Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-76491

Adding anything to FreeMarker Engine's Allowed Classes makes the portal unuseable

    XMLWordPrintable

Details

    Description

      Reproduction steps:
      1) Go to Control Panel -> Configuration -> System Settings -> Foundation
      2) Open FreeMarker Engine
      3) In the Allowed Classes field, write anything like:
      mistypedthisthing
      4) Save
      Notice the exception in the log.
      5) Restart the server
      Result: the server can't load the mistyped class and throws exceptions, the portal cannot start:

      2017-12-13 15:50:09.967 INFO  [Start Level: Equinox Container: d0ded520-1de0-0017-12ac-c12153af2b94][BundleStartStopLogger:35] STARTED com.liferay.portal.store.safe.file.name.wrapper_1.0.4 [148]
2017-12-13 15:50:09.973 INFO  [Start Level: Equinox Container: d0ded520-1de0-0017-12ac-c12153af2b94][BundleStartStopLogger:35] STARTED com.liferay.portal.template.freemarker_3.0.2 [149]
2017-12-13 15:50:10.059 ERROR [Start Level: Equinox Container: d0ded520-1de0-0017-12ac-c12153af2b94][com_liferay_portal_template_freemarker:97] [com.liferay.portal.template.freemarker.internal.LiferayTemplateClassResolver(486)] The activate method has thrown an exception
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
        at java.lang.String.substring(String.java:1967)
        at com.liferay.portal.template.freemarker.internal.LiferayTemplateClassResolver.findClassLoader(LiferayTemplateClassResolver.java:202)
        at com.liferay.portal.template.freemarker.internal.LiferayTemplateClassResolver.findClassLoader(LiferayTemplateClassResolver.java:234)
        at com.liferay.portal.template.freemarker.internal.LiferayTemplateClassResolver$ClassLoaderBundleTrackerCustomizer.addingBundle(LiferayTemplateClassResolver.java:316)
        at com.liferay.portal.template.freemarker.internal.LiferayTemplateClassResolver$ClassLoaderBundleTrackerCustomizer.addingBundle(LiferayTemplateClassResolver.java:309)
        at org.osgi.util.tracker.BundleTracker$Tracked.customizerAdding(BundleTracker.java:469)
        at org.osgi.util.tracker.BundleTracker$Tracked.customizerAdding(BundleTracker.java:1)
        at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256)
        at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183)
        at org.osgi.util.tracker.BundleTracker.open(BundleTracker.java:156)
        at com.liferay.portal.template.freemarker.internal.LiferayTemplateClassResolver.activate(LiferayTemplateClassResolver.java:146)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.felix.scr.impl.inject.BaseMethod.invokeMethod(BaseMethod.java:224)
        at org.apache.felix.scr.impl.inject.BaseMethod.access$500(BaseMethod.java:39)
        at org.apache.felix.scr.impl.inject.BaseMethod$Resolved.invoke(BaseMethod.java:617)
        at org.apache.felix.scr.impl.inject.BaseMethod.invoke(BaseMethod.java:501)
        at org.apache.felix.scr.impl.inject.ActivateMethod.invoke(ActivateMethod.java:302)
        at org.apache.felix.scr.impl.inject.ActivateMethod.invoke(ActivateMethod.java:294)
        at org.apache.felix.scr.impl.manager.SingleComponentManager.createImplementationObject(SingleComponentManager.java:297)
        at org.apache.felix.scr.impl.manager.SingleComponentManager.createComponent(SingleComponentManager.java:108)
        at org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:906)
        at org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:879)
        at org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:823)
        at org.eclipse.osgi.internal.serviceregistry.ServiceFactoryUse$1.run(ServiceFactoryUse.java:212)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.eclipse.osgi.internal.serviceregistry.ServiceFactoryUse.factoryGetService(ServiceFactoryUse.java:210)
        at org.eclipse.osgi.internal.serviceregistry.ServiceFactoryUse.getService(ServiceFactoryUse.java:111)
        at org.eclipse.osgi.internal.serviceregistry.ServiceConsumer$2.getService(ServiceConsumer.java:45)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.getService(ServiceRegistrationImpl.java:496)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.getService(ServiceRegistry.java:461)
        at org.eclipse.osgi.internal.framework.BundleContextImpl.getService(BundleContextImpl.java:619)
        at org.apache.felix.scr.impl.manager.SingleRefPair.getServiceObject(SingleRefPair.java:72)
        at org.apache.felix.scr.impl.inject.BindMethod.getServiceObject(BindMethod.java:648)
        at org.apache.felix.scr.impl.manager.DependencyManager.getServiceObject(DependencyManager.java:2201)
        at org.apache.felix.scr.impl.manager.DependencyManager$SingleStaticCustomizer.prebind(DependencyManager.java:1118)
        at org.apache.felix.scr.impl.manager.DependencyManager.prebind(DependencyManager.java:1520)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.collectDependencies(AbstractComponentManager.java:1005)
        at org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:859)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.activateInternal(AbstractComponentManager.java:748)
        at org.apache.felix.scr.impl.manager.DependencyManager$SingleStaticCustomizer.addedService(DependencyManager.java:1012)
        at org.apache.felix.scr.impl.manager.DependencyManager$SingleStaticCustomizer.addedService(DependencyManager.java:968)
