Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-81014

xstream-security module not working in atlas-debug mode

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • None
    • 7.18.0
    • Server - Platform
    • None

      Issue Summary

      This is reproducible on Data Center: yes

      Use the new module like this:

      <xstream-security key = "xstream-set" name="Some XStream allowlist set">
          <wildcard>**</wildcard>
      </xstream-security> 

      does not work.

      Steps to Reproduce

      1. Create an app that uses <xstream-security/>
      2. Use atlas-debug to start Confluence

      Expected Results

      The app runs without error

      Actual Results

      The below exception is thrown in the atlassian-conflence.log file:

      2022-08-22 09:01:36,891 ERROR [ThreadPoolAsyncTaskExecutor::Thread 31] [plugin.osgi.factory.OsgiPlugin] onPluginContainerFailed Unable to start the plugin container for plugin 'com.company.myplugin'
       -- url: /confluence/rest/plugins/1.0/ | traceId: 401ca2d490aee6a6 | userName: admin
      org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'sampleComponent': Invocation of init method failed; nested exception is com.atlassian.confluence.api.service.exceptions.ServiceException: Could not deserialize object as XStream might not be properly initialized

      Workaround

      When using atlas-debug add

      <configuration>
          <systemPropertyVariables>
      	<xstream.allowlist.enable>false</xstream.allowlist.enable>
          </systemPropertyVariables>
      </configuration> 

              19cb521e4007 Ajay Sharma (Inactive)
              jrichards@atlassian.com James Richards
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: