[Geoserver-devel] [JIRA] (GEOS-8725) Class java.util.Map$Entry is not whitelisted for XML parsing.

GeoServer GeoServer Developer
1

Gnafu created an issue

GeoServer / BugGEOS-8725

Class java.util.Map$Entry is not whitelisted for XML parsing.

Issue Type:

BugBug

Affects Versions:

2.14-beta

Assignee:

Unassigned

Created:

30/Apr/18 11:56 AM

Environment:

Plugins:

control-flow-plugin
csw-plugin
grib-plugin
jp2k-plugin
monitor-plugin
netcdf-out-plugin
netcdf-plugin
printing-plugin
wps-plugin

Community Plugins:

authkey-plugin
ncwms-plugin
nsg-wfs-profile-plugin
nsg-wmts-profile-plugin
opensearch-eo-plugin
params-extractor-plugin
status-monitoring-plugin
wfs3-plugin
wmts-multi-dimensional-plugin

Priority:

MediumMedium

Reporter:

Gnafu

Latest commit GEOS-8643 Resolved is preventing my GeoServer instance to start : https://github.com/geoserver/geoserver/commit/729db59399111d9b96dd417a4a8b301aa14796b4

Reverting to commit 50c643f49d9ca1947b92cf52e3e4d6d0832c09de works.

This is the log:

2018-04-29 18:29:34,809 ERROR [config.util] - Class java.util.Map$Entry is not whitelisted for XML parsing. 
This is done to prevent Remote Code Execution attacks, but it might be 
you need this class to be authorized for GeoServer to actually work
If you are a user, you can set a variable named GEOSERVER_XSTREAM_WHITELIST
  with a semicolon separated list of fully qualified names, or patterns
  to match several classes.The variable can be set as a system variable,
  an environment variable, or a servlet context variable, just like
  GEOSERVER_DATA_DIR.
  For example, in order to authorize the org.geoserver.Foo class,
  plus any class in the org.geoserver.custom package, one could set
  a system variable: 
  -DGEOSERVER_XSTREAM_WHITELIST=org.geoserver.Foo;org.geoserver.custom.**
If instead you are a developer, you can call allowTypes/allowTypeHierarchy against
  the XStream used for serialization by rolling a custom
  XStreamPersisterInitializer or customizing your XStreamServiceLoader.
2018-04-29 18:29:34,811 WARN [support.XmlWebApplicationContext] - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dynamicGetLegendGraphicCallback' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-colormap-2.14-SNAPSHOT.jar!/applicationContext.xml]: Cannot resolve reference to bean 'catalog' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'localWorkspaceCatalog' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationContext.xml]: Cannot resolve reference to bean 'advertisedCatalog' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'advertisedCatalog' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationContext.xml]: Cannot resolve reference to bean 'secureCatalog' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'accessRulesDao' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationSecurityContext.xml]: Cannot resolve reference to bean 'rawCatalog' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'rawCatalog' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationContext.xml]: Initialization of bean failed; nested exception is java.lang.RuntimeException: com.thoughtworks.xstream.converters.ConversionException: 
---- Debugging information ----
cause-exception     : org.geoserver.config.util.SecureXStream$ForbiddenClassExceptionEx
cause-message       : Unauthorized class found, see logs for more details on how to handle it: java.util.Map$Entry
class               : org.geoserver.catalog.MetadataMap
required-type       : org.geoserver.catalog.MetadataMap
converter-type      : org.geoserver.config.util.XStreamPersister$TolerantMapConverter
line number         : 30
class[1]            : org.geoserver.config.impl.SettingsInfoImpl
converter-type[1]   : org.geoserver.config.util.XStreamPersister$SettingsInfoConverter
class[2]            : org.geoserver.config.impl.GeoServerInfoImpl
converter-type[2]   : com.thoughtworks.xstream.converters.reflection.ReflectionConverter
version             : 2.14-SNAPSHOT
-------------------------------
2018-04-29 18:29:34,811 WARN [support.DisposableBeanAdapter] - Invocation of destroy method failed on bean with name 'geoServerLoader': java.lang.NullPointerException
2018-04-29 18:29:34,815 ERROR [context.ContextLoader] - Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dynamicGetLegendGraphicCallback' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-colormap-2.14-SNAPSHOT.jar!/applicationContext.xml]: Cannot resolve reference to bean 'catalog' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'localWorkspaceCatalog' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationContext.xml]: Cannot resolve reference to bean 'advertisedCatalog' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'advertisedCatalog' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationContext.xml]: Cannot resolve reference to bean 'secureCatalog' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'accessRulesDao' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationSecurityContext.xml]: Cannot resolve reference to bean 'rawCatalog' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'rawCatalog' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationContext.xml]: Initialization of bean failed; nested exception is java.lang.RuntimeException: com.thoughtworks.xstream.converters.ConversionException: 
---- Debugging information ----
cause-exception     : org.geoserver.config.util.SecureXStream$ForbiddenClassExceptionEx
cause-message       : Unauthorized class found, see logs for more details on how to handle it: java.util.Map$Entry
class               : org.geoserver.catalog.MetadataMap
required-type       : org.geoserver.catalog.MetadataMap
converter-type      : org.geoserver.config.util.XStreamPersister$TolerantMapConverter
line number         : 30
class[1]            : org.geoserver.config.impl.SettingsInfoImpl
converter-type[1]   : org.geoserver.config.util.XStreamPersister$SettingsInfoConverter
class[2]            : org.geoserver.config.impl.GeoServerInfoImpl
converter-type[2]   : com.thoughtworks.xstream.converters.reflection.ReflectionConverter
version             : 2.14-SNAPSHOT
-------------------------------
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1193)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1095)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:866)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:542)
	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
	at org.geoserver.platform.GeoServerContextLoaderListener.contextInitialized(GeoServerContextLoaderListener.java:23)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5118)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5634)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1092)
