December 2015 - jbossts-issues - Jboss List Archives

[JBoss JIRA] (JBTM-2577) CDR Input/Output streams need SerializablePermission("enableSubclassImplementation") when Security Manager is in force

by Tom Jenkinson (JIRA)

[ https://issues.jboss.org/browse/JBTM-2577?page=com.atlassian.jira.plugin.... ] Tom Jenkinson updated JBTM-2577: -------------------------------- Fix Version/s: 5.next > CDR Input/Output streams need SerializablePermission("enableSubclassImplementation") when Security Manager is in force > ---------------------------------------------------------------------------------------------------------------------- > > Key: JBTM-2577 > URL: https://issues.jboss.org/browse/JBTM-2577 > Project: JBoss Transaction Manager > Issue Type: Bug > Components: JTS > Affects Versions: 5.2.8.Final > Reporter: Ivo Studensky > Assignee: Ivo Studensky > Fix For: 5.next > > > Since JDK 7u25 version {{org.omg.CORBA_2_3.portable.Output/InputStream}} classes need extra permissions if Security Manager is enabled. Because of a previous vulnerability, it now checks {{SerializablePermission("enableSubclassImplementation")}}. There is a property flag to allow subclass instantiations without the security check ({{jdk.corba.allowOutputStreamSubclass=true}}), but this system property is subject to removal in the future Java releases, according to my findings. > At the moment, our IIOP code fails (can be seen in iiop tests of WildFly testsuite) when running with SM enabled. > See the following stacktraces: > {noformat} > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:271) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at org.omg.CORBA_2_3.portable.InputStream.checkPermission(InputStream.java:67) > at org.omg.CORBA_2_3.portable.InputStream.<init>(InputStream.java:84) > at com.sun.corba.se.impl.encoding.WrapperInputStream.<init>(WrapperInputStream.java:74) > at com.sun.corba.se.impl.corba.TypeCodeImpl.read_value(TypeCodeImpl.java:1273) > at com.sun.corba.se.impl.encoding.CDRInputStream_1_0.read_any(CDRInputStream_1_0.java:695) > at com.sun.corba.se.impl.encoding.CDRInputStream.read_any(CDRInputStream.java:238) > at org.omg.CosTransactions.PropagationContextHelper.read(PropagationContextHelper.java:88) > at com.arjuna.ArjunaOTS._ArjunaTransactionStub.get_txcontext(_ArjunaTransactionStub.java:387) > at com.arjuna.ats.jts.orbspecific.javaidl.interceptors.interposition.InterpositionClientRequestInterceptorImpl.send_request(InterpositionClientRequestInterceptorImpl.java:223) > at com.sun.corba.se.impl.interceptors.InterceptorInvoker.invokeClientInterceptorStartingPoint(InterceptorInvoker.java:245) > at com.sun.corba.se.impl.interceptors.PIHandlerImpl.invokeClientPIStartingPoint(PIHandlerImpl.java:355) > at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(CorbaClientRequestDispatcherImpl.java:293) > at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:137) > at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:449) > at org.omg.CosTransactions._ResourceStub.commit_one_phase(_ResourceStub.java:94) > at com.arjuna.ats.internal.jts.resources.ResourceRecord.topLevelOnePhaseCommit(ResourceRecord.java:537) > at com.arjuna.ats.arjuna.coordinator.BasicAction.onePhaseCommit(BasicAction.java:2361) > at com.arjuna.ats.arjuna.coordinator.BasicAction.End(BasicAction.java:1495) > - locked <0x360a> (a com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple) > at com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple.commit(ArjunaTransactionImple.java:375) > at com.arjuna.ats.internal.jts.ControlWrapper.commit(ControlWrapper.java:244) > at com.arjuna.ats.internal.jts.orbspecific.CurrentImple.commit(CurrentImple.java:247) > at com.arjuna.ats.jts.extensions.AtomicTransaction.commit(AtomicTransaction.java:276) > at com.arjuna.ats.internal.jta.transaction.jts.TransactionImple.commitAndDisassociate(TransactionImple.java:1313) > at com.arjuna.ats.internal.jta.transaction.jts.BaseTransaction.commit(BaseTransaction.java:130) > at com.arjuna.ats.jbossatx.BaseTransactionManagerDelegate.commit(BaseTransactionManagerDelegate.java:89) > at org.jboss.tm.usertx.client.ServerVMClientUserTransaction.commit(ServerVMClientUserTransaction.java:178) > at org.jboss.as.test.iiop.transaction.ClientEjb.testSynchronization(ClientEjb.java:65) > {noformat} > {noformat} > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:271) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at org.omg.CORBA_2_3.portable.InputStream.checkPermission(InputStream.java:67) > at org.omg.CORBA_2_3.portable.InputStream.<init>(InputStream.java:84) > at com.sun.corba.se.impl.encoding.WrapperInputStream.<init>(WrapperInputStream.java:74) > at com.sun.corba.se.impl.corba.TypeCodeImpl.read_value(TypeCodeImpl.java:1273) > at com.sun.corba.se.impl.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2018) > at com.sun.corba.se.impl.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2054) > at com.sun.corba.se.impl.corba.AnyImpl.write_value(AnyImpl.java:610) > at com.sun.corba.se.impl.interceptors.CDREncapsCodec.encodeImpl(CDREncapsCodec.java:173) > at com.sun.corba.se.impl.interceptors.CDREncapsCodec.encode_value(CDREncapsCodec.java:119) > at com.arjuna.ats.jts.orbspecific.javaidl.interceptors.interposition.InterpositionClientRequestInterceptorImpl.send_request(InterpositionClientRequestInterceptorImpl.java:280) > at com.sun.corba.se.impl.interceptors.InterceptorInvoker.invokeClientInterceptorStartingPoint(InterceptorInvoker.java:245) > at com.sun.corba.se.impl.interceptors.PIHandlerImpl.invokeClientPIStartingPoint(PIHandlerImpl.java:355) > at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(CorbaClientRequestDispatcherImpl.java:293) > at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:137) > at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:449) > at com.arjuna.ArjunaOTS._ArjunaTransactionStub.is_top_level_transaction(_ArjunaTransactionStub.java:193) > at com.arjuna.ats.jts.OTSManager.destroyControl(OTSManager.java:133) > at com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple.destroyAction(ArjunaTransactionImple.java:2201) > at com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple.commit(ArjunaTransactionImple.java:392) > at com.arjuna.ats.internal.jts.ControlWrapper.commit(ControlWrapper.java:244) > at com.arjuna.ats.internal.jts.orbspecific.CurrentImple.commit(CurrentImple.java:247) > at com.arjuna.ats.jts.extensions.AtomicTransaction.commit(AtomicTransaction.java:276) > at com.arjuna.ats.internal.jta.transaction.jts.TransactionImple.commitAndDisassociate(TransactionImple.java:1313) > at com.arjuna.ats.internal.jta.transaction.jts.BaseTransaction.commit(BaseTransaction.java:130) > at com.arjuna.ats.jbossatx.BaseTransactionManagerDelegate.commit(BaseTransactionManagerDelegate.java:89) > at org.jboss.tm.usertx.client.ServerVMClientUserTransaction.commit(ServerVMClientUserTransaction.java:178) > at org.jboss.as.test.iiop.transaction.ClientEjb.testSynchronization(ClientEjb.java:65) > {noformat} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBTM-2573) Can not set the right jbossts properties file when running the commitmarkable test under the codeCoverage

