.ModelChange.<init>(ModelChange.java:
>>>>> 103)
>>>>> at org.apache.wicket.version.undo.ChangeList.componentModelChanging
>>>>> (ChangeList.java:64)
>>>>> at
>>>>>
>>>>> org.apache.wicket.version.undo.UndoPageVersionManager.componentModelChangin­g
>>>>>
>>>>> (UndoPageVersionManager.java:123)
>>>>> at org.apache.wicket.Page.componentModelChanging(Page.java:1555)
>>>>> at org.apache.wicket.Component.modelChanging(Component.java:2197)
>>>>> at org.apache.wicket.Component.setDefaultModelObject(Component.java:
>>>>> 3020)
>>>>> at
>>>>> org.apache.wicket.extensions.markup.html.tabs.TabbedPanel.setSelectedTab
>>>>> (TabbedPanel.java:346)
>>>>> at org.apache.wicket.extensions.markup.html.tabs.TabbedPanel$5.onClick
>>>>> (TabbedPanel.java:327)
>>>>> at org.apache.wicket.markup.html.link.Link.onLinkClicked(Link.java:
>>>>> 221)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> </snip2>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@...
>>>>> For additional commands, e-mail: users-help@...
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@...
>>>> For additional commands, e-mail: users-help@...
>>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@...
>> For additional commands, e-mail: users-help@...
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@...
> For additional commands, e-mail: users-help@...
>

> Thanks Igor,
>
>
> I have seen that the Objects class provides a static setter in order to use
> a different Implementation of IObjectStreamFactory instead of the
> DefaultObjectStreamFactory.
>
> Where would you recommend to place the code to set my own implementation of
> IObjectStreamFactory using the static setter provided by Objects. I am not
> sure if it is "enough" to place it in the init method of my class that
> derives from org.apache.wicket.Application. (i.e., may the Objects instance
> be cleared at some time by the GC?)
>
> thanks,
> andr
>
>
>
>
>
>
> On 02.11.2009 17:28, Igor Vaynberg wrote:
>>
>> that should most likely work without problems.
>>
>> -igor
>>
>> On Mon, Nov 2, 2009 at 1:47 AM, Andreas Maza<andr.maza@...>  wrote:
>>>
>>> just to circumvent the problem for a while, I am thinking of the
>>> following
>>> workaround:
>>>
>>> what would be the implications if I change the implementation of
>>> IObjectStreamFactor.DefaultObjectStreamFactory so that
>>> newObjectInputStream() and newObjectOutputStream return the regular  JDK
>>> ObjectInputStream and ObjectOutputStream, respectively?
>>>
>>> To my mind, this would eliminate the AccessControlException problem since
>>> I
>>> am not subclassing ObjectInputStream and ObjectOutputStream.
>>>
>>> thanks,
>>> andr
>>>
>>>
>>> On 30.10.2009 10:27, A. Maza wrote:
>>>>
>>>> yes, except the fact that I am trying to use a Memcache-based
>>>> implementation of the IPageStore instead of the HTTPSessionStore (based
>>>> on
>>>> the TerracottaPageStore. However, in my case the exception occurs when I
>>>> am
>>>> trying to serialize the page using the provided method of the
>>>> AbstractPageStore.
>>>>
>>>> The exception of the second stacktrace I posted was reported by another
>>>> user in the GAE forum [1], but happening in a totally different
>>>> scenario.
>>>>
>>>> In my initial post I forgot the link to the issue I have opened on the
>>>> GAE
>>>> project site. [2]
>>>>
>>>> I am using Wicket 1.4.3 (I have also tried it with 1.4.2) and the latest
>>>> GAE SDK (1.2.6)
>>>>
>>>> regards,
>>>> andr
>>>>
>>>>
>>>>
>>>> [1]
>>>>
>>>> <http://groups.google.com/group/google-appengine-java/browse_thread/thread/b80648c126778ef5/0a259ba5bba8078f?lnk=gst&q=wicket+accesscontrolexception#0a259ba5bba8078f>
>>>>
>>>> [2]<http://code.google.com/p/googleappengine/issues/detail?id=2334>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 29.10.2009 21:56, Esteban Masoero wrote:
>>>>>
>>>>> I'm sure the answer is "yes" but to be sure: have you done everything
>>>>> that is said here
>>>>>
>>>>>
>>>>> http://stronglytypedblog.blogspot.com/2009/04/wicket-on-google-app-engine.html
>>>>> ?
>>>>> Also, what versions of gae sdk and wicket are you using?
>>>>>
>>>>> A. Maza escribió:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I've encountered now (and have seen reported by other users) several
>>>>>> different cases where Wicket on GAE throws an AccessControlException
>>>>>> when serializing an object to a byte array.
