Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

Some form pages fail to show the content with error Unable to deserialize object

Written By

Rafael Regner

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

Issue

  • When trying to view a form page with an associated custom portlet, the page failed to render the form.
  • The portal log shows the following error: 
2021-01-26 00:04:23.021 ERROR [ajp-nio-127.0.0.1-8009-exec-227][JSONWebServiceServiceAction:126] Unable to deserialize object
2021-01-26 00:05:23.101 ERROR [ajp-nio-127.0.0.1-8009-exec-268][JSONWebServiceServiceAction:126] com.mchange.v2.c3p0.WrapperConnectionPoolDataSource is not allowed to be instantiated

Environment

  • Liferay DXP 7.0 Fix Pack 65+
  • Liferay DXP 7.1 Fix Pack 4+
  • Liferay DXP 7.2

Resolution

  • The behavior is due to the correction of the LSV-412 vulnerability.

  • The portal property json.deserialization.whitelist.class.names has been added to control which classes are allowed to be deserialized from a JSON request.

  • If you have any custom classes that should be allowed to be deserialized from a JSON request, please add them to the property as follows: 
    #
    # Input a list of comma delimited class names that can be deserialized using
    # JSONFactory.
    #
    # Env: LIFERAY_JSON_PERIOD_DESERIALIZATION_PERIOD_WHITELIST_PERIOD_CLASS_PERIOD_NAMES
    #
    json.deserialization.whitelist.class.names=\
        com.liferay.portal.kernel.cal.DayAndPosition,\
        com.liferay.portal.kernel.cal.Duration,\
        com.liferay.portal.kernel.cal.TZSRecurrence,\
        com.liferay.portal.kernel.messaging.Message,\
        com.liferay.portal.kernel.model.PortletPreferencesIds,\
        com.liferay.portal.kernel.security.auth.HttpPrincipal,\
        com.liferay.portal.kernel.service.permission.ModelPermissions,\
        com.liferay.portal.kernel.service.ServiceContext,\
        com.liferay.portal.kernel.util.LongWrapper,\
        com.liferay.portlet.messageboards.messaging.MailingListRequest,\
        java.util.GregorianCalendar,\
        java.util.Locale,\
        java.util.TimeZone,\
        sun.util.calendar.ZoneInfo,\
        com.mchange.v2.c3p0.WrapperConnectionPoolDataSource
Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?