by Amos Feng (JIRA)

[ https://issues.jboss.org/browse/JBTM-2573?page=com.atlassian.jira.plugin.... ] Amos Feng updated JBTM-2573: ---------------------------- Description: currently the ArjunaJTA/jta commitmarkable tests fails when running under the codeCoverage. The root cause is that the jbossts properties file does not set to the "commitmarkableresourcejbossts-properties.xml". The surefire-plugin config the system property com.arjuna.ats.arjuna.common.propertiesFile with "jbossts-properties.xml" in the codeCoverage profile https://github.com/jbosstm/narayana/blob/master/pom.xml#L645 So the https://github.com/jbosstm/narayana/blob/master/ArjunaJTA/jta/tests/class... {code} resetPropertiesFile = System .getProperty("com.arjuna.ats.arjuna.common.propertiesFile"); if (resetPropertiesFile == null) { System.setProperty("com.arjuna.ats.arjuna.common.propertiesFile", "commitmarkableresourcejbossts-properties.xml"); } {code} the resetPropertiesFile does not be null and the if check statement is false, so the System.setProperty(...) can not run and the property is still the jbossts-properties.xml. This failure does not happen in the default profile as the surefire-plugin does not set this system property in the profile. > Can not set the right jbossts properties file when running the commitmarkable test under the codeCoverage > --------------------------------------------------------------------------------------------------------- > > Key: JBTM-2573 > URL: https://issues.jboss.org/browse/JBTM-2573 > Project: JBoss Transaction Manager > Issue Type: Bug > Components: Testing > Reporter: Amos Feng > Assignee: Amos Feng > Fix For: 5.next > > > currently the ArjunaJTA/jta commitmarkable tests fails when running under the codeCoverage. The root cause is that the jbossts properties file does not set to the "commitmarkableresourcejbossts-properties.xml". > The surefire-plugin config the system property com.arjuna.ats.arjuna.common.propertiesFile with "jbossts-properties.xml" in the codeCoverage profile > https://github.com/jbosstm/narayana/blob/master/pom.xml#L645 > So the https://github.com/jbosstm/narayana/blob/master/ArjunaJTA/jta/tests/class... > {code} > resetPropertiesFile = System > .getProperty("com.arjuna.ats.arjuna.common.propertiesFile"); > if (resetPropertiesFile == null) { > System.setProperty("com.arjuna.ats.arjuna.common.propertiesFile", > "commitmarkableresourcejbossts-properties.xml"); > } > {code} > the resetPropertiesFile does not be null and the if check statement is false, so the System.setProperty(...) can not run and the property is still the jbossts-properties.xml. > This failure does not happen in the default profile as the surefire-plugin does not set this system property in the profile. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBTM-2579) Throw XAException in XATerminator::commit if a wrapped resource fails transiently

by Tom Jenkinson (JIRA)

[ https://issues.jboss.org/browse/JBTM-2579?page=com.atlassian.jira.plugin.... ] Tom Jenkinson updated JBTM-2579: -------------------------------- Status: Pull Request Sent (was: Open) Git Pull Request: https://github.com/jbosstm/narayana/pull/959/ > Throw XAException in XATerminator::commit if a wrapped resource fails transiently > --------------------------------------------------------------------------------- > > Key: JBTM-2579 > URL: https://issues.jboss.org/browse/JBTM-2579 > Project: JBoss Transaction Manager > Issue Type: Bug > Components: JTA > Reporter: Tom Jenkinson > Fix For: 4.17.31, 5.next > > > It is possible for a resource that we are wrapping to return say XA_RETRY or XA_RMFAIL and therefore end up in the BasicAction failed list. However there is no error returned from commit in this circumstance as the recovery manager should ensure a consistent outcome. > The reason this becomes a problem for JTA and XATerminator in particular is that as no error is returned a parent coordinator will assume the branch completed successfully. In the future when it calls XATerminator::recover though this branch will be returned and detected as an orphan. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBTM-2579) Throw XAException in XATerminator::commit if a wrapped resource fails transiently

by Tom Jenkinson (JIRA)

[ https://issues.jboss.org/browse/JBTM-2579?page=com.atlassian.jira.plugin.... ] Tom Jenkinson reassigned JBTM-2579: ----------------------------------- Assignee: Tom Jenkinson > Throw XAException in XATerminator::commit if a wrapped resource fails transiently > --------------------------------------------------------------------------------- > > Key: JBTM-2579 > URL: https://issues.jboss.org/browse/JBTM-2579 > Project: JBoss Transaction Manager > Issue Type: Bug > Components: JTA > Reporter: Tom Jenkinson > Assignee: Tom Jenkinson > Fix For: 4.17.31, 5.next > > > It is possible for a resource that we are wrapping to return say XA_RETRY or XA_RMFAIL and therefore end up in the BasicAction failed list. However there is no error returned from commit in this circumstance as the recovery manager should ensure a consistent outcome. > The reason this becomes a problem for JTA and XATerminator in particular is that as no error is returned a parent coordinator will assume the branch completed successfully. In the future when it calls XATerminator::recover though this branch will be returned and detected as an orphan. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBTM-2579) Throw XAException in XATerminator::commit if a wrapped resource fails transiently

by Tom Jenkinson (JIRA)

[ https://issues.jboss.org/browse/JBTM-2579?page=com.atlassian.jira.plugin.... ] Tom Jenkinson updated JBTM-2579: -------------------------------- Fix Version/s: 4.17.31 > Throw XAException in XATerminator::commit if a wrapped resource fails transiently > --------------------------------------------------------------------------------- > > Key: JBTM-2579 > URL: https://issues.jboss.org/browse/JBTM-2579 > Project: JBoss Transaction Manager > Issue Type: Bug > Components: JTA > Reporter: Tom Jenkinson > Fix For: 4.17.31, 5.next > > > It is possible for a resource that we are wrapping to return say XA_RETRY or XA_RMFAIL and therefore end up in the BasicAction failed list. However there is no error returned from commit in this circumstance as the recovery manager should ensure a consistent outcome. > The reason this becomes a problem for JTA and XATerminator in particular is that as no error is returned a parent coordinator will assume the branch completed successfully. In the future when it calls XATerminator::recover though this branch will be returned and detected as an orphan. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBTM-2579) Throw XAException in XATerminator::commit if a wrapped resource fails transiently

by Tom Jenkinson (JIRA)

Tom Jenkinson created JBTM-2579: ----------------------------------- Summary: Throw XAException in XATerminator::commit if a wrapped resource fails transiently Key: JBTM-2579 URL: https://issues.jboss.org/browse/JBTM-2579 Project: JBoss Transaction Manager Issue Type: Bug Components: JTA Reporter: Tom Jenkinson Fix For: 5.next It is possible for a resource that we are wrapping to return say XA_RETRY or XA_RMFAIL and therefore end up in the BasicAction failed list. However there is no error returned from commit in this circumstance as the recovery manager should ensure a consistent outcome. The reason this becomes a problem for JTA and XATerminator in particular is that as no error is returned a parent coordinator will assume the branch completed successfully. In the future when it calls XATerminator::recover though this branch will be returned and detected as an orphan. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBTM-2575) When checking for orphaned subordinate transactions in the middle of a tree branches that are eligible for orphan detection will be rolled back

by Tom Jenkinson (JIRA)

[ https://issues.jboss.org/browse/JBTM-2575?page=com.atlassian.jira.plugin.... ] Tom Jenkinson updated JBTM-2575: -------------------------------- Git Pull Request: https://github.com/jbosstm/narayana/pull/955, https://github.com/jbosstm/narayana/pull/960 (was: https://github.com/jbosstm/narayana/pull/955) > When checking for orphaned subordinate transactions in the middle of a tree branches that are eligible for orphan detection will be rolled back > ----------------------------------------------------------------------------------------------------------------------------------------------- > > Key: JBTM-2575 > URL: https://issues.jboss.org/browse/JBTM-2575 > Project: JBoss Transaction Manager > Issue Type: Bug > Components: Recovery > Reporter: Tom Jenkinson > Priority: Blocker > Fix For: 4.17.31, 5.later > > > There is a check in the subordinate orphan detection that not only checks for matching gtrid but also for matching subordinate name. This will not match correctly for an intermediary node. E.g. > a->b b->c > When b scans c the xid it gets back will have subordinate name of c, b will look in its object store and match the subordinate on gtrid but the subordinate node ID in b subordinateatomicaction will be "b". > This check is actually superfluous anyway. We already know that the Xid returned from c was for b because of transport level checks. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBTM-2578) Make "junit-jdbc-ncl-testsuite" testsuite of Narayana/qa compatible with IPv6

by Hayk Hovsepyan (JIRA)

Hayk Hovsepyan created JBTM-2578: ------------------------------------ Summary: Make "junit-jdbc-ncl-testsuite" testsuite of Narayana/qa compatible with IPv6 Key: JBTM-2578 URL: https://issues.jboss.org/browse/JBTM-2578 Project: JBoss Transaction Manager Issue Type: Feature Request Reporter: Hayk Hovsepyan Assignee: Hayk Hovsepyan Currently JDBC tests from "junit-jdbc-ncl-testsuite" testsuite of narayana/qa tsts fail while running on pure IPv6 machine. The reason is that it is designed to connect to databases via IPv4 protocol, and there are hostnames of DB's specified in project. It needs to be modified to connect to databases via IPv6 addresses protocol and run tests on pure Ipv6 machine. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBTM-2577) CDR Input/Output streams need SerializablePermission("enableSubclassImplementation") when Security Manager is in force

by Ivo Studensky (JIRA)

