You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by rm...@apache.org on 2016/03/01 19:15:43 UTC
tomee git commit: backporting changes on serialization and system
properties ordering
Repository: tomee
Updated Branches:
refs/heads/tomee-1.7.x 0d749467f -> c438f2407
backporting changes on serialization and system properties ordering
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/c438f240
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/c438f240
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/c438f240
Branch: refs/heads/tomee-1.7.x
Commit: c438f24073f71f9b3e7978b98536e7b70498637b
Parents: 0d74946
Author: Romain manni-Bucau <rm...@gmail.com>
Authored: Tue Mar 1 19:13:22 2016 +0100
Committer: Romain manni-Bucau <rm...@gmail.com>
Committed: Tue Mar 1 19:13:22 2016 +0100
----------------------------------------------------------------------
.../apache/openejb/arquillian/common/Setup.java | 16 ++++++++++++
.../arquillian/common/TomEEConfiguration.java | 9 +++++++
.../arquillian/common/TomEEContainer.java | 11 +++++++++
.../embedded/EmbeddedTomEEConfiguration.java | 11 ++++++++-
.../embedded/EmbeddedTomEEContainer.java | 2 ++
.../arquillian/remote/RemoteTomEEContainer.java | 8 ++++--
.../arquillian/webapp/TomEEWebappContainer.java | 8 ++++--
.../core/rmi/BlacklistClassResolver.java | 5 +++-
.../core/rmi/BlacklistClassResolverTest.java | 8 ++++++
.../apache/openejb/loader/SystemInstance.java | 17 ++++++++++---
pom.xml | 2 +-
.../openejb/client/EjbObjectInputStream.java | 26 +++++++++++++-------
.../apache/tomee/RemoteTomEEEJBContainer.java | 16 +++++++++++-
.../org/apache/tomee/installer/Installer.java | 8 ++++++
14 files changed, 126 insertions(+), 21 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tomee/blob/c438f240/arquillian/arquillian-tomee-common/src/main/java/org/apache/openejb/arquillian/common/Setup.java
----------------------------------------------------------------------
diff --git a/arquillian/arquillian-tomee-common/src/main/java/org/apache/openejb/arquillian/common/Setup.java b/arquillian/arquillian-tomee-common/src/main/java/org/apache/openejb/arquillian/common/Setup.java
index 06708f1..a4325a1 100644
--- a/arquillian/arquillian-tomee-common/src/main/java/org/apache/openejb/arquillian/common/Setup.java
+++ b/arquillian/arquillian-tomee-common/src/main/java/org/apache/openejb/arquillian/common/Setup.java
@@ -31,6 +31,7 @@ import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.io.InputStream;
+import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.Socket;
import java.util.Collection;
@@ -297,6 +298,13 @@ public class Setup {
properties.put("openejb.session.manager", "org.apache.tomee.catalina.session.QuickSessionManager");
}
+ if (configuration.isUnsafeEjbd() && "*".equals(properties.getProperty("tomee.serialization.class.blacklist", "-").trim())) {
+ properties.remove("tomee.serialization.class.blacklist");
+ properties.put("tomee.serialization.class.whitelist", "*");
+ System.setProperty("tomee.serialization.class.blacklist", System.getProperty("tomee.serialization.class.blacklist", "-"));
+ reloadClientSerializationConfig();
+ }
+
try {
IO.writeProperties(file, properties);
} catch (final IOException e) {
@@ -304,6 +312,14 @@ public class Setup {
}
}
+ public static void reloadClientSerializationConfig() {
+ try {
+ Thread.currentThread().getContextClassLoader().loadClass("org.apache.openejb.client.EjbObjectInputStream")
+ .getMethod("reloadResolverConfig").invoke(null);
+ } catch (final Exception e) {
+ // not a pb normally
+ }
+ }
public static void synchronizeFolder(final File tomeeHome, final String src, final String dir) {
if (src != null && !src.isEmpty()) {
http://git-wip-us.apache.org/repos/asf/tomee/blob/c438f240/arquillian/arquillian-tomee-common/src/main/java/org/apache/openejb/arquillian/common/TomEEConfiguration.java
----------------------------------------------------------------------
