These old forums are deprecated now and set to read-only. We are waiting for you on our new forums!
More modern, Discourse-based and with GitHub/Google/Twitter authentication built-in.

View unanswered posts | View active topics


Board index » Hibernate & Java Persistence » NHibernate Users

All times are UTC - 5 hours [ DST ]


Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 5 posts ] 
  Previous topic | Next topic 
Author Message
luedi
 Post subject: Security Exception in Nullables with .NET remoting
PostPosted: Sat Jan 27, 2007 12:56 am 
Regular
Regular

Joined: Tue Feb 21, 2006 9:50 am
Posts: 107
Hi all,

i'm working with NHibernate 1.0.2 on a .NET 1.1 windows forms "smart client" application which is mainly a client / server application with some functionality placed on an application server because of complexity. The communication between client and application server is handled via .NET Remoting. Yesterday i implemented a function which takes one of our model classes as parameter. These classes uses Nullables package to map nullable database columns to our model. When i call the service, regardless if via soap or binary protocol, i will get a security exception:

Code:
System.Runtime.Serialization.SerializationException: Because of security restrictions, the type Nullables.NullableDateTime cannot be accessed. ---> System.Security.SecurityException: Request failed.
   at System.Security.SecurityRuntime.FrameDescSetHelper(FrameSecurityDescriptor secDesc, PermissionSet demandSet, PermissionSet& alteredDemandSet)
   at System.Runtime.Serialization.FormatterServices.nativeGetSafeUninitializedObject(RuntimeType type)
   at System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Type type)
   --- End of inner exception stack trace ---

Server stack trace:
   at System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Type type)
   at System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseObject(ParseRecord pr)
   at System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseMember(ParseRecord pr)
   at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Parse(ParseRecord pr)
   at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryObjectWithMapTyped record)
   at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryHeaderEnum binaryHeaderEnum)
   at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run()
   at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, IMethodCallMessage methodCallMessage)
   at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, IMethodCallMessage methodCallMessage)
   at System.Runtime.Remoting.Channels.CoreChannel.DeserializeBinaryRequestMessage(String objectUri, Stream inputStream, Boolean bStrictBinding, TypeFilterLevel securityLevel)
   at System.Runtime.Remoting.Channels.BinaryServerFormatterSink.ProcessMessage(IServerChannelSinkStack sinkStack, IMessage requestMsg, ITransportHeaders requestHeaders, Stream requestStream, IMessage& responseMsg, ITransportHeaders& responseHeaders, Stream& responseStream)


I took a look on the sourcecode of the NullableDateTime class. What i see is, that the class is marked as Serializable. So it should be no problem to transport an instance via remoting. But what i also noticed is, that a type converter is attached. The type converter is not marked as serializable. May this cause my problem?

Thanks in advance for your help
Klaus
Top
 Profile  
 
luedi
 Post subject:
PostPosted: Sat Jan 27, 2007 6:35 am 
Regular
Regular

Joined: Tue Feb 21, 2006 9:50 am
Posts: 107
meanwhile i have tested my application with NHibernate 1.2 Beta 3. With this version the remoting call works. I wonder that no changes where made in the NullableDateTime class. So the problem seems to be inside NHibernate. I took a look in the forum for similar issues but all i have found didn't help.

I can't switch to NHibernate 1.2 for several reasons. One is that it's a policy in our company not to use Beta releases in a productive environment. Also i have recognized different behavior in my application after changing to 1.2.

Regards
Klaus
Top
 Profile  
 
luedi
 Post subject:
PostPosted: Tue Jan 30, 2007 9:01 am 
Regular
Regular

Joined: Tue Feb 21, 2006 9:50 am
Posts: 107
After comparing 1.0.x with 1.2 i found the reason for my problem. The security exception is thrown because the NHibernate and NHibernateContrib dll's don't define the AllowPartiallyTrustedCallersAttribute in the assemblyinfo.cs. After adding this attribute and recompiling the NHibernate source everything works fine for me.

My question to the developers: can you add the attribute to the 1.0.x versions or do you see any problems to do this?

Regards
Klaus
Top
 Profile  
 
sergey
 Post subject:
PostPosted: Tue Jan 30, 2007 10:18 am 
Contributor
Contributor

Joined: Wed May 11, 2005 4:59 pm
Posts: 1766
Location: Prague, Czech Republic
It won't be added to 1.0.x since that branch is not under active development anymore. And you can build your own APTCA-enabled version from source as you did.
Top
 Profile  
 
luedi
 Post subject:
PostPosted: Tue Jan 30, 2007 1:18 pm 
Regular
Regular

Joined: Tue Feb 21, 2006 9:50 am
Posts: 107
i have discussed this with my team and for us it's ok to build our own release.

Regards
Klaus
Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 5 posts ] 

Board index » Hibernate & Java Persistence » NHibernate Users

All times are UTC - 5 hours [ DST ]

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
© Copyright 2014, Red Hat Inc. All rights reserved. JBoss and Hibernate are registered trademarks and servicemarks of Red Hat, Inc.