	at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1984)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'localWorkspaceCatalog' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationContext.xml]: Cannot resolve reference to bean 'advertisedCatalog' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'advertisedCatalog' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationContext.xml]: Cannot resolve reference to bean 'secureCatalog' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'accessRulesDao' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationSecurityContext.xml]: Cannot resolve reference to bean 'rawCatalog' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'rawCatalog' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationContext.xml]: Initialization of bean failed; nested exception is java.lang.RuntimeException: com.thoughtworks.xstream.converters.ConversionException: 
---- Debugging information ----
cause-exception     : org.geoserver.config.util.SecureXStream$ForbiddenClassExceptionEx
cause-message       : Unauthorized class found, see logs for more details on how to handle it: java.util.Map$Entry
class               : org.geoserver.catalog.MetadataMap
required-type       : org.geoserver.catalog.MetadataMap
converter-type      : org.geoserver.config.util.XStreamPersister$TolerantMapConverter
line number         : 30
class[1]            : org.geoserver.config.impl.SettingsInfoImpl
converter-type[1]   : org.geoserver.config.util.XStreamPersister$SettingsInfoConverter
class[2]            : org.geoserver.config.impl.GeoServerInfoImpl
converter-type[2]   : com.thoughtworks.xstream.converters.reflection.ReflectionConverter
version             : 2.14-SNAPSHOT
-------------------------------
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:648)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1193)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1095)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
	... 31 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'advertisedCatalog' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationContext.xml]: Cannot resolve reference to bean 'secureCatalog' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'accessRulesDao' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationSecurityContext.xml]: Cannot resolve reference to bean 'rawCatalog' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'rawCatalog' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationContext.xml]: Initialization of bean failed; nested exception is java.lang.RuntimeException: com.thoughtworks.xstream.converters.ConversionException: 
---- Debugging information ----
cause-exception     : org.geoserver.config.util.SecureXStream$ForbiddenClassExceptionEx
cause-message       : Unauthorized class found, see logs for more details on how to handle it: java.util.Map$Entry
class               : org.geoserver.catalog.MetadataMap
required-type       : org.geoserver.catalog.MetadataMap
converter-type      : org.geoserver.config.util.XStreamPersister$TolerantMapConverter
line number         : 30
class[1]            : org.geoserver.config.impl.SettingsInfoImpl
converter-type[1]   : org.geoserver.config.util.XStreamPersister$SettingsInfoConverter
class[2]            : org.geoserver.config.impl.GeoServerInfoImpl
converter-type[2]   : com.thoughtworks.xstream.converters.reflection.ReflectionConverter
version             : 2.14-SNAPSHOT
-------------------------------
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:648)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1193)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1095)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
	... 43 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'accessRulesDao' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationSecurityContext.xml]: Cannot resolve reference to bean 'rawCatalog' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'rawCatalog' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationContext.xml]: Initialization of bean failed; nested exception is java.lang.RuntimeException: com.thoughtworks.xstream.converters.ConversionException: 
---- Debugging information ----
cause-exception     : org.geoserver.config.util.SecureXStream$ForbiddenClassExceptionEx
cause-message       : Unauthorized class found, see logs for more details on how to handle it: java.util.Map$Entry
class               : org.geoserver.catalog.MetadataMap
required-type       : org.geoserver.catalog.MetadataMap
converter-type      : org.geoserver.config.util.XStreamPersister$TolerantMapConverter
line number         : 30
class[1]            : org.geoserver.config.impl.SettingsInfoImpl
converter-type[1]   : org.geoserver.config.util.XStreamPersister$SettingsInfoConverter
class[2]            : org.geoserver.config.impl.GeoServerInfoImpl
converter-type[2]   : com.thoughtworks.xstream.converters.reflection.ReflectionConverter
version             : 2.14-SNAPSHOT
-------------------------------
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:648)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:145)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1193)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1095)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:296)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
	... 55 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'rawCatalog' defined in URL [jar:file:/var/lib/tomcats/geoserver/webapps/geoserver/WEB-INF/lib/gs-main-2.14-SNAPSHOT.jar!/applicationContext.xml]: Initialization of bean failed; nested exception is java.lang.RuntimeException: com.thoughtworks.xstream.converters.ConversionException: 
---- Debugging information ----
cause-exception     : org.geoserver.config.util.SecureXStream$ForbiddenClassExceptionEx
cause-message       : Unauthorized class found, see logs for more details on how to handle it: java.util.Map$Entry
class               : org.geoserver.catalog.MetadataMap
required-type       : org.geoserver.catalog.MetadataMap
converter-type      : org.geoserver.config.util.XStreamPersister$TolerantMapConverter
line number         : 30
class[1]            : org.geoserver.config.impl.SettingsInfoImpl
converter-type[1]   : org.geoserver.config.util.XStreamPersister$SettingsInfoConverter
class[2]            : org.geoserver.config.impl.GeoServerInfoImpl
converter-type[2]   : com.thoughtworks.xstream.converters.reflection.ReflectionConverter
version             : 2.14-SNAPSHOT