diff --git a/arquillian/arquillian-tomee-common/src/main/java/org/apache/openejb/arquillian/common/TomEEConfiguration.java b/arquillian/arquillian-tomee-common/src/main/java/org/apache/openejb/arquillian/common/TomEEConfiguration.java
index 230261c..265cb35 100644
--- a/arquillian/arquillian-tomee-common/src/main/java/org/apache/openejb/arquillian/common/TomEEConfiguration.java
+++ b/arquillian/arquillian-tomee-common/src/main/java/org/apache/openejb/arquillian/common/TomEEConfiguration.java
@@ -45,6 +45,7 @@ public class TomEEConfiguration implements ContainerConfiguration {
protected String portRange = ""; // only used if port < 0, empty means whatever, can be "1024-65535"
protected String preloadClasses; // just a client classloader.loadClass(), value is comma separated qualified names. Useful with maven resolver for instance
protected boolean quickSession = true;
+ protected boolean unsafeEjbd = true;
protected boolean unpackWars = true;
protected String properties = "";
@@ -53,6 +54,14 @@ public class TomEEConfiguration implements ContainerConfiguration {
protected boolean singleDumpByArchiveName;
protected Collection<String> singleDeploymentByArchiveName = Collections.emptyList();
+ public boolean isUnsafeEjbd() {
+ return unsafeEjbd;
+ }
+
+ public void setUnsafeEjbd(final boolean unsafeEjbd) {
+ this.unsafeEjbd = unsafeEjbd;
+ }
+
public boolean isUnpackWars() {
return unpackWars;
}
http://git-wip-us.apache.org/repos/asf/tomee/blob/c438f240/arquillian/arquillian-tomee-common/src/main/java/org/apache/openejb/arquillian/common/TomEEContainer.java
----------------------------------------------------------------------
diff --git a/arquillian/arquillian-tomee-common/src/main/java/org/apache/openejb/arquillian/common/TomEEContainer.java b/arquillian/arquillian-tomee-common/src/main/java/org/apache/openejb/arquillian/common/TomEEContainer.java
index e891e6c..4635254 100644
--- a/arquillian/arquillian-tomee-common/src/main/java/org/apache/openejb/arquillian/common/TomEEContainer.java
+++ b/arquillian/arquillian-tomee-common/src/main/java/org/apache/openejb/arquillian/common/TomEEContainer.java
@@ -75,6 +75,13 @@ public abstract class TomEEContainer<Configuration extends TomEEConfiguration> i
this.options = new Options(System.getProperties());
}
+ protected void resetSerialization() {
+ if (this.configuration.isUnsafeEjbd() && "-".equals(System.getProperty("tomee.serialization.class.blacklist"))) {
+ System.clearProperty("tomee.serialization.class.blacklist");
+ Setup.reloadClientSerializationConfig();
+ }
+ }
+
protected boolean isTestable(final Archive<?> archive, final DeploymentDescription deploymentDescription) {
return deploymentDescription != null
&& deploymentDescription.isArchiveDeployment()
@@ -196,6 +203,10 @@ public abstract class TomEEContainer<Configuration extends TomEEConfiguration> i
waitForShutdown(socket, 10);
} catch (final Exception e) {
throw new LifecycleException("Unable to stop TomEE", e);
+ } finally {
+ if (this.configuration.isUnsafeEjbd() && "-".equals(System.getProperty("tomee.serialization.class.blacklist"))) {
+ System.clearProperty("tomee.serialization.class.blacklist");
+ }
}
}
http://git-wip-us.apache.org/repos/asf/tomee/blob/c438f240/arquillian/arquillian-tomee-embedded/src/main/java/org/apache/openejb/arquillian/embedded/EmbeddedTomEEConfiguration.java
----------------------------------------------------------------------
diff --git a/arquillian/arquillian-tomee-embedded/src/main/java/org/apache/openejb/arquillian/embedded/EmbeddedTomEEConfiguration.java b/arquillian/arquillian-tomee-embedded/src/main/java/org/apache/openejb/arquillian/embedded/EmbeddedTomEEConfiguration.java
index 1e3deb4..e5e2faa 100644
--- a/arquillian/arquillian-tomee-embedded/src/main/java/org/apache/openejb/arquillian/embedded/EmbeddedTomEEConfiguration.java
+++ b/arquillian/arquillian-tomee-embedded/src/main/java/org/apache/openejb/arquillian/embedded/EmbeddedTomEEConfiguration.java
