After an upgrade Alfresco form version 5.2 to version 6.2 it became unstable: sometimes we got :
org.mybatis.spring.MyBatisSystemException: nested exception is org.mybatis.spring.MyBatisSystemException: nested exception is org.apache.ibatis.reflection.ReflectionException: Error instantiating class java.util.ArrayList with invalid types () or values
From the lock at the error stack so far it is quite clear that an issue with Java security manager and granted code permissions is the cause of this:
ndfund-acs_1 | org.mybatis.spring.MyBatisSystemException: nested exception is org.mybatis.spring.MyBatisSystemException: nested exception is org.apache.ibatis.reflection.ReflectionException: Error instantiating class java.util.ArrayList with invalid types () or values (). Cause: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")
ndfund-acs_1 | at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
ndfund-acs_1 | at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
ndfund-acs_1 | at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
ndfund-acs_1 | at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
ndfund-acs_1 | at java.base/java.util.concurrent.ForkJoinTask.getThrowableException(ForkJoinTask.java:600)
ndfund-acs_1 | at java.base/java.util.concurrent.ForkJoinTask.reportException(ForkJoinTask.java:678)
ndfund-acs_1 | at java.base/java.util.concurrent.ForkJoinTask.invoke(ForkJoinTask.java:737)
ndfund-acs_1 | at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateParallel(ReduceOps.java:919)
ndfund-acs_1 | at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:233)
ndfund-acs_1 | at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
ndfund-acs_1 | at com.ecmc.alfresco.rst.nd.reports.data.Form11NSSEverything.generateBeanData(Form11NSSEverything.java:181)
Configuration of policy files and mode of customisation deployment need to be checked. It must be ensured that both the Alfresco web application as well as any extensions deployed into it or on some classpath extension paths are covered by the typical AllPermission grant.
I have checked permissions granted to all web applications in catalina.policy, Actually this error is not reproducible well. This exeception doesn't rise when I remove .parallel(). and use single thread stream processing .
This exception comes from the Java Security manager. If you are using the Alfresco docker images, the security manager is enabled by default. If you have done a non-docker installation, you are launching tomcat using the "-security" switch. While the security manager is recommended because it makes your installation more secure, it is not required.
If you are using Alfresco's docker images, you will need to modify the docker-compose.yml file and specify a "command" argument for the "alfresco" service. Out of the box, the "command" argument is ["catalina.sh" "run" "-security"]. You need to remove the "-security" flag. For example:
Using parallel execution causes threads to spawn with no security configuration. This means that for this situation, you cannot use parallel execution unless you disable the security manager. So your choices are to disable the security manager using the above steps or to use serial execution.