Lotus Domino Java security issue using Google GSON

Question

Attempting to use the Google GSON library in a java method which is kicked off via an Xpage.

I can create the gson object without a problem but then when attempting to call gson.toJson(jsonObj) I'm getting the following error:

HTTP JVM: java.lang.SecurityException: not allowed to access members in class class java.util.HashMap

HTTP JVM: at lotus.notes.AgentSecurityManager.checkMemberAccess(Unknown Source)

HTTP JVM: at java.lang.Class.checkMemberAccess(Class.java:112)

HTTP JVM: at java.lang.Class.getDeclaredConstructor(Class.java:419)

The code:

HashMap<String, Object> jsonObj = new HashMap<String, Object>();
jsonObj.put("apiStatus", apiStatus);

Gson gson = new Gson();
String json = gson.toJson(jsonObj);  // Exception thrown on this line

I've seen something similar here but I've implemented both suggested policy changes, neither appear to have any effect:

grant { permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; };

grant codeBase "xspnsf://server:0/path/to/your/db.nsf/-" { permission java.security.AllPermission; };

Answer 1

If you don't like updating the security file on server file system you can avoid using gson and replace it with xpages own JSON serializer see my blog post here:

http://blog.tcl-digitrade.com/blogs/tcl-digitrade-blog.nsf/dx/28.01.2013090943DMABL6.htm

Answer 2

Here is almost the same exception:

Java Permission for Jackson on Domino XPage

Use

grant { permission java.security.AllPermission; };

It should work with that. If you don't want to keep it this open then check the syntax of your grant codeBase:

In this setting you have to change the path to your database (by replacing the /path/to/your/db.nsf/ only, not the server:0).