If I configure JAXB to access the class fields -
@XmlAccessorType(XmlAccessType.FIELD) - instead of using getters&setters
methods, Glassfish throws an exception during the data serialization. I am using
the Jersey framework to expose web-services and the ability to serialize classes
through its fields if a common requirement.
If I disable to SecurityManager, everything works fine.
I am not sure if there is a configuration somewhere to unleash the fields
serialization, or other safe workaround - but IMO the behaviour of JAXB
serialization should not be constraint by the security manager.
I created a small project for testing this issue, it is attached to this report.
How to test:
1) Deploy the war file to Glassfish and open the below URL. It will fail due to
the fields access issue.
2) Edit the file
and comment or remove the line:
3) build and redeploy the project:
mvn compile package
asadmin undeploy JerseyTest
asadmin deploy target/JerseyTest.war
4) refresh the test URL in your browser:
it will work now.
1) A configuration through the asadmin CLI or via graphical interface - by
poject is enough.
2) Configuration instructions on how to allow FIELD access with Security Manager.
3) a simple bug fix and normal operation