You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2016/03/18 11:38:57 UTC
svn commit: r1735571 - in /ofbiz/branches/release14.12: ./ framework/base/
framework/base/config/ framework/common/servicedef/ framework/service/
framework/start/src/org/ofbiz/base/start/
Author: jleroux
Date: Fri Mar 18 10:38:57 2016
New Revision: 1735571
URL: http://svn.apache.org/viewvc?rev=1735571&view=rev
Log:
"Applied fix from trunk for revision: 1735569 "
------------------------------------------------------------------------
r1735569 | jleroux | 2016-03-18 11:38:04 +0100 (ven. 18 mars 2016) | 3 lignes
Fixes "Comment out RMI related code because of the Java deserialization issue" - https://issues.apache.org/jira/browse/OFBIZ-6942
I decided to comment out as less as possible because once the RMI loaders, the RMI dispatcher and the related test services are off there is no RMI related danger left (test services are not a danger but would fail during tests run). It's then easier for users who need RMI in their projects to have only to uncomment those and not digg everywhere. Because the naming (JNDI) server relies on the rmi loader it will also be commented out.
------------------------------------------------------------------------
�
Modified:
ofbiz/branches/release14.12/ (props changed)
ofbiz/branches/release14.12/framework/base/config/ofbiz-containers.xml
ofbiz/branches/release14.12/framework/base/ofbiz-component.xml
ofbiz/branches/release14.12/framework/common/servicedef/services_test.xml
ofbiz/branches/release14.12/framework/service/ofbiz-component.xml
ofbiz/branches/release14.12/framework/start/src/org/ofbiz/base/start/both.properties
Propchange: ofbiz/branches/release14.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Mar 18 10:38:57 2016
@@ -8,4 +8,4 @@
/ofbiz/branches/json-integration-refactoring:1634077-1635900
/ofbiz/branches/multitenant20100310:921280-927264
/ofbiz/branches/release13.07:1547657
-/ofbiz/trunk:1649072,1649083-1649084,1649086,1649090,1649096,1649230,1649238-1649239,1649248,1649272,1649275,1649280-1649281,1649283,1649285-1649286,1649291,1649329,1649331,1649384,1649393,1649666,1649742,1650240,1650348,1650357,1650583,1650642,1650678,1650821,1650882,1650887,1650938,1651593,1652312,1652361,1652638,1652641,1652672,1652688,1652706,1652725,1652731,1652739,1652852,1653248,1653296,1653456,1653597,1653614,1654175,1654273,1654509,1654670,1654672-1654673,1654683-1654684,1654824,1655046,1655668,1655979,1656014,1656185,1656198,1656445,1656983,1657323,1657506-1657507,1657514,1657714,1657790,1657848,1658364,1658662,1658882,1659224,1659965,1660031,1660053,1660389,1660444,1660579,1661303,1661328,1661760,1661778,1661853,1661862,1661873,1661940,1661951,1661977,1662119-1662120,1662361,1662500,1662812,1662919,1663202,1663912,1663979,1664602,1664604,1664696,1665154,1665162,1665535,1666404,1666511,1666633,1666836,1666939,1666949,1666958,1667055,1667253,1667483,1667492,1667774,1668207,
1668214,1668236,1668246,1668258,1668263,1668265,1668270,1668277,1668314,1668657,1669317,1669588,1672427,1672430,1672846,1672853,1672856,1672862,1672873,1673764,1674447,1674464,1674491,1674496,1674908,1676674,1677123,1677597,1677769-1677770,1678294,1678882,1678911,1679689,1679697,1679709,1679720,1679728,1679732,1679957,1680155,1680288,1680304,1680671,1680675,1680733,1680840,1680881,1682272,1682295,1682415,1682633,1683998,1684094,1686360,1686536,1686545,1686566,1686569,1686574,1686583,1686635,1686651,1686970,1687427,1688772,1690086,1690581,1692357,1692458,1692600,1692604,1693393,1693579,1695017,1696018,1696234,1697590,1697647,1697993,1698259,1698261,1698263,1701164,1701441,1701819,1701825,1701936,1702002,1702548,1702704,1703121,1703586,1703945,1703954,1703965,1703971,1703976-1703977,1703981,1704000,1704014,1704018,1704036,1704043,1704052,1704082,1704140,1704230,1705004,1705329,1705405,1705412,1705417,1705427,1705532,1706159,1706162,1706316,1706531,1706549,1706553,1706561,1706569,17065
