Gaining an AccessControlException when creating Gson in GAE. What for?

I am writing a servlet for GAE that responds with a simple serialization of JSON POJO. The thing is, I get an AccessControlException when I create the Gson object myself, even before creating an instance of the object I want to serialize (!).

method:

 @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { MyObject object = new MyObject(); Gson gson = new Gson(); // here it throws String json = gson.toJson(object); resp.setContentType("application/json"); resp.setContentLength(json.length()); resp.setCharacterEncoding("UTF-8"); resp.getWriter().write(json); } 

any ideas?

stacktrace (sorry for the thread):

 java.lang.ExceptionInInitializerError at com.google.gson.Gson.<init>(Gson.java:149) at com.foodblox.server.RecipeServlet.doPost(RecipeServlet.java:39) at com.foodblox.server.RecipeServlet.doGet(RecipeServlet.java:21) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166) at com.google.appengine.api.blobstore.dev.ServeBlobFilter.doFilter(ServeBlobFilter.java:58) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:122) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:70) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at com.google.appengine.tools.development.JettyContainerService$ApiProxyHandler.handle(JettyContainerService.java:351) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:547) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582) Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.ClassLoader$1.run(ClassLoader.java:331) at java.security.AccessController.doPrivileged(Native Method) at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:329) at com.google.gson.MappedObjectConstructor.getUnsafe(MappedObjectConstructor.java:61) at com.google.gson.MappedObjectConstructor.<clinit>(MappedObjectConstructor.java:41) ... 30 more java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.misc) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at java.lang.ClassLoader$1.run(ClassLoader.java:331) at java.security.AccessController.doPrivileged(Native Method) at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:329) at com.google.gson.MappedObjectConstructor.getUnsafe(MappedObjectConstructor.java:61) at com.google.gson.MappedObjectConstructor.<clinit>(MappedObjectConstructor.java:41) at com.google.gson.Gson.<init>(Gson.java:149) 

Update

• gson revision 730
• GAE 1.4.2

managed to get around the problem with this patch:

 Index: gson/src/main/java/com/google/gson/MappedObjectConstructor.java =================================================================== --- gson/src/main/java/com/google/gson/MappedObjectConstructor.java (revision 730) +++ gson/src/main/java/com/google/gson/MappedObjectConstructor.java (working copy) @@ -57,7 +57,8 @@ } private static Unsafe getUnsafe() { - try { + return null; +/* try { Field f = Unsafe.class.getDeclaredField("theUnsafe"); f.setAccessible(true); return (Unsafe) f.get(null); @@ -66,7 +67,7 @@ } catch (IllegalAccessException e) { throw new Error(); } - } +*/ } public Object constructArray(Type type, int length) { return Array.newInstance(Types.getRawType(type), length);