You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by rm...@apache.org on 2016/03/15 20:36:33 UTC
tomee git commit: TOMEE-1736 enhancing deserialization message
Repository: tomee
Updated Branches:
refs/heads/master 7674cbb92 -> 0258cb20c
TOMEE-1736 enhancing deserialization message
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/0258cb20
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/0258cb20
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/0258cb20
Branch: refs/heads/master
Commit: 0258cb20cc4a46a6fbb1233100c967dafd375db3
Parents: 7674cbb
Author: Romain manni-Bucau <rm...@gmail.com>
Authored: Tue Mar 15 20:36:22 2016 +0100
Committer: Romain manni-Bucau <rm...@gmail.com>
Committed: Tue Mar 15 20:36:22 2016 +0100
----------------------------------------------------------------------
.../org/apache/openejb/core/rmi/BlacklistClassResolver.java | 5 ++++-
.../java/org/apache/openejb/client/EjbObjectInputStream.java | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tomee/blob/0258cb20/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java b/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
index 134db76..67271d8 100644
--- a/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
+++ b/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
@@ -47,7 +47,10 @@ public class BlacklistClassResolver {
public final String check(final String name) {
if (isBlacklisted(name)) {
- throw new SecurityException(name + " is not whitelisted as deserialisable, prevented before loading.");
+ throw new SecurityException(name + " is not whitelisted as deserialisable, prevented before loading it, " +
+ "customize tomee.serialization.class.blacklist and tomee.serialization.class.whitelist to add it to not fail there. " +
+ "-Dtomee.serialization.class.blacklist=- -Dtomee.serialization.class.whitelist=" + name +
+ " for instance (or in conf/system.properties).");
}
return name;
}
http://git-wip-us.apache.org/repos/asf/tomee/blob/0258cb20/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
----------------------------------------------------------------------
diff --git a/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java b/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
index fa87952..e98d5fd 100644
--- a/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
+++ b/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
@@ -119,7 +119,10 @@ public class EjbObjectInputStream extends ObjectInputStream {
public final String check(final String name) {
if (isBlacklisted(name)) {
- throw new SecurityException(name + " is not whitelisted as deserialisable, prevented before loading it.");
+ throw new SecurityException(name + " is not whitelisted as deserialisable, prevented before loading it, " +
+ "customize tomee.serialization.class.blacklist and tomee.serialization.class.whitelist to add it to not fail there. " +
+ "-Dtomee.serialization.class.blacklist=- -Dtomee.serialization.class.whitelist=" + name +
+ " for instance (or in conf/system.properties).");
}
return name;
}