|
Loading layer from Oracle Datastore hit a class it shoudln’t and produces this output
11 Nov 11:14:46 ERROR [config.util] - Class com.thoughtworks.xstream.mapper.DynamicProxyMapper$DynamicProxy is not whitelisted for XML parsing.
This is done to prevent Remote Code Execution attacks, but it might be you need this class to be authorized for GeoServer to actually work If you are a user, you can set a variable named GEOSERVER_XSTREAM_WHITELIST
with a semicolon separated list of fully qualified names, or patterns
to match several classes.The variable can be set as a system variable
a enviromment variable, or a servlet context variable, just like
GEOSERVER_DATA_DIR.
For example, in order to authorize the org.geoserver.Foo class,
plus any class in the org.geoserver.custom package, one could set
a system variable:
-DGEOSERVER_XSTREAM_WHITELIST=org.geoserver.Foo;org.geoserver.custom.**
If instead you are a developer, you can call allowTypes/allowTypeHierarchy against
the XStream used for serialization by rolling a custom
XStreamPersisterInitializer or customizing your XStreamServiceLoader.
11 Nov 11:14:46 WARN [org.geoserver] - Failed to load layer for feature type ‘ForriskAlturaMediaEtrs89’
com.thoughtworks.xstream.converters.ConversionException: Unauthorized class found, see logs for more details on how to handle it: com.thoughtworks.xstream.mapper.DynamicProxyMapper$DynamicProxy : Unauthorized class found, see logs for more details on how to handle it: com.thoughtworks.xstream.mapper.DynamicProxyMapper$DynamicProxy
---- Debugging information ----
message : Unauthorized class found, see logs for more details on how to handle it: com.thoughtworks.xstream.mapper.DynamicProxyMapper$DynamicProxy
cause-exception : org.geoserver.config.util.SecureXStream$ForbiddenClassExceptionEx
cause-message : Unauthorized class found, see logs for more details on how to handle it: com.thoughtworks.xstream.mapper.DynamicProxyMapper$DynamicProxy
class : org.geoserver.catalog.impl.LayerInfoImpl
required-type : org.geoserver.catalog.impl.LayerInfoImpl
converter-type : org.geoserver.config.util.XStreamPersister$LayerInfoConverter
line number : 5
version : 2.8.0
at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:79)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50)
at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134)
at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1185)
at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1169)
at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1049)
at org.geoserver.config.util.XStreamPersister.load(XStreamPersister.java:592)
at org.geoserver.config.GeoServerLoader.depersist(GeoServerLoader.java:755)
at org.geoserver.config.GeoServerLoader.readCatalog(GeoServerLoader.java:390)
at org.geoserver.config.GeoServerLoader.readCatalog(GeoServerLoader.java:226)
at org.geoserver.config.DefaultGeoServerLoader.loadCatalog(DefaultGeoServerLoader.java:36)
at org.geoserver.config.GeoServerLoader.postProcessBeforeInitialization(GeoServerLoader.java:112)
at org.geoserver.config.GeoServerLoaderProxy.postProcessBeforeInitialization(GeoServerLoaderProxy.java:59)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:394)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1448)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:323)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)
at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:630)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1035)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:939)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:284)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:323)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)
at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:630)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1035)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:939)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:323)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)
at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:630)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1035)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:939)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:323)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)
