当前位置: 文江博客话题详情

Google App Engine 上的 GSON 引发安全异常

发布于 2024-09-05 09:10:08 字数 5713 浏览 3 评论 0原文

我正在尝试使用 Google App Engine 上的 GSON 库将对象转换为 JSON。由于某种原因,它抛出了这个异常,我不明白如何解决这个问题。有什么建议吗?

java.lang.SecurityException: java.lang.IllegalAccessException: Reflection is not allowed on private static final int java.util.BitSet.ADDRESS_BITS_PER_WORD
    at com.google.appengine.runtime.Request.process-8d5b435d6736643f(Request.java)
    at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:29)
    at com.google.gson.ObjectNavigator.navigateClassFields(ObjectNavigator.java:141)
    at com.google.gson.ObjectNavigator.accept(ObjectNavigator.java:123)
    at com.google.gson.JsonSerializationVisitor.getJsonElementForChild(JsonSerializationVisitor.java:148)
    at com.google.gson.JsonSerializationVisitor.addAsArrayElement(JsonSerializationVisitor.java:139)
    at com.google.gson.JsonSerializationVisitor.visitArray(JsonSerializationVisitor.java:83)
    at com.google.gson.ObjectNavigator.accept(ObjectNavigator.java:109)
    at com.google.gson.JsonSerializationVisitor.getJsonElementForChild(JsonSerializationVisitor.java:148)
    at com.google.gson.JsonSerializationVisitor.addAsChildOfObject(JsonSerializationVisitor.java:126)
    at com.google.gson.JsonSerializationVisitor.visitArrayField(JsonSerializationVisitor.java:95)
    at com.google.gson.ObjectNavigator.navigateClassFields(ObjectNavigator.java:154)
    at com.google.gson.ObjectNavigator.accept(ObjectNavigator.java:123)
    at com.google.gson.JsonSerializationContextDefault.serialize(JsonSerializationContextDefault.java:56)
    at com.google.gson.Gson.toJsonTree(Gson.java:230)
    at com.google.gson.Gson.toJson(Gson.java:315)
    at com.google.gson.Gson.toJson(Gson.java:270)
    at com.google.gson.Gson.toJson(Gson.java:250)
    at companionmodel.Sample_Model_PopulateServlet.printOutput(Sample_Model_PopulateServlet.java:59)
    at companionmodel.Sample_Model_PopulateServlet.doGet(Sample_Model_PopulateServlet.java:28)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
    at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
    at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:97)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:35)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
    at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:238)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
    at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
    at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:135)
    at com.google.apphosting.runtime.JavaRuntime.handleRequest(JavaRuntime.java:250)
    at com.google.apphosting.base.RuntimePb$EvaluationRuntime$6.handleBlockingRequest(RuntimePb.java:5838)
    at com.google.apphosting.base.RuntimePb$EvaluationRuntime$6.handleBlockingRequest(RuntimePb.java:5836)
    at com.google.net.rpc.impl.BlockingApplicationHandler.handleRequest(BlockingApplicationHandler.java:24)
    at com.google.net.rpc.impl.RpcUtil.runRpcInApplication(RpcUtil.java:398)
    at com.google.net.rpc.impl.Server$2.run(Server.java:852)
    at com.google.tracing.LocalTraceSpanRunnable.run(LocalTraceSpanRunnable.java:56)
    at com.google.tracing.LocalTraceSpanBuilder.internalContinueSpan(LocalTraceSpanBuilder.java:576)
    at com.google.net.rpc.impl.Server.startRpc(Server.java:807)
    at com.google.net.rpc.impl.Server.processRequest(Server.java:369)
    at com.google.net.rpc.impl.ServerConnection.messageReceived(ServerConnection.java:442)
    at com.google.net.rpc.impl.RpcConnection.parseMessages(RpcConnection.java:319)
    at com.google.net.rpc.impl.RpcConnection.dataReceived(RpcConnection.java:290)
    at com.google.net.async.Connection.handleReadEvent(Connection.java:474)
    at com.google.net.async.EventDispatcher.processNetworkEvents(EventDispatcher.java:831)
    at com.google.net.async.EventDispatcher.internalLoop(EventDispatcher.java:207)
    at com.google.net.async.EventDispatcher.loop(EventDispatcher.java:103)
    at com.google.net.rpc.RpcService.runUntilServerShutdown(RpcService.java:251)
    at com.google.apphosting.runtime.JavaRuntime$RpcRunnable.run(JavaRuntime.java:413)
    at java.lang.Thread.run(Unknown Source)

我正在使用的代码:

Gson gson = new Gson();
String json = gson.toJson(modelObject);
原文

I am trying to convert an object into JSON using the GSON library on Google App Engine. For some reason, it throws this exception and I don't understand how to solve this. Any suggestions?

