Details
-
Type:
Bug
-
Status:
Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.2.2
-
Fix Version/s: 1.3
-
Component/s: Compatibility
-
Labels:None
-
JDK version and platform:Tomcat 5
Description
Tomcat prints ClassDefNotFoundError at line 277 in XStream.class where the JVM class is first statically instantiated.
Further investigation shows that the JVM class fails in the static block when invoking
final Field[] fields = AttributedString.class.getDeclaredFields();
which is not permitted by the default security properties of catalina in tomcat 5.
Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)
at java.lang.Class.checkMemberAccess(Class.java:2125)
at java.lang.Class.getDeclaredFields(Class.java:1714)
at com.thoughtworks.xstream.core.JVM.<clinit>(JVM.java:27)
A suggested fix is to catch AccessControlException and fall back to a default field order.
I have not checked in what versions this is a problem, but I found it in 1.2.2.
Thank you for a fantastic library!
Activity
Closing issues before next release.
Jörg Schaible
added a comment - Closing issues before next release. 
Thanks for reporting. Fixed in head revision.