@@ -154,7 +154,16 @@ public class EmbeddedTomEEConfiguration extends TomEEConfiguration {
return new Properties();
}
- return toProperties(properties);
+ final Properties properties = toProperties(this.properties);
+ if (properties != null && isUnsafeEjbd() &&
+ "*".equals(properties.getProperty("tomee.serialization.class.blacklist", "-").trim())) {
+
+ properties.remove("tomee.serialization.class.blacklist");
+ properties.put("tomee.serialization.class.whitelist", "*");
+ System.setProperty("tomee.serialization.class.blacklist", System.getProperty("tomee.serialization.class.blacklist", "-"));
+ }
+
+ return properties;
}
private static Properties toProperties(final String value) {
http://git-wip-us.apache.org/repos/asf/tomee/blob/c438f240/arquillian/arquillian-tomee-embedded/src/main/java/org/apache/openejb/arquillian/embedded/EmbeddedTomEEContainer.java
----------------------------------------------------------------------
diff --git a/arquillian/arquillian-tomee-embedded/src/main/java/org/apache/openejb/arquillian/embedded/EmbeddedTomEEContainer.java b/arquillian/arquillian-tomee-embedded/src/main/java/org/apache/openejb/arquillian/embedded/EmbeddedTomEEContainer.java
index 3478732..ae890de 100644
--- a/arquillian/arquillian-tomee-embedded/src/main/java/org/apache/openejb/arquillian/embedded/EmbeddedTomEEContainer.java
+++ b/arquillian/arquillian-tomee-embedded/src/main/java/org/apache/openejb/arquillian/embedded/EmbeddedTomEEContainer.java
@@ -125,6 +125,8 @@ public class EmbeddedTomEEContainer extends TomEEContainer<EmbeddedTomEEConfigur
this.container.stop();
} catch (final Exception e) {
throw new LifecycleException("Unable to stop server", e);
+ } finally {
+ resetSerialization();
}
}
http://git-wip-us.apache.org/repos/asf/tomee/blob/c438f240/arquillian/arquillian-tomee-remote/src/main/java/org/apache/tomee/arquillian/remote/RemoteTomEEContainer.java
----------------------------------------------------------------------
diff --git a/arquillian/arquillian-tomee-remote/src/main/java/org/apache/tomee/arquillian/remote/RemoteTomEEContainer.java b/arquillian/arquillian-tomee-remote/src/main/java/org/apache/tomee/arquillian/remote/RemoteTomEEContainer.java
index 37cfb02..14a193e 100644
--- a/arquillian/arquillian-tomee-remote/src/main/java/org/apache/tomee/arquillian/remote/RemoteTomEEContainer.java
+++ b/arquillian/arquillian-tomee-remote/src/main/java/org/apache/tomee/arquillian/remote/RemoteTomEEContainer.java
@@ -269,8 +269,12 @@ public class RemoteTomEEContainer extends TomEEContainer<RemoteTomEEConfiguratio
// only stop the container if we started it
if (shutdown) {
- Setup.removeArquillianBeanDiscoverer(tomeeHome);
- container.destroy();
+ try {
+ Setup.removeArquillianBeanDiscoverer(tomeeHome);
+ container.destroy();
+ } finally {
+ resetSerialization();
+ }
}
}
http://git-wip-us.apache.org/repos/asf/tomee/blob/c438f240/arquillian/arquillian-tomee-webapp-remote/src/main/java/org/apache/tomee/arquillian/webapp/TomEEWebappContainer.java
----------------------------------------------------------------------
diff --git a/arquillian/arquillian-tomee-webapp-remote/src/main/java/org/apache/tomee/arquillian/webapp/TomEEWebappContainer.java b/arquillian/arquillian-tomee-webapp-remote/src/main/java/org/apache/tomee/arquillian/webapp/TomEEWebappContainer.java
index 381be1e..701a773 100644
--- a/arquillian/arquillian-tomee-webapp-remote/src/main/java/org/apache/tomee/arquillian/webapp/TomEEWebappContainer.java
+++ b/arquillian/arquillian-tomee-webapp-remote/src/main/java/org/apache/tomee/arquillian/webapp/TomEEWebappContainer.java
@@ -235,8 +235,12 @@ public class TomEEWebappContainer extends TomEEContainer<TomEEWebappConfiguratio
public void stop() throws LifecycleException {
// only stop the container if we started it
if (shutdown) {
- Setup.removeArquillianBeanDiscoverer(openejbHome);