java.lang.SecurityException: java.lang.IllegalAccessException: Reflection is not allowed on private static final int java.util.BitSet.ADDRESS_BITS_PER_WORD
    at com.google.appengine.runtime.Request.process-8d5b435d6736643f(Request.java)
    at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:29)
    at com.google.gson.ObjectNavigator.navigateClassFields(ObjectNavigator.java:141)
    at com.google.gson.ObjectNavigator.accept(ObjectNavigator.java:123)
    at com.google.gson.JsonSerializationVisitor.getJsonElementForChild(JsonSerializationVisitor.java:148)
    at com.google.gson.JsonSerializationVisitor.addAsArrayElement(JsonSerializationVisitor.java:139)
    at com.google.gson.JsonSerializationVisitor.visitArray(JsonSerializationVisitor.java:83)
    at com.google.gson.ObjectNavigator.accept(ObjectNavigator.java:109)
    at com.google.gson.JsonSerializationVisitor.getJsonElementForChild(JsonSerializationVisitor.java:148)
    at com.google.gson.JsonSerializationVisitor.addAsChildOfObject(JsonSerializationVisitor.java:126)
    at com.google.gson.JsonSerializationVisitor.visitArrayField(JsonSerializationVisitor.java:95)
    at com.google.gson.ObjectNavigator.navigateClassFields(ObjectNavigator.java:154)
    at com.google.gson.ObjectNavigator.accept(ObjectNavigator.java:123)
    at com.google.gson.JsonSerializationContextDefault.serialize(JsonSerializationContextDefault.java:56)
    at com.google.gson.Gson.toJsonTree(Gson.java:230)
    at com.google.gson.Gson.toJson(Gson.java:315)
    at com.google.gson.Gson.toJson(Gson.java:270)
    at com.google.gson.Gson.toJson(Gson.java:250)
    at companionmodel.Sample_Model_PopulateServlet.printOutput(Sample_Model_PopulateServlet.java:59)
    at companionmodel.Sample_Model_PopulateServlet.doGet(Sample_Model_PopulateServlet.java:28)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
    at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
    at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:97)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:35)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
    at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
    at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:238)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
    at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
    at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
    at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:135)
    at com.google.apphosting.runtime.JavaRuntime.handleRequest(JavaRuntime.java:250)
    at com.google.apphosting.base.RuntimePb$EvaluationRuntime$6.handleBlockingRequest(RuntimePb.java:5838)
    at com.google.apphosting.base.RuntimePb$EvaluationRuntime$6.handleBlockingRequest(RuntimePb.java:5836)
    at com.google.net.rpc.impl.BlockingApplicationHandler.handleRequest(BlockingApplicationHandler.java:24)
    at com.google.net.rpc.impl.RpcUtil.runRpcInApplication(RpcUtil.java:398)
    at com.google.net.rpc.impl.Server$2.run(Server.java:852)
    at com.google.tracing.LocalTraceSpanRunnable.run(LocalTraceSpanRunnable.java:56)
    at com.google.tracing.LocalTraceSpanBuilder.internalContinueSpan(LocalTraceSpanBuilder.java:576)
    at com.google.net.rpc.impl.Server.startRpc(Server.java:807)
    at com.google.net.rpc.impl.Server.processRequest(Server.java:369)
    at com.google.net.rpc.impl.ServerConnection.messageReceived(ServerConnection.java:442)
    at com.google.net.rpc.impl.RpcConnection.parseMessages(RpcConnection.java:319)
    at com.google.net.rpc.impl.RpcConnection.dataReceived(RpcConnection.java:290)
    at com.google.net.async.Connection.handleReadEvent(Connection.java:474)
    at com.google.net.async.EventDispatcher.processNetworkEvents(EventDispatcher.java:831)
    at com.google.net.async.EventDispatcher.internalLoop(EventDispatcher.java:207)
    at com.google.net.async.EventDispatcher.loop(EventDispatcher.java:103)
    at com.google.net.rpc.RpcService.runUntilServerShutdown(RpcService.java:251)
    at com.google.apphosting.runtime.JavaRuntime$RpcRunnable.run(JavaRuntime.java:413)
    at java.lang.Thread.run(Unknown Source)

Code I am using:

Gson gson = new Gson();
String json = gson.toJson(modelObject);

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

若水般的淡然安静女子 2024-09-12 09:10:08

应用程序引擎确实支持反射 - 但是您试图反射 JRE 类的私有字段:

反思

申请被允许完整,
不受限制地、反思性地访问其
自己的课程。它可以查询任何私有的
会员,使用
java.lang.reflect.AccessibleObject.setAccessible(),
并读取/设置私有成员。

应用程序还可以反映
关于 JRE 和 API 类,例如
java.lang.String 和
javax.servlet.http.HttpServletRequest。
但是,它只能访问公共
这些类的成员,而不是
受保护或私有。

应用程序无法反映
任何不属于的其他类别
本身,并且它不能使用
setAccessible()方法来规避
这些限制。

...来自 http://code.google.com/appengine/ docs/java/runtime.html#The_Sandbox

我会考虑为 Bitset 编写一个自定义序列化器。

请参阅:http://sites。 google.com/site/gson/gson-user-guide#TOC-Custom-Serialization-and-Deserializ

另外:http://groups.google.com/group/google-gson/browse_thread/thread/535892ffcf691aa/897f27e37 e03ce58?lnk =gst&q=bitset#897f27e37e03ce58

http:// groups.google.com/group/google-gson/browse_thread/thread/535892ffcf691aa

The app engine does support reflection - however you are trying to reflect on a private field of a JRE class:

Reflection

An application is allowed full,
unrestricted, reflective access to its
own classes. It may query any private
members, use
java.lang.reflect.AccessibleObject.setAccessible(),
and read/set private members.

An application can also also reflect
on JRE and API classes, such as
java.lang.String and
javax.servlet.http.HttpServletRequest.
However, it can only access public
members of these classes, not
protected or private.

An application cannot reflect against
any other classes not belonging to
itself, and it can not use the
setAccessible() method to circumvent
these restrictions.

...from http://code.google.com/appengine/docs/java/runtime.html#The_Sandbox:

I'd consider writing a custom serializer for Bitset.

See: http://sites.google.com/site/gson/gson-user-guide#TOC-Custom-Serialization-and-Deserializ

Also: http://groups.google.com/group/google-gson/browse_thread/thread/535892ffcf691aa/897f27e37e03ce58?lnk=gst&q=bitset#897f27e37e03ce58

http://groups.google.com/group/google-gson/browse_thread/thread/535892ffcf691aa

回复 原文
草莓味的萝莉 2024-09-12 09:10:08

您可以使用 .excludeFieldsWithoutExposeAnnotation() 构造 GsonBuilder,并使用 @Expose 注解标记所有序列化字段。在这种情况下,Gson 不会尝试序列化您想要的其他字段。

GsonBuilder gsonBuilder = new GsonBuilder();
gsonBuilder.excludeFieldsWithoutExposeAnnotation();
String json = gsonBuilder.create().toJson(modelObject);

You can construct GsonBuilder with .excludeFieldsWithoutExposeAnnotation(), and mark all serialized fields with @Expose annotation. In this case, Gson doesn't try to serialize fields other that you want.

GsonBuilder gsonBuilder = new GsonBuilder();
gsonBuilder.excludeFieldsWithoutExposeAnnotation();
String json = gsonBuilder.create().toJson(modelObject);
回复 原文
月亮邮递员 2024-09-12 09:10:08

如果 App Engine 不支持反射,那么我们几乎只能编写自己的 toJSON 方法。这可以按如下方式完成(没什么大不了的,但有人可能会发现它很有用):

public SampleObject {

  //...

  /**
   * Convert this object to a JSON object for representation
   */
  public JSONObject toJSON() {
    try {
       JSONObject jsonobj = new JSONObject();
       jsonobj.put("id", this.id);
       jsonobj.put("name", this.name);
       return jsonobj;
    } catch(Exception e) {
       return null;
    }
  }
}

然后,您可以在此对象上使用 toString 方法来打印 JSON 表示形式。我同意这不是最好的,但目前有一些解决方法。

If App Engine does not support Reflection, then we are pretty much left to write our own toJSON method. This can be done as follows (not a big deal but someone might find it useful):

public SampleObject {

  //...

  /**
   * Convert this object to a JSON object for representation
   */
  public JSONObject toJSON() {
    try {
       JSONObject jsonobj = new JSONObject();
       jsonobj.put("id", this.id);
       jsonobj.put("name", this.name);
       return jsonobj;
    } catch(Exception e) {
       return null;
    }
  }
}

Then, you can use a toString method on this object to print out the JSON representation. Not the best I agree but some workaround for now.

回复 原文
谷夏 2024-09-12 09:10:08

我最近遇到了类似的问题。

我运行 Gson 来解析 JSON,它在很长一段时间内运行良好,所以我不担心 GAE 不允许在其平台上进行反射。

我引入了 HashMap Form 类,它在我的本地系统中运行良好,Gson 完美地执行 JSON 解析。

但是,当我将该代码部署到 Google App Engine Cloud 时,它失败了,但出现了以下异常:

java.lang.SecurityException: java.lang.IllegalAccessException: Reflection is not allowed on private final int java.lang.ThreadLocal.threadLocalHashCode

所以现在我已经切换到 Jackson JSON Parser,它更快并且不使用反射 - 但是的 - 更多工作。

I experienced a similar problem recently.

I was running Gson to parse JSON and it worked well for a long time so I didn't worry about GAE not allowing Reflection on it's platform.

I introduced a HashMap the Form class and it worked well in my local system with Gson doing JSON Parse perfectly.

But when I deployed that code to the Google App Engine Cloud it failed with the following exception:

java.lang.SecurityException: java.lang.IllegalAccessException: Reflection is not allowed on private final int java.lang.ThreadLocal.threadLocalHashCode

So now I've switched to Jackson JSON Parser which is faster and does not use reflection - but yes - more work.

回复 原文
~没有更多了~

关于作者

記憶穿過時間隧道

暂无简介

0 文章
0 评论
21 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文