77,1706589,1706591,1706593,1706694,1707837,1707857,1708274,1708341,1708742,1708930,1709117,1710178,1710348,1711513,1712971,1714244,1714410,1714415,1714571,1714657,1715477-1715478,1715485,1715501,1716319,1717058,1717180,1717682,1717710,1717760,1718023,1718109,1719094,1719872,1720883,1721067,1721093,1721625,1722712,1723007,1723248,1724402,1724566,1724763,1724916,1724918,1724925,1724930,1724940,1724943,1724946,1724951,1724957,1724978,1725217,1725257,1725561,1725574,1726388,1726493,1726828,1728398,1729005,1729609,1729809,1730035,1730456,1730735-1730736,1730882,1730889,1731359,1731382,1731396,1732721,1733951,1733956,1734246,1734269,1734276,1734912,1734918,1735244,1735385
+/ofbiz/trunk:1649072,1649083-1649084,1649086,1649090,1649096,1649230,1649238-1649239,1649248,1649272,1649275,1649280-1649281,1649283,1649285-1649286,1649291,1649329,1649331,1649384,1649393,1649666,1649742,1650240,1650348,1650357,1650583,1650642,1650678,1650821,1650882,1650887,1650938,1651593,1652312,1652361,1652638,1652641,1652672,1652688,1652706,1652725,1652731,1652739,1652852,1653248,1653296,1653456,1653597,1653614,1654175,1654273,1654509,1654670,1654672-1654673,1654683-1654684,1654824,1655046,1655668,1655979,1656014,1656185,1656198,1656445,1656983,1657323,1657506-1657507,1657514,1657714,1657790,1657848,1658364,1658662,1658882,1659224,1659965,1660031,1660053,1660389,1660444,1660579,1661303,1661328,1661760,1661778,1661853,1661862,1661873,1661940,1661951,1661977,1662119-1662120,1662361,1662500,1662812,1662919,1663202,1663912,1663979,1664602,1664604,1664696,1665154,1665162,1665535,1666404,1666511,1666633,1666836,1666939,1666949,1666958,1667055,1667253,1667483,1667492,1667774,1668207,
1668214,1668236,1668246,1668258,1668263,1668265,1668270,1668277,1668314,1668657,1669317,1669588,1672427,1672430,1672846,1672853,1672856,1672862,1672873,1673764,1674447,1674464,1674491,1674496,1674908,1676674,1677123,1677597,1677769-1677770,1678294,1678882,1678911,1679689,1679697,1679709,1679720,1679728,1679732,1679957,1680155,1680288,1680304,1680671,1680675,1680733,1680840,1680881,1682272,1682295,1682415,1682633,1683998,1684094,1686360,1686536,1686545,1686566,1686569,1686574,1686583,1686635,1686651,1686970,1687427,1688772,1690086,1690581,1692357,1692458,1692600,1692604,1693393,1693579,1695017,1696018,1696234,1697590,1697647,1697993,1698259,1698261,1698263,1701164,1701441,1701819,1701825,1701936,1702002,1702548,1702704,1703121,1703586,1703945,1703954,1703965,1703971,1703976-1703977,1703981,1704000,1704014,1704018,1704036,1704043,1704052,1704082,1704140,1704230,1705004,1705329,1705405,1705412,1705417,1705427,1705532,1706159,1706162,1706316,1706531,1706549,1706553,1706561,1706569,17065
77,1706589,1706591,1706593,1706694,1707837,1707857,1708274,1708341,1708742,1708930,1709117,1710178,1710348,1711513,1712971,1714244,1714410,1714415,1714571,1714657,1715477-1715478,1715485,1715501,1716319,1717058,1717180,1717682,1717710,1717760,1718023,1718109,1719094,1719872,1720883,1721067,1721093,1721625,1722712,1723007,1723248,1724402,1724566,1724763,1724916,1724918,1724925,1724930,1724940,1724943,1724946,1724951,1724957,1724978,1725217,1725257,1725561,1725574,1726388,1726493,1726828,1728398,1729005,1729609,1729809,1730035,1730456,1730735-1730736,1730882,1730889,1731359,1731382,1731396,1732721,1733951,1733956,1734246,1734269,1734276,1734912,1734918,1735244,1735385,1735569
Modified: ofbiz/branches/release14.12/framework/base/config/ofbiz-containers.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/release14.12/framework/base/config/ofbiz-containers.xml?rev=1735571&r1=1735570&r2=1735571&view=diff
==============================================================================
--- ofbiz/branches/release14.12/framework/base/config/ofbiz-containers.xml (original)
+++ ofbiz/branches/release14.12/framework/base/config/ofbiz-containers.xml Fri Mar 18 10:38:57 2016
@@ -21,8 +21,11 @@ under the License.