- container.destroy();
+ try {
+ Setup.removeArquillianBeanDiscoverer(openejbHome);
+ container.destroy();
+ } finally {
+ resetSerialization();
+ }
}
}
http://git-wip-us.apache.org/repos/asf/tomee/blob/c438f240/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java b/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
index 1a07ec8..134db76 100644
--- a/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
+++ b/container/openejb-core/src/main/java/org/apache/openejb/core/rmi/BlacklistClassResolver.java
@@ -34,6 +34,9 @@ public class BlacklistClassResolver {
}
protected boolean isBlacklisted(final String name) {
+ if (name != null && name.startsWith("[L") && name.endsWith(";")) {
+ return isBlacklisted(name.substring(2, name.length() - 1));
+ }
return (whitelist != null && !contains(whitelist, name)) || contains(blacklist, name);
}
@@ -56,7 +59,7 @@ public class BlacklistClassResolver {
private static boolean contains(final String[] list, final String name) {
if (list != null) {
for (final String white : list) {
- if (name.startsWith(white)) {
+ if ("*".equals(white) || name.startsWith(white)) {
return true;
}
}
http://git-wip-us.apache.org/repos/asf/tomee/blob/c438f240/container/openejb-core/src/test/java/org/apache/openejb/core/rmi/BlacklistClassResolverTest.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/test/java/org/apache/openejb/core/rmi/BlacklistClassResolverTest.java b/container/openejb-core/src/test/java/org/apache/openejb/core/rmi/BlacklistClassResolverTest.java
index 1174be2..cef9873 100644
--- a/container/openejb-core/src/test/java/org/apache/openejb/core/rmi/BlacklistClassResolverTest.java
+++ b/container/openejb-core/src/test/java/org/apache/openejb/core/rmi/BlacklistClassResolverTest.java
@@ -38,4 +38,12 @@ public class BlacklistClassResolverTest {
public void whiteList() {
assertFalse(new BlacklistClassResolver(null, new String[] { "org.apache.xalan" }).isBlacklisted("org.apache.xalan.Foo"));
}
+
+ @Test
+ public void wildcard() {
+ final BlacklistClassResolver classResolver = new BlacklistClassResolver(new String[]{"*"}, new String[] {"white", "com.white"});
+ assertTrue(classResolver.isBlacklisted("white.Foo"));
+ assertTrue(classResolver.isBlacklisted("com.white.test"));
+ assertTrue(classResolver.isBlacklisted("other.test"));
+ }
}
http://git-wip-us.apache.org/repos/asf/tomee/blob/c438f240/container/openejb-loader/src/main/java/org/apache/openejb/loader/SystemInstance.java
----------------------------------------------------------------------
diff --git a/container/openejb-loader/src/main/java/org/apache/openejb/loader/SystemInstance.java b/container/openejb-loader/src/main/java/org/apache/openejb/loader/SystemInstance.java
index 4a84f6c..f96ba48 100644
--- a/container/openejb-loader/src/main/java/org/apache/openejb/loader/SystemInstance.java
+++ b/container/openejb-loader/src/main/java/org/apache/openejb/loader/SystemInstance.java
@@ -287,10 +287,13 @@ public final class SystemInstance {
return;
}
system = new SystemInstance(properties);
- readUserSystemProperties();
- readSystemProperties();
+ // WARNING: reverse order since we don't overwrite existing entries
readSystemProperties(get().currentProfile());
- System.getProperties().putAll(system.getProperties()); // if the user read System.getProperties() instead of our properties, used in bval-tomee tck for instance
+ readSystemProperties();
+ readUserSystemProperties();
+
+ // if the user read System.getProperties() instead of our properties, used in bval-tomee tck for instance
+ System.getProperties().putAll(system.getProperties());
initialized = true;
get().setProperty("openejb.profile.custom", Boolean.toString(!get().isDefaultProfile()));
}
@@ -356,7 +359,13 @@ public final class SystemInstance {
return;
}
- system.getProperties().putAll(systemProperties);
+ for (final String key : systemProperties.stringPropertyNames()) {
+ if (system.getProperty(key) == null) {