        at org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.customizerAdded(ServiceTracker.java:1215)
        at org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.customizerAdded(ServiceTracker.java:1136)
        at org.apache.felix.scr.impl.manager.ServiceTracker$AbstractTracked.trackAdding(ServiceTracker.java:945)
        at org.apache.felix.scr.impl.manager.ServiceTracker$AbstractTracked.track(ServiceTracker.java:881)
        at org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.serviceChanged(ServiceTracker.java:1167)
        at org.apache.felix.scr.impl.BundleComponentActivator$ListenerInfo.serviceChanged(BundleComponentActivator.java:127)
        at org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:109)
        at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:917)
        at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
        at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:148)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:862)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:801)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:127)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:225)
        at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:464)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager$3.register(AbstractComponentManager.java:886)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager$3.register(AbstractComponentManager.java:873)
        at org.apache.felix.scr.impl.manager.RegistrationManager.changeRegistration(RegistrationManager.java:132)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.registerService(AbstractComponentManager.java:940)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.activateInternal(AbstractComponentManager.java:740)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.enableInternal(AbstractComponentManager.java:674)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.enable(AbstractComponentManager.java:429)
        at org.apache.felix.scr.impl.manager.ConfigurableComponentHolder.enableComponents(ConfigurableComponentHolder.java:657)
        at org.apache.felix.scr.impl.BundleComponentActivator.initialEnable(BundleComponentActivator.java:341)
        at org.apache.felix.scr.impl.Activator.loadComponents(Activator.java:403)
        at org.apache.felix.scr.impl.Activator.access$200(Activator.java:54)
        at org.apache.felix.scr.impl.Activator$ScrExtension.start(Activator.java:278)
        at org.apache.felix.utils.extender.AbstractExtender.createExtension(AbstractExtender.java:259)
        at org.apache.felix.utils.extender.AbstractExtender.modifiedBundle(AbstractExtender.java:232)
        at org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:482)
        at org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:1)
        at org.osgi.util.tracker.AbstractTracked.track(AbstractTracked.java:232)
        at org.osgi.util.tracker.BundleTracker$Tracked.bundleChanged(BundleTracker.java:444)
        at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:905)
        at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
        at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:148)
        at org.eclipse.osgi.internal.framework.EquinoxEventPublisher.publishBundleEventPrivileged(EquinoxEventPublisher.java:165)
        at org.eclipse.osgi.internal.framework.EquinoxEventPublisher.publishBundleEvent(EquinoxEventPublisher.java:75)
        at org.eclipse.osgi.internal.framework.EquinoxEventPublisher.publishBundleEvent(EquinoxEventPublisher.java:67)
        at org.eclipse.osgi.internal.framework.EquinoxContainerAdaptor.publishModuleEvent(EquinoxContainerAdaptor.java:102)
        at org.eclipse.osgi.container.Module.publishEvent(Module.java:461)
        at org.eclipse.osgi.container.Module.start(Module.java:452)
        at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1582)
        at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1562)
        at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.doContainerStartLevel(ModuleContainer.java:1533)
        at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1476)
        at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1)
        at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
        at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340)

      Workaround until it's fixed:
      In your database:
      Find:
      SELECT * FROM configuration where configurationId='com.liferay.portal.template.freemarker.configuration.FreeMarkerEngineConfiguration';

      You can see the dictionary the following (snippet):
      allowedClasses=[ \ "mistypedthisthing", \ ]

      Workaround: Delete the string and leave it empty:
      allowedClasses=[ \ "", \ ]

      Then restart the server.

      Attachments

        Activity

          People

            shuyang.zhou Shuyang Zhou
            tibor.jandi Tibor Jandi
            Kiyoshi Lee Kiyoshi Lee
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              5 years, 8 weeks, 1 day ago

              Packages

                Version Package
                7.0.0 DXP FP45
                7.0.6 CE GA7
                7.0.0 DXP SP8
                7.0.X
                7.1.0 M2
                7.1.X
                Master