Deserialization error submitting forms to AEM Forms JEE

Found an interesting bug (feature?) in AEM Forms 6.2 where you can’t submit your forms to an AEM Forms JEE Workflows server, even after configuring the DSCConfigService.

The errors you will see are similar to the following:

25.11.2016 09:55:14.210 *ERROR* [14.2.208.49 [1480028113565] POST /content/forms/af/[link-to-your-form]/jcr:content/guideContainer.af.submit.jsp HTTP/1.1] com.adobe.aemds.guide.servlet.GuideSubmitServlet Could not complete Submit Action due to An exception occurred processing JSP page /libs/fd/afaddon/components/actions/lcprocess/post.POST.jsp at line 79
org.apache.sling.api.scripting.ScriptEvaluationException: An exception occurred processing JSP page /libs/fd/afaddon/components/actions/lcprocess/post.POST.jsp at line 79
	at org.apache.sling.scripting.core.impl.DefaultSlingScript.call(DefaultSlingScript.java:416)
...
Caused by: org.apache.sling.api.SlingException: An exception occurred processing JSP page /libs/fd/afaddon/components/actions/lcprocess/post.POST.jsp at line 79
	at org.apache.sling.scripting.jsp.jasper.servlet.JspServletWrapper.handleJspExceptionInternal(JspServletWrapper.java:683)
...
Caused by: com.adobe.aemds.guide.service.GuideException: Deserialization not allowed for class sun.util.calendar.ZoneInfo (on Fri Nov 25 09:55:14 AEDT 2016)
	at com.adobe.aemds.guide.addon.service.impl.GuideLCServiceConnectorImpl.invokeProcess(GuideLCServiceConnectorImpl.java:196)
...

Deserialization not allowed for class sun.util.calendar.ZoneInfo?? – that never happened in 6.1 or below…

Turns out you need to add the sun.util.* packages to the Deserialization Firewall config in OSGi (I didn’t even know that was a thing…). It is mentioned in the Adobe help but is very vague as to why.

The direct link to it on Publish would be similar to:

http://localhost:4503/system/console/configMgr/com.adobe.cq.deserfw.impl.DeserializationFirewallImpl

Just add a new package in the Whitelisted classes or packages prefixes and add the sun.util. package to it. Note the trailing period after “util”.

deserialization_firewall.png

Advertisements

A warning about changing the default Super Administrator password

aem_warningOne thing you should always do in your production instance is change the default passwords. Everyone does that right? riiiight

Well when you decide to change the default Super Administrator (administrator) password in AEM Forms Workflows 6.1 or 6.2 there is an unexpected side effect. After changing this password you would notice that it works fine when you test it so you go about your other tasks. Then you will notice that after a period of time you are automatically locked out!

Under the hood, there is an OSGi service that links the OSGi CRX instance to the JEE instance. This is called the Adobe LiveCycle Client SDK Configuration. This service constantly attempts to log into the JEE instance and do stuff. If you change the default administrator password, and don’t change this password, this service will lock your Super Administrator account out.

Great. How do I stop this?

It’s easy. Just open the OSGi system console and change the password in the configuration screen. You can open the config item directly from a browser. e.g.

http://localhost:8080/lc/system/console/configMgr/com.adobe.livecycle.dsc.clientsdk.internal.DSCConfigService

client_sdk_config.png

Ok…I’m already locked out. Now what?

The default unlock time is set to 30 minutes after 20 incorrect attempts, so you can change the OSGi password and wait 30 minutes…or you are super impatient like me and can bust out some SQL-fu.

Remember the password you set on the database when you installed the instance? You’re going to need that now. Don’t remember it? Sorry – you now have to wait. Go browse Reddit for a bit and come back…

First, start by installing a SQL editor for your particular database (I’m going to show MySQL since that is in the turnkey edition)

  1. First log in to your MySQL instance using the root account
    Manage Server Connections_mysql.png

2. Then enter the password by clicking Store in Vault… (this is the password that you used when you installed the instance). Click OK

database_password.png

3. Click Test Connection

 database_success.png

4. You should see a couple of adobe database instances (these will be the database names you specified during setup) I usually call mine ‘adobe’ or ‘adobe_wf’

database_schemas.png

5. Now locate the Super Admin account using the following SQL:

SELECT * FROM adobe.edcprincipalentity where canonicalname = 'SuperAdmin';

6. You should see the column countauthfailure has a number > 20 and islocked is set to 1 (locked)

database_unlock.png

7. Now you can either use the GUI to change the value or run the following SQL:

UPDATE adobe.edcprincipalentity 
SET islocked = 0 
WHERE canonicalname = 'SuperAdmin';

8. You should be able to log in to your Super Administrator account now

Its probably a good idea to create a second Super Administrator account just in case this happens again.

aemblog

Everything AEM aka CQ5 based on my experience listed here.

Adobe AEM The Right Way

Best practices, tips, and tricks for your Adobe AEM project

/home/bkondepudi

A WCM journey with Day/Adobe CQ

Technoracle (a.k.a. "Duane's World")

A multi-purpose toolkit for the Adobe LiveCycle and AEM Forms developer.

Adobe LiveCycle Blog

A multi-purpose toolkit for the Adobe LiveCycle and AEM Forms developer.

A multi-purpose toolkit for the Adobe LiveCycle and AEM Forms developer.

XFA@Mobile

A multi-purpose toolkit for the Adobe LiveCycle and AEM Forms developer.

Code Monkey

Ramblings of a Developer