You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by rm...@apache.org on 2015/12/15 11:07:52 UTC
[3/3] tomee git commit: excluding java.lang.Process from default
deserializable classes + ensuring openejb-client BlacklistClassResolver uses
the same config as server one by default
excluding java.lang.Process from default deserializable classes + ensuring openejb-client BlacklistClassResolver uses the same config as server one by default
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/15c64360
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/15c64360
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/15c64360
Branch: refs/heads/master
Commit: 15c64360f610aac9bd13dd370bc9e0f36417b045
Parents: 3f29ce1
Author: Romain Manni-Bucau <rm...@gmail.com>
Authored: Tue Dec 15 11:07:53 2015 +0100
Committer: Romain Manni-Bucau <rm...@gmail.com>
Committed: Tue Dec 15 11:07:53 2015 +0100
----------------------------------------------------------------------
.../apache/openejb/core/rmi/BlacklistClassResolver.java | 2 +-
.../org/apache/openejb/client/EjbObjectInputStream.java | 11 +++++++----
2 files changed, 8 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tomee/blob/15c64360/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java b/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
index 0d3b994..1a07ec8 100644
--- a/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
+++ b/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
@@ -22,7 +22,7 @@ public class BlacklistClassResolver {
public static final BlacklistClassResolver DEFAULT = new BlacklistClassResolver(
toArray(System.getProperty(
"tomee.serialization.class.blacklist",
- "org.codehaus.groovy.runtime.,org.apache.commons.collections.functors.,org.apache.xalan")),
+ "org.codehaus.groovy.runtime.,org.apache.commons.collections.functors.,org.apache.xalan,java.lang.Process")),
toArray(System.getProperty("tomee.serialization.class.whitelist")));
private final String[] blacklist;
http://git-wip-us.apache.org/repos/asf/tomee/blob/15c64360/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
----------------------------------------------------------------------
diff --git a/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java b/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
index bb9ea83..1a0abe7 100644
--- a/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
+++ b/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
@@ -26,9 +26,7 @@ import java.lang.reflect.Proxy;
* @version $Rev$ $Date$
*/
public class EjbObjectInputStream extends ObjectInputStream {
- public static final BlacklistClassResolver DEFAULT = new BlacklistClassResolver(
- new String[]{"org.codehaus.groovy.runtime.", "org.apache.commons.collections.functors.", "org.apache.xalan"},
- null);
+ private static final BlacklistClassResolver DEFAULT = new BlacklistClassResolver();
public EjbObjectInputStream(final InputStream in) throws IOException {
super(in);
@@ -92,11 +90,16 @@ public class EjbObjectInputStream extends ObjectInputStream {
public static class BlacklistClassResolver {
private static final String[] WHITELIST = toArray(System.getProperty("tomee.serialization.class.whitelist"));
- private static final String[] BLACKLIST = toArray(System.getProperty("tomee.serialization.class.blacklist"));
+ private static final String[] BLACKLIST = toArray(System.getProperty(
+ "tomee.serialization.class.blacklist", "org.codehaus.groovy.runtime.,org.apache.commons.collections.functors.,org.apache.xalan,java.lang.Process"));
private final String[] blacklist;
private final String[] whitelist;
+ protected BlacklistClassResolver() {
+ this(BLACKLIST, WHITELIST);
+ }
+
protected BlacklistClassResolver(final String[] blacklist, final String[] whitelist) {
this.whitelist = whitelist;
this.blacklist = blacklist;