<ofbiz-containers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/ofbiz-containers.xsd">
+ <!-- Because of the danger of Java deserialization when using RMI, we (PMC) have decided to comment out main RMI related code entries.
+ If you need RMI you just need to uncomment those places - See OFBIZ-6942 for details -->
<!-- load the ofbiz component container (always first) -->
- <container name="component-container" loaders="main,rmi,pos,load-data" class="org.ofbiz.base.container.ComponentContainer"/>
+ <!-- <container name="component-container" loaders="main,rmi,pos,load-data" class="org.ofbiz.base.container.ComponentContainer"/> -->
+ <container name="component-container" loaders="main,pos,load-data" class="org.ofbiz.base.container.ComponentContainer"/>
<container name="component-container-test" loaders="test" class="org.ofbiz.base.container.ComponentContainer">
<property name="ofbiz.instrumenterClassName" value="org.ofbiz.base.config.CoberturaInstrumenter"/>
Modified: ofbiz/branches/release14.12/framework/base/ofbiz-component.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/release14.12/framework/base/ofbiz-component.xml?rev=1735571&r1=1735570&r2=1735571&view=diff
==============================================================================
--- ofbiz/branches/release14.12/framework/base/ofbiz-component.xml (original)
+++ ofbiz/branches/release14.12/framework/base/ofbiz-component.xml Fri Mar 18 10:38:57 2016
@@ -33,11 +33,13 @@ under the License.
<test-suite loader="main" location="testdef/basetests.xml"/>
+ <!-- Because of the danger of Java deserialization when using RMI, we (PMC) have decided to comment out main RMI related code entries.
+ If you need RMI you just need to uncomment those places - See OFBIZ-6942 for details -->
<!-- load the naming (JNDI) server -->
- <container name="naming-container" loaders="rmi" class="org.ofbiz.base.container.NamingServiceContainer">
+ <!-- <container name="naming-container" loaders="rmi" class="org.ofbiz.base.container.NamingServiceContainer">
<property name="host" value="0.0.0.0"/>
<property name="port" value="1099"/>
- </container>
+ </container> -->
<!-- load BeanShell remote telnet server -->
<!-- Commented out by default for security reasons -->
Modified: ofbiz/branches/release14.12/framework/common/servicedef/services_test.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/release14.12/framework/common/servicedef/services_test.xml?rev=1735571&r1=1735570&r2=1735571&view=diff
==============================================================================
--- ofbiz/branches/release14.12/framework/common/servicedef/services_test.xml (original)
+++ ofbiz/branches/release14.12/framework/common/servicedef/services_test.xml Fri Mar 18 10:38:57 2016
@@ -47,15 +47,17 @@ under the License.
<service name="testError" engine="java" export="true" validate="false" require-new-transaction="true" max-retry="1"
location="org.ofbiz.common.CommonServices" invoke="returnErrorService">
</service>
+ <!-- Because of the danger of Java deserialization when using RMI, we (PMC) have decided to comment out main RMI related code entries.
