You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by rm...@apache.org on 2015/12/15 11:07:52 UTC

[3/3] tomee git commit: excluding java.lang.Process from default deserializable classes + ensuring openejb-client BlacklistClassResolver uses the same config as server one by default

excluding java.lang.Process from default deserializable classes + ensuring openejb-client BlacklistClassResolver uses the same config as server one by default


Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/15c64360
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/15c64360
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/15c64360

Branch: refs/heads/master
Commit: 15c64360f610aac9bd13dd370bc9e0f36417b045
Parents: 3f29ce1
Author: Romain Manni-Bucau <rm...@gmail.com>
Authored: Tue Dec 15 11:07:53 2015 +0100
Committer: Romain Manni-Bucau <rm...@gmail.com>
Committed: Tue Dec 15 11:07:53 2015 +0100

----------------------------------------------------------------------
 .../apache/openejb/core/rmi/BlacklistClassResolver.java  |  2 +-
 .../org/apache/openejb/client/EjbObjectInputStream.java  | 11 +++++++----
 2 files changed, 8 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tomee/blob/15c64360/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java b/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
index 0d3b994..1a07ec8 100644
--- a/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
+++ b/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
@@ -22,7 +22,7 @@ public class BlacklistClassResolver {
     public static final BlacklistClassResolver DEFAULT = new BlacklistClassResolver(
         toArray(System.getProperty(
             "tomee.serialization.class.blacklist",
-            "org.codehaus.groovy.runtime.,org.apache.commons.collections.functors.,org.apache.xalan")),
+            "org.codehaus.groovy.runtime.,org.apache.commons.collections.functors.,org.apache.xalan,java.lang.Process")),
         toArray(System.getProperty("tomee.serialization.class.whitelist")));
 
     private final String[] blacklist;

http://git-wip-us.apache.org/repos/asf/tomee/blob/15c64360/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
----------------------------------------------------------------------
diff --git a/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java b/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
index bb9ea83..1a0abe7 100644
--- a/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
+++ b/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
@@ -26,9 +26,7 @@ import java.lang.reflect.Proxy;
  * @version $Rev$ $Date$
  */
 public class EjbObjectInputStream extends ObjectInputStream {
-    public static final BlacklistClassResolver DEFAULT = new BlacklistClassResolver(
-        new String[]{"org.codehaus.groovy.runtime.", "org.apache.commons.collections.functors.", "org.apache.xalan"},
-        null);
+    private static final BlacklistClassResolver DEFAULT = new BlacklistClassResolver();
 
     public EjbObjectInputStream(final InputStream in) throws IOException {
         super(in);
@@ -92,11 +90,16 @@ public class EjbObjectInputStream extends ObjectInputStream {
 
     public static class BlacklistClassResolver {
         private static final String[] WHITELIST = toArray(System.getProperty("tomee.serialization.class.whitelist"));
-        private static final String[] BLACKLIST = toArray(System.getProperty("tomee.serialization.class.blacklist"));
+        private static final String[] BLACKLIST = toArray(System.getProperty(
+            "tomee.serialization.class.blacklist", "org.codehaus.groovy.runtime.,org.apache.commons.collections.functors.,org.apache.xalan,java.lang.Process"));
 
         private final String[] blacklist;
         private final String[] whitelist;
 
+        protected BlacklistClassResolver() {
+            this(BLACKLIST, WHITELIST);
+        }
+
         protected BlacklistClassResolver(final String[] blacklist, final String[] whitelist) {
             this.whitelist = whitelist;
             this.blacklist = blacklist;