Details
L3 - Default Description
Problem:
The MapJacksonJsonTypeDetector constructs the type of objects by using the first element inside the map. This leads to a situation where the object type name of complex variables name may change to a concrete type, but the serialized value cannot be deserialized anymore.
How to determine if the installation is affected?
- Camunda Spin is used in one of the following version:
- 1.7.4 (for 7.12)
- 1.6.12 (for 7.11 & 7.10)
- 1.5.9 (for 7.9)
- An object is serialized with Camunda Spin with the following options:
- Serialization format application/json is used to serialize an object
- Object type name is
- java.lang.Object
- or any instance of a Map<Object, Object>
Example:
- Start a process instance
ObjectValue variable = Variables .serializedObjectValue("{\"someObject\": [{\"firstItem\": \"aaa\", \"secondItem\": \"aaa\"}], \"otherItem\": \"\"}") .objectTypeName("java.lang.Object") .serializationDataFormat(Variables.SerializationDataFormats.JSON) .create(); runtimeService.startProcessInstanceByKey("oneTaskProcess", Variables.createVariables().putValue("foo", variable));
- Fetch all variables for the first time -> the object type name changes to LinkedHashMap<String, ArrayList>
runtimeService.createVariableInstanceQuery().list();
- Fetch all variables for the second time
runtimeService.createVariableInstanceQuery().list();
The deserialization fails with the following exception:
17:26:56.092 [main] DEBUG org.camunda.bpm.engine.cmd - ENGINE-13015 exception while getting value for variable Cannot deserialize object in variable 'foo': SPIN/JACKSON-JSON-01006 Cannot deserialize '{"someObje...' to java type '[map type; class java.util.LinkedHashMap, [simple type, class java.lang.String] -> [collection type; class java.util.ArrayList, contains [simple type, class java.lang.Object]]]' org.camunda.bpm.engine.ProcessEngineException: Cannot deserialize object in variable 'foo': SPIN/JACKSON-JSON-01006 Cannot deserialize '{"someObje...' to java type '[map type; class java.util.LinkedHashMap, [simple type, class java.lang.String] -> [collection type; class java.util.ArrayList, contains [simple type, class java.lang.Object]]]' at org.camunda.bpm.engine.impl.variable.serializer.AbstractSerializableValueSerializer.readValue(AbstractSerializableValueSerializer.java:85) ~[classes/:na] at org.camunda.bpm.engine.impl.variable.serializer.AbstractSerializableValueSerializer.readValue(AbstractSerializableValueSerializer.java:1) ~[classes/:na] at org.camunda.bpm.engine.impl.persistence.entity.util.TypedValueField.getTypedValue(TypedValueField.java:96) ~[classes/:na] at org.camunda.bpm.engine.impl.persistence.entity.VariableInstanceEntity.getTypedValue(VariableInstanceEntity.java:269) ~[classes/:na] at org.camunda.bpm.engine.impl.VariableInstanceQueryImpl.executeList(VariableInstanceQueryImpl.java:192) ~[classes/:na] at org.camunda.bpm.engine.impl.AbstractQuery.evaluateExpressionsAndExecuteList(AbstractQuery.java:216) [classes/:na] at org.camunda.bpm.engine.impl.AbstractQuery.execute(AbstractQuery.java:192) [classes/:na] at org.camunda.bpm.engine.impl.interceptor.CommandExecutorImpl.execute(CommandExecutorImpl.java:28) [classes/:na] at org.camunda.bpm.engine.impl.interceptor.CommandContextInterceptor.execute(CommandContextInterceptor.java:110) [classes/:na] at org.camunda.bpm.engine.impl.interceptor.ProcessApplicationContextInterceptor.execute(ProcessApplicationContextInterceptor.java:70) [classes/:na] at org.camunda.bpm.engine.impl.interceptor.LogInterceptor.execute(LogInterceptor.java:33) [classes/:na] at org.camunda.bpm.engine.impl.AbstractQuery.executeResult(AbstractQuery.java:159) [classes/:na] at org.camunda.bpm.engine.impl.AbstractQuery.list(AbstractQuery.java:141) [classes/:na] at org.camunda.spin.plugin.variables.JavaSerializationTest.testFoo(JavaSerializationTest.java:149) [test-classes/:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_202] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_202] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_202] at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_202] at junit.framework.TestCase.runTest(TestCase.java:176) [junit-4.12.jar:4.12] at junit.framework.TestCase.runBare(TestCase.java:141) [junit-4.12.jar:4.12] at