+ system.setProperty(key, systemProperties.getProperty(key));
+ }
+ }
+ // don't override system props
+ // system.getProperties().putAll(systemProperties);
}
public static SystemInstance get() {
http://git-wip-us.apache.org/repos/asf/tomee/blob/c438f240/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 1d21f82..fd756d9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -128,7 +128,7 @@
<jaxb.version>2.2.7</jaxb.version>
- <tomcat.version>7.0.67</tomcat.version>
+ <tomcat.version>7.0.68</tomcat.version>
<cxf.version>2.6.16</cxf.version>
<!--2.6.4 requires wss4j 1.6.8-->
http://git-wip-us.apache.org/repos/asf/tomee/blob/c438f240/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
----------------------------------------------------------------------
diff --git a/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java b/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
index 50df6ff..f20e375 100644
--- a/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
+++ b/server/openejb-client/src/main/java/org/apache/openejb/client/EjbObjectInputStream.java
@@ -21,12 +21,18 @@ import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.lang.reflect.Proxy;
+import java.util.concurrent.atomic.AtomicReference;
/**
* @version $Rev$ $Date$
*/
public class EjbObjectInputStream extends ObjectInputStream {
- public static final BlacklistClassResolver DEFAULT = new BlacklistClassResolver();
+ private static final AtomicReference<BlacklistClassResolver> RESOLVER_ATOMIC_REFERENCE =
+ new AtomicReference<BlacklistClassResolver>(new BlacklistClassResolver());
+
+ public static void reloadResolverConfig() {
+ RESOLVER_ATOMIC_REFERENCE.set(new BlacklistClassResolver());
+ }
public EjbObjectInputStream(final InputStream in) throws IOException {
super(in);
@@ -34,7 +40,7 @@ public class EjbObjectInputStream extends ObjectInputStream {
@Override
protected Class<?> resolveClass(final ObjectStreamClass classDesc) throws IOException, ClassNotFoundException {
- final String n = DEFAULT.check(classDesc.getName());
+ final String n = RESOLVER_ATOMIC_REFERENCE.get().check(classDesc.getName());
final ClassLoader classloader = getClassloader();
try {
return Class.forName(n, false, classloader);
@@ -89,15 +95,14 @@ public class EjbObjectInputStream extends ObjectInputStream {
}
public static class BlacklistClassResolver {
- private static final String[] WHITELIST = toArray(System.getProperty("tomee.serialization.class.whitelist"));
- private static final String[] BLACKLIST = toArray(System.getProperty(
- "tomee.serialization.class.blacklist", "org.codehaus.groovy.runtime.,org.apache.commons.collections.functors.,org.apache.xalan,java.lang.Process"));
-
private final String[] blacklist;
private final String[] whitelist;
protected BlacklistClassResolver() {
- this(BLACKLIST, WHITELIST);
+ this(toArray(System.getProperty(
+ "tomee.serialization.class.blacklist",
+ "org.codehaus.groovy.runtime.,org.apache.commons.collections.functors.,org.apache.xalan,java.lang.Process")),
+ toArray(System.getProperty("tomee.serialization.class.whitelist")));
}
protected BlacklistClassResolver(final String[] blacklist, final String[] whitelist) {
@@ -106,12 +111,15 @@ public class EjbObjectInputStream extends ObjectInputStream {
}
protected boolean isBlacklisted(final String name) {
+ if (name != null && name.startsWith("[L") && name.endsWith(";")) {
+ return isBlacklisted(name.substring(2, name.length() - 1));
+ }
return (whitelist != null && !contains(whitelist, name)) || contains(blacklist, name);
}
public final String check(final String name) {
if (isBlacklisted(name)) {
- throw new SecurityException(name + " is not whitelisted as deserialisable, prevented before loading.");
+ throw new SecurityException(name + " is not whitelisted as deserialisable, prevented before loading it.");
}
return name;
}
@@ -123,7 +131,7 @@ public class EjbObjectInputStream extends ObjectInputStream {