>>>>>>
>>>>>> Although this is clearly an issue of GAE permissions, I would like to
>>>>>> ask if someone could give me a hint, why this exception occurs or if
>>>>>> someone may know a workaround. I've already filed an issue for this on
>>>>>> the GAE project site [1] and would forward any findings of the wicket
>>>>>> community.
>>>>>>
>>>>>> Below I include snippets of two different stacktraces.
>>>>>>
>>>>>> Thanks in advance,
>>>>>> andr
>>>>>>
>>>>>>
>>>>>> <snip1>
>>>>>>
>>>>>> java.security.AccessControlException: access denied
>>>>>> (java.io.SerializablePermission enableSubclassImplementation)
>>>>>> at
>>>>>>
>>>>>>
>>>>>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>>>>>>
>>>>>> at
>>>>>>
>>>>>>
>>>>>> java.security.AccessController.checkPermission(AccessController.java:546)
>>>>>> at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>>>>>> at
>>>>>>
>>>>>>
>>>>>> com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:151)
>>>>>>
>>>>>> at java.io.ObjectOutputStream.<init>(ObjectOutputStream.java:253)
>>>>>> at
>>>>>>
>>>>>>
>>>>>> org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory$2.<init>(IObjectStreamFactory.java:150)
>>>>>>
>>>>>> at
>>>>>>
>>>>>>
>>>>>> org.apache.wicket.util.io.IObjectStreamFactory$DefaultObjectStreamFactory.newObjectOutputStream(IObjectStreamFactory.java:114)
>>>>>>
>>>>>> at
>>>>>>
>>>>>> org.apache.wicket.util.lang.Objects.objectToByteArray(Objects.java:1111)
>>>>>> at
>>>>>>
>>>>>>
>>>>>> org.apache.wicket.protocol.http.pagestore.AbstractPageStore.serializePage(AbstractPageStore.java:203)
>>>>>>
>>>>>>
>>>>>> </snip1>
>>>>>>
>>>>>> <snip2>
>>>>>> (java.io.SerializablePermission enableSubstitution)
>>>>>> at java.security.AccessControlContext.checkPermission
>>>>>> (AccessControlContext.java:264)
>>>>>> at java.security.AccessController.checkPermission
>>>>>> (AccessController.java:427)
>>>>>> at java.lang.SecurityManager.checkPermission(SecurityManager.java:
>>>>>> 532)
>>>>>> at com.google.appengine.tools.development.DevAppServerFactory
>>>>>> $CustomSecurityManager.checkPermission(DevAppServerFactory.java:122)
>>>>>> at java.io.ObjectOutputStream.enableReplaceObject
>>>>>> (ObjectOutputStream.java:556)
>>>>>> at org.apache.wicket.util.lang.Objects
>>>>>> $ReplaceObjectOutputStream.<init>(Objects.java:179)
>>>>>> at org.apache.wicket.util.lang.Objects
>>>>>> $ReplaceObjectOutputStream.<init>(Objects.java:170)
>>>>>> at org.apache.wicket.util.lang.Objects.cloneModel(Objects.java:442)
>>>>>> at org.apache.wicket.version.undo.ModelChange.<init>(ModelChange.java:
>>>>>> 103)
>>>>>> at org.apache.wicket.version.undo.ChangeList.componentModelChanging
>>>>>> (ChangeList.java:64)
>>>>>> at
>>>>>>
>>>>>>
>>>>>> org.apache.wicket.version.undo.UndoPageVersionManager.componentModelChangin­g
>>>>>>
>>>>>> (UndoPageVersionManager.java:123)
>>>>>> at org.apache.wicket.Page.componentModelChanging(Page.java:1555)
>>>>>> at org.apache.wicket.Component.modelChanging(Component.java:2197)
>>>>>> at org.apache.wicket.Component.setDefaultModelObject(Component.java:
>>>>>> 3020)
>>>>>> at
>>>>>>
>>>>>> org.apache.wicket.extensions.markup.html.tabs.TabbedPanel.setSelectedTab
>>>>>> (TabbedPanel.java:346)
>>>>>> at org.apache.wicket.extensions.markup.html.tabs.TabbedPanel$5.onClick
>>>>>> (TabbedPanel.java:327)
>>>>>> at org.apache.wicket.markup.html.link.Link.onLinkClicked(Link.java:
>>>>>> 221)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> </snip2>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@...
>>>>>> For additional commands, e-mail: users-help@...
>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@...
>>>>> For additional commands, e-mail: users-help@...
>>>>>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@...
>>> For additional commands, e-mail: users-help@...
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@...
>> For additional commands, e-mail: users-help@...
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@...
> For additional commands, e-mail: users-help@...
>
>