at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:630)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1035)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:939)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:607)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:925)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:472)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:388)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:293)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
at org.geoserver.platform.GeoServerContextLoaderListener.contextInitialized(GeoServerContextLoaderListener.java:23)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5003)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5517)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1095)
at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1930)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source) Caused by: org.geoserver.config.util.SecureXStream$ForbiddenClassExceptionEx: Unauthorized class found, see logs for more details on how to handle it: com.thoughtworks.xstream.mapper.DynamicProxyMapper$DynamicProxy
at org.geoserver.config.util.SecureXStream$DetailedSecurityExceptionWrapper.realClass(SecureXStream.java:173)
at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
at com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47)
at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.doUnmarshal(AbstractReflectionConverter.java:401)
at org.geoserver.config.util.XStreamPersister$LayerInfoConverter.doUnmarshal(XStreamPersister.java:1843)
at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.unmarshal(AbstractReflectionConverter.java:257)
at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
… 92 more
Caused by: com.thoughtworks.xstream.security.ForbiddenClassException: com.thoughtworks.xstream.mapper.DynamicProxyMapper$DynamicProxy
at com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
at com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74)
at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:30)
at org.geoserver.config.util.SecureXStream$DetailedSecurityExceptionWrapper.realClass(SecureXStream.java:150)
… 98 more
11 Nov 11:14:46 INFO [org.geoserver] - Loaded feature type ‘ForriskAlturaPrimeraRamaEtrs89’, enabled
11 Nov 11:14:46 INFO [org.geoserver] - Loaded feature type ‘oracle_produccion_forestal’
11 Nov 11:14:46 INFO [org.geoserver] - Loaded layer ‘ForriskAlturaPrimeraRamaEtrs89’
11 Nov 11:14:46 INFO [org.geoserver] - Loaded feature type ‘ForriskAreaBasimetricaEtrs89’, enabled
Layer XML files don’t show anything weird:
Layer.xml
<layer>
<name>ForriskAlturaMediaEtrs89</name>
<id>LayerInfoImpl-3f30cbbb:14d7ae3d4ba:-6323</id>
<type>VECTOR</type>
<defaultStyle>
<id>StyleInfoImpl-4e0b98bf:12475d46fdd:-7fe0</id>
</defaultStyle>
<styles class=“linked-hash-set”>
<style>
<id>StyleInfoImpl-38e82ce1:14cd58a4153:-75bf</id>
</style>
</styles>
<resource class=“featureType”>
<id>FeatureTypeInfoImpl-3f30cbbb:14d7ae3d4ba:-6324</id>
</resource>
<attribution>
<logoWidth>0</logoWidth>
<logoHeight>0</logoHeight>
</attribution>
</layer>
Featuretype.xml
<featureType>
<id>FeatureTypeInfoImpl-3f30cbbb:14d7ae3d4ba:-6324</id>
<name>ForriskAlturaMediaEtrs89</name>
<nativeName>TB_RIESGO_INC_VIENTO_ET89</nativeName>
<namespace>
<id>NamespaceInfoImpl-2828037a:14d74b05c20:-775b</id>
</namespace>
<title>Forrisk - Altura Media (m)</title>
<abstract>TB_RIESGO_INC_VIENTO_ET89</abstract>
<nativeCRS class=“projected”>PROJCS[“UTM Zone 30, (ETRS 89)”,
GEOGCS[“ETRS 89”,
DATUM[“ETRS 89”,
SPHEROID[“GRS 80”, 6378137.0, 298.257222100883]],
PRIMEM[“Greenwich”, 0.0],
UNIT[“degree”, 0.017453292519943295],
AXIS[“Longitude”, EAST],
AXIS[“Latitude”, NORTH]],
PROJECTION[“Transverse_Mercator”],
PARAMETER[“central_meridian”, -3.0],
PARAMETER[“latitude_of_origin”, 0.0],
PARAMETER[“scale_factor”, 0.9996],
PARAMETER[“false_easting”, 500000.0],
PARAMETER[“false_northing”, 0.0],
UNIT[“m”, 1.0],
AXIS[“x”, EAST],
AXIS[“y”, NORTH]]</nativeCRS>
<srs>EPSG:25830</srs>
<nativeBoundingBox>
<minx>463435.23</minx>
<maxx>603054.68</maxx>
<miny>4702205.332</miny>
<maxy>4811327.358</maxy>
</nativeBoundingBox>
<latLonBoundingBox>
<minx>-3.452</minx>
<maxx>-1.726</maxx>
<miny>42.465</miny>
<maxy>43.455</maxy>
<crs>EPSG:4326</crs>
</latLonBoundingBox>
<projectionPolicy>FORCE_DECLARED</projectionPolicy>
<enabled>true</enabled>
<metadata>
<entry key=“cachingEnabled”>false</entry>
</metadata>
<store class=“dataStore”>
<id>DataStoreInfoImpl-2828037a:14d74b05c20:-775a</id>
</store>
<maxFeatures>0</maxFeatures>
<numDecimals>0</numDecimals>
<overridingServiceSRS>false</overridingServiceSRS>
<skipNumberMatched>false</skipNumberMatched>
<circularArcPresent>false</circularArcPresent>
</featureType>
|