private static boolean contains(final String[] list, String name) {
if (list != null) {
for (final String white : list) {
- if (name.startsWith(white)) {
+ if ("*".equals(white) || name.startsWith(white)) {
return true;
}
}
http://git-wip-us.apache.org/repos/asf/tomee/blob/c438f240/tomee/apache-tomee/src/main/java/org/apache/tomee/RemoteTomEEEJBContainer.java
----------------------------------------------------------------------
diff --git a/tomee/apache-tomee/src/main/java/org/apache/tomee/RemoteTomEEEJBContainer.java b/tomee/apache-tomee/src/main/java/org/apache/tomee/RemoteTomEEEJBContainer.java
index 60b5583..002cef0 100644
--- a/tomee/apache-tomee/src/main/java/org/apache/tomee/RemoteTomEEEJBContainer.java
+++ b/tomee/apache-tomee/src/main/java/org/apache/tomee/RemoteTomEEEJBContainer.java
@@ -22,6 +22,7 @@ import org.apache.openejb.assembler.Deployer;
import org.apache.openejb.assembler.DeployerEjb;
import org.apache.openejb.client.RemoteInitialContextFactory;
import org.apache.openejb.config.RemoteServer;
+import org.apache.openejb.client.EjbObjectInputStream;
import org.apache.openejb.loader.IO;
import org.apache.tomee.util.QuickServerXmlParser;
@@ -119,13 +120,21 @@ public class RemoteTomEEEJBContainer extends EJBContainer {
final QuickServerXmlParser parser = QuickServerXmlParser.parse(new File(home, "conf/server.xml"));
final String remoteEjb = System.getProperty(Context.PROVIDER_URL, "http://" + parser.host() + ":" + parser.http() + "/tomee/ejb");
+ final String blacklist = System.getProperty("tomee.serialization.class.blacklist");
+ if (blacklist == null) {
+ System.setProperty("tomee.serialization.class.blacklist", "-");
+ EjbObjectInputStream.reloadResolverConfig();
+ }
try {
instance = new RemoteTomEEEJBContainer();
instance.container = new RemoteServer();
instance.container.setPortStartup(Integer.parseInt(parser.http()));
try {
- instance.container.start();
+ instance.container.start(Arrays.asList(
+ "-Dtomee.serialization.class.blacklist=" + System.getProperty("tomee.serialization.class.blacklist"),
+ "-Dopenejb.system.apps=true", "-Dtomee.remote.support=true"),
+ "start", true);
} catch (final Exception e) {
instance.container.destroy();
throw e;
@@ -167,6 +176,11 @@ public class RemoteTomEEEJBContainer extends EJBContainer {
throw (EJBException) e;
}
throw new TomEERemoteEJBContainerException("initialization exception", e);
+ } finally {
+ if (blacklist == null) {
+ System.clearProperty("tomee.serialization.class.blacklist");
+ EjbObjectInputStream.reloadResolverConfig();
+ }
}
} finally {
lock.unlock();
http://git-wip-us.apache.org/repos/asf/tomee/blob/c438f240/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java
----------------------------------------------------------------------
diff --git a/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java b/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java
index c5c5b75..9eb8712 100644
--- a/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java
+++ b/tomee/tomee-common/src/main/java/org/apache/tomee/installer/Installer.java
@@ -722,6 +722,14 @@ public class Installer implements InstallerInterface {
systemPropertiesWriter.write("# for more information please see http://tomee.apache.org/properties-listing.html\n");
systemPropertiesWriter.write("\n");
+ systemPropertiesWriter.write(
+ "# allowed packages to be deserialized, by security we denied all by default, " +
+ "tune tomee.serialization.class.whitelist packages to change it\n");
+ systemPropertiesWriter.write("# tomee.remote.support = true\n");
+ systemPropertiesWriter.write("tomee.serialization.class.blacklist = *\n");
+ systemPropertiesWriter.write("# tomee.serialization.class.whitelist = my.package\n");
+
+ systemPropertiesWriter.write("\n");
systemPropertiesWriter.write("# openejb.check.classloader = false\n");
systemPropertiesWriter.write("# openejb.check.classloader.verbose = false\n");