org.camunda.bpm.engine.impl.test.AbstractProcessEngineTestCase.runBare(AbstractProcessEngineTestCase.java:115) [classes/:na] at junit.framework.TestResult$1.protect(TestResult.java:122) [junit-4.12.jar:4.12] at junit.framework.TestResult.runProtected(TestResult.java:142) [junit-4.12.jar:4.12] at junit.framework.TestResult.run(TestResult.java:125) [junit-4.12.jar:4.12] at junit.framework.TestCase.run(TestCase.java:129) [junit-4.12.jar:4.12] at junit.framework.TestSuite.runTest(TestSuite.java:252) [junit-4.12.jar:4.12] at junit.framework.TestSuite.run(TestSuite.java:247) [junit-4.12.jar:4.12] at org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:86) [junit-4.12.jar:4.12] at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:89) [.cp/:na] at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:41) [.cp/:na] at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:541) [.cp/:na] at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:763) [.cp/:na] at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:463) [.cp/:na] at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:209) [.cp/:na] Caused by: org.camunda.spin.json.SpinJsonException: SPIN/JACKSON-JSON-01006 Cannot deserialize '{"someObje...' to java type '[map type; class java.util.LinkedHashMap, [simple type, class java.lang.String] -> [collection type; class java.util.ArrayList, contains [simple type, class java.lang.Object]]]' at org.camunda.spin.impl.json.jackson.JacksonJsonLogger.unableToDeserialize(JacksonJsonLogger.java:69) ~[classes/:na] at org.camunda.spin.impl.json.jackson.format.JacksonJsonDataFormatMapper.mapInternalToJava(JacksonJsonDataFormatMapper.java:100) ~[classes/:na] at org.camunda.spin.impl.json.jackson.format.JacksonJsonDataFormatMapper.mapInternalToJava(JacksonJsonDataFormatMapper.java:84) ~[classes/:na] at org.camunda.spin.plugin.impl.SpinObjectValueSerializer.deserializeFromByteArray(SpinObjectValueSerializer.java:101) ~[classes/:na] at org.camunda.bpm.engine.impl.variable.serializer.AbstractObjectValueSerializer.deserializeFromByteArray(AbstractObjectValueSerializer.java:113) ~[classes/:na] at org.camunda.bpm.engine.impl.variable.serializer.AbstractSerializableValueSerializer.readValue(AbstractSerializableValueSerializer.java:83) ~[classes/:na] ... 33 common frames omitted Caused by: com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot construct instance of `java.util.ArrayList` (although at least one Creator exists): no String-argument constructor/factory method to deserialize from String value ('') at [Source: UNKNOWN; line: -1, column: -1] (through reference chain: java.util.LinkedHashMap["otherItem"]) at com.fasterxml.jackson.databind.exc.MismatchedInputException.from(MismatchedInputException.java:63) ~[jackson-databind-2.10.0.jar:2.10.0] at com.fasterxml.jackson.databind.DeserializationContext.reportInputMismatch(DeserializationContext.java:1429) ~[jackson-databind-2.10.0.jar:2.10.0] at com.fasterxml.jackson.databind.DeserializationContext.handleMissingInstantiator(DeserializationContext.java:1059) ~[jackson-databind-2.10.0.jar:2.10.0] at com.fasterxml.jackson.databind.deser.ValueInstantiator._createFromStringFallbacks(ValueInstantiator.java:371) ~[jackson-databind-2.10.0.jar:2.10.0] at com.fasterxml.jackson.databind.deser.ValueInstantiator.createFromString(ValueInstantiator.java:258) ~[jackson-databind-2.10.0.jar:2.10.0] at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:242) ~[jackson-databind-2.10.0.jar:2.10.0] at com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:27) ~[jackson-databind-2.10.0.jar:2.10.0] at com.fasterxml.jackson.databind.deser.std.MapDeserializer._readAndBindStringKeyMap(MapDeserializer.java:527) ~[jackson-databind-2.10.0.jar:2.10.0] at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:364) ~[jackson-databind-2.10.0.jar:2.10.0] at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:29) ~[jackson-databind-2.10.0.jar:2.10.0] at com.fasterxml.jackson.databind.ObjectMapper._readValue(ObjectMapper.java:4173) ~[jackson-databind-2.10.0.jar:2.10.0] at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2536) ~[jackson-databind-2.10.0.jar:2.10.0] at org.camunda.spin.impl.json.jackson.format.JacksonJsonDataFormatMapper.mapInternalToJava(JacksonJsonDataFormatMapper.java:98) ~[classes/:na] ... 37 common frames omitted