+ If you need RMI you just need to uncomment those places - See OFBIZ-6942 for details -->
<!-- see serviceengine.xml to configure the rmi location alias -->
- <service name="testRmi" engine="rmi" validate="false"
+ <!-- <service name="testRmi" engine="rmi" validate="false"
location="main-rmi" invoke="testScv">
<implements service="testScv"/>
</service>
<service name="testRmiFail" engine="rmi" validate="false"
location="main-rmi" invoke="testBsh">
<implements service="testScv"/>
- </service>
+ </service> -->
<service name="testRollback" engine="java" export="true" validate="false"
location="org.ofbiz.common.CommonServices" invoke="testRollbackListener">
Modified: ofbiz/branches/release14.12/framework/service/ofbiz-component.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/release14.12/framework/service/ofbiz-component.xml?rev=1735571&r1=1735570&r2=1735571&view=diff
==============================================================================
--- ofbiz/branches/release14.12/framework/service/ofbiz-component.xml (original)
+++ ofbiz/branches/release14.12/framework/service/ofbiz-component.xml Fri Mar 18 10:38:57 2016
@@ -44,12 +44,17 @@ under the License.
<keystore name="rmitrust" type="jks" password="changeit" is-truststore="true"
is-certstore="false" loader="main" location="config/rmitrust.jks"/>
- <container name="service-container" loaders="main,rmi,pos,load-data,test" class="org.ofbiz.service.ServiceContainer">
+ <!-- Because of the danger of Java deserialization when using RMI, we (PMC) have decided to comment out main RMI related code entries.
+ If you need RMI you just need to uncomment those places - See OFBIZ-6942 for details -->
+ <!-- <container name="service-container" loaders="main,rmi,pos,load-data,test" class="org.ofbiz.service.ServiceContainer"> -->
+ <container name="service-container" loaders="main,pos,load-data,test" class="org.ofbiz.service.ServiceContainer">
<property name="dispatcher-factory" value="org.ofbiz.service.GenericDispatcherFactory"/>
</container>
+ <!-- Because of the danger of Java deserialization when using RMI, we (PMC) have decided to comment out main RMI related code entries.
+ If you need RMI you just need to uncomment those places - See OFBIZ-6942 for details -->
<!-- RMI Service Dispatcher -->
- <container name="rmi-dispatcher" loaders="rmi" class="org.ofbiz.service.rmi.RmiServiceContainer">
+ <!-- <container name="rmi-dispatcher" loaders="rmi" class="org.ofbiz.service.rmi.RmiServiceContainer">
<property name="bound-name" value="RMIDispatcher"/>
<property name="bound-host" value="127.0.0.1"/>
<property name="bound-port" value="1099"/>
@@ -61,7 +66,7 @@ under the License.
<property name="ssl-keystore-pass" value="changeit"/>
<property name="ssl-keystore-alias" value="rmissl"/>
<property name="ssl-client-auth" value="false"/>
- </container>
+ </container> -->
<!-- JavaMail Listener Container - Triggers MCA Rules -->
<!-- if delete-mail is set to true, will delete messages after fetching them. otherwise, will try to mark them as seen
Modified: ofbiz/branches/release14.12/framework/start/src/org/ofbiz/base/start/both.properties
URL: http://svn.apache.org/viewvc/ofbiz/branches/release14.12/framework/start/src/org/ofbiz/base/start/both.properties?rev=1735571&r1=1735570&r2=1735571&view=diff
==============================================================================
--- ofbiz/branches/release14.12/framework/start/src/org/ofbiz/base/start/both.properties (original)
+++ ofbiz/branches/release14.12/framework/start/src/org/ofbiz/base/start/both.properties Fri Mar 18 10:38:57 2016
@@ -31,7 +31,10 @@ ofbiz.start.loader1=org.ofbiz.base.splas
# --- StartupLoader implementations to load (in order)
ofbiz.start.loader2=org.ofbiz.base.container.ContainerLoader
-ofbiz.start.loader2.loaders=main,pos,rmi
+# Because of the danger of Java deserialization when using RMI, we (PMC) have decided to comment out main RMI related code entries.
+# If you need RMI you just need to uncomment those places - See OFBIZ-6942 for details -->
+#ofbiz.start.loader2.loaders=main,pos,rmi
+ofbiz.start.loader2.loaders=main,pos
# -- Splash Logo
ofbiz.start.splash.logo=framework/images/webapp/images/ofbiz_logo.gif