-------------------------------
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:564)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
	... 69 more
Caused by: java.lang.RuntimeException: com.thoughtworks.xstream.converters.ConversionException: 
---- Debugging information ----
cause-exception     : org.geoserver.config.util.SecureXStream$ForbiddenClassExceptionEx
cause-message       : Unauthorized class found, see logs for more details on how to handle it: java.util.Map$Entry
class               : org.geoserver.catalog.MetadataMap
required-type       : org.geoserver.catalog.MetadataMap
converter-type      : org.geoserver.config.util.XStreamPersister$TolerantMapConverter
line number         : 30
class[1]            : org.geoserver.config.impl.SettingsInfoImpl
converter-type[1]   : org.geoserver.config.util.XStreamPersister$SettingsInfoConverter
class[2]            : org.geoserver.config.impl.GeoServerInfoImpl
converter-type[2]   : com.thoughtworks.xstream.converters.reflection.ReflectionConverter
version             : 2.14-SNAPSHOT
-------------------------------
	at org.geoserver.config.GeoServerLoader.postProcessBeforeInitialization(GeoServerLoader.java:270)
	at org.geoserver.config.GeoServerLoaderProxy.postProcessBeforeInitialization(GeoServerLoaderProxy.java:59)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:409)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1620)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:555)
	... 75 more
Caused by: com.thoughtworks.xstream.converters.ConversionException: 
---- Debugging information ----
cause-exception     : org.geoserver.config.util.SecureXStream$ForbiddenClassExceptionEx
cause-message       : Unauthorized class found, see logs for more details on how to handle it: java.util.Map$Entry
class               : org.geoserver.catalog.MetadataMap
required-type       : org.geoserver.catalog.MetadataMap
converter-type      : org.geoserver.config.util.XStreamPersister$TolerantMapConverter
line number         : 30
class[1]            : org.geoserver.config.impl.SettingsInfoImpl
converter-type[1]   : org.geoserver.config.util.XStreamPersister$SettingsInfoConverter
class[2]            : org.geoserver.config.impl.GeoServerInfoImpl
converter-type[2]   : com.thoughtworks.xstream.converters.reflection.ReflectionConverter
version             : 2.14-SNAPSHOT
-------------------------------
	at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:79)
	at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
	at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.unmarshallField(AbstractReflectionConverter.java:503)
	at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.doUnmarshal(AbstractReflectionConverter.java:429)
	at org.geoserver.config.util.XStreamPersister$SettingsInfoConverter.doUnmarshal(XStreamPersister.java:2392)
	at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.unmarshal(AbstractReflectionConverter.java:281)
	at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
	at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
	at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.unmarshallField(AbstractReflectionConverter.java:503)
	at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.doUnmarshal(AbstractReflectionConverter.java:429)
	at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.unmarshal(AbstractReflectionConverter.java:281)
	at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
	at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
	at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50)
	at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134)
	at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
	at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1486)
	at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1466)
	at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1346)
	at org.geoserver.config.util.XStreamPersister.load(XStreamPersister.java:630)
	at org.geoserver.config.GeoServerLoader.depersist(GeoServerLoader.java:952)
	at org.geoserver.config.GeoServerLoader.checkStoresOnStartup(GeoServerLoader.java:413)
	at org.geoserver.config.GeoServerLoader.readCatalog(GeoServerLoader.java:434)
	at org.geoserver.config.GeoServerLoader.readCatalog(GeoServerLoader.java:393)
	at org.geoserver.config.DefaultGeoServerLoader.loadCatalog(DefaultGeoServerLoader.java:36)
	at org.geoserver.config.GeoServerLoader.postProcessBeforeInitialization(GeoServerLoader.java:264)
	... 79 more
Caused by: org.geoserver.config.util.SecureXStream$ForbiddenClassExceptionEx: Unauthorized class found, see logs for more details on how to handle it: java.util.Map$Entry
	at org.geoserver.config.util.SecureXStream$DetailedSecurityExceptionWrapper.realClass(SecureXStream.java:175)
	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125)
	at com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47)
	at com.thoughtworks.xstream.core.util.HierarchicalStreams.readClassType(HierarchicalStreams.java:29)
	at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.readItem(AbstractCollectionConverter.java:72)
	at org.geoserver.config.util.XStreamPersister$TolerantMapConverter.putCurrentEntryIntoMap(XStreamPersister.java:984)
	at com.thoughtworks.xstream.converters.collections.MapConverter.populateMap(MapConverter.java:98)
	at com.thoughtworks.xstream.converters.collections.MapConverter.populateMap(MapConverter.java:92)
	at com.thoughtworks.xstream.converters.collections.MapConverter.unmarshal(MapConverter.java:87)
	at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
	... 104 more
Caused by: com.thoughtworks.xstream.security.ForbiddenClassException: java.util.Map$Entry
	at com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
	at com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74)
	at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125)
	at org.geoserver.config.util.SecureXStream$DetailedSecurityExceptionWrapper.realClass(SecureXStream.java:150)
	... 113 more

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS

This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100083-sha1:301d0eb)

Atlassian logo