[ https://issues.jboss.org/browse/JBTM-2577?page=com.atlassian.jira.plugin.... ] Ivo Studensky updated JBTM-2577: -------------------------------- Git Pull Request: https://github.com/jbosstm/narayana/pull/958 > CDR Input/Output streams need SerializablePermission("enableSubclassImplementation") when Security Manager is in force > ---------------------------------------------------------------------------------------------------------------------- > > Key: JBTM-2577 > URL: https://issues.jboss.org/browse/JBTM-2577 > Project: JBoss Transaction Manager > Issue Type: Bug > Components: JTS > Affects Versions: 5.2.8.Final > Reporter: Ivo Studensky > Assignee: Ivo Studensky > > Since JDK 7u25 version {{org.omg.CORBA_2_3.portable.Output/InputStream}} classes need extra permissions if Security Manager is enabled. Because of a previous vulnerability, it now checks {{SerializablePermission("enableSubclassImplementation")}}. There is a property flag to allow subclass instantiations without the security check ({{jdk.corba.allowOutputStreamSubclass=true}}), but this system property is subject to removal in the future Java releases, according to my findings. > At the moment, our IIOP code fails (can be seen in iiop tests of WildFly testsuite) when running with SM enabled. > See the following stacktraces: > {noformat} > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:271) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at org.omg.CORBA_2_3.portable.InputStream.checkPermission(InputStream.java:67) > at org.omg.CORBA_2_3.portable.InputStream.<init>(InputStream.java:84) > at com.sun.corba.se.impl.encoding.WrapperInputStream.<init>(WrapperInputStream.java:74) > at com.sun.corba.se.impl.corba.TypeCodeImpl.read_value(TypeCodeImpl.java:1273) > at com.sun.corba.se.impl.encoding.CDRInputStream_1_0.read_any(CDRInputStream_1_0.java:695) > at com.sun.corba.se.impl.encoding.CDRInputStream.read_any(CDRInputStream.java:238) > at org.omg.CosTransactions.PropagationContextHelper.read(PropagationContextHelper.java:88) > at com.arjuna.ArjunaOTS._ArjunaTransactionStub.get_txcontext(_ArjunaTransactionStub.java:387) > at com.arjuna.ats.jts.orbspecific.javaidl.interceptors.interposition.InterpositionClientRequestInterceptorImpl.send_request(InterpositionClientRequestInterceptorImpl.java:223) > at com.sun.corba.se.impl.interceptors.InterceptorInvoker.invokeClientInterceptorStartingPoint(InterceptorInvoker.java:245) > at com.sun.corba.se.impl.interceptors.PIHandlerImpl.invokeClientPIStartingPoint(PIHandlerImpl.java:355) > at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(CorbaClientRequestDispatcherImpl.java:293) > at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:137) > at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:449) > at org.omg.CosTransactions._ResourceStub.commit_one_phase(_ResourceStub.java:94) > at com.arjuna.ats.internal.jts.resources.ResourceRecord.topLevelOnePhaseCommit(ResourceRecord.java:537) > at com.arjuna.ats.arjuna.coordinator.BasicAction.onePhaseCommit(BasicAction.java:2361) > at com.arjuna.ats.arjuna.coordinator.BasicAction.End(BasicAction.java:1495) > - locked <0x360a> (a com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple) > at com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple.commit(ArjunaTransactionImple.java:375) > at com.arjuna.ats.internal.jts.ControlWrapper.commit(ControlWrapper.java:244) > at com.arjuna.ats.internal.jts.orbspecific.CurrentImple.commit(CurrentImple.java:247) > at com.arjuna.ats.jts.extensions.AtomicTransaction.commit(AtomicTransaction.java:276) > at com.arjuna.ats.internal.jta.transaction.jts.TransactionImple.commitAndDisassociate(TransactionImple.java:1313) > at com.arjuna.ats.internal.jta.transaction.jts.BaseTransaction.commit(BaseTransaction.java:130) > at com.arjuna.ats.jbossatx.BaseTransactionManagerDelegate.commit(BaseTransactionManagerDelegate.java:89) > at org.jboss.tm.usertx.client.ServerVMClientUserTransaction.commit(ServerVMClientUserTransaction.java:178) > at org.jboss.as.test.iiop.transaction.ClientEjb.testSynchronization(ClientEjb.java:65) > {noformat} > {noformat} > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:271) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at org.omg.CORBA_2_3.portable.InputStream.checkPermission(InputStream.java:67) > at org.omg.CORBA_2_3.portable.InputStream.<init>(InputStream.java:84) > at com.sun.corba.se.impl.encoding.WrapperInputStream.<init>(WrapperInputStream.java:74) > at com.sun.corba.se.impl.corba.TypeCodeImpl.read_value(TypeCodeImpl.java:1273) > at com.sun.corba.se.impl.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2018) > at com.sun.corba.se.impl.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2054) > at com.sun.corba.se.impl.corba.AnyImpl.write_value(AnyImpl.java:610) > at com.sun.corba.se.impl.interceptors.CDREncapsCodec.encodeImpl(CDREncapsCodec.java:173) > at com.sun.corba.se.impl.interceptors.CDREncapsCodec.encode_value(CDREncapsCodec.java:119) > at com.arjuna.ats.jts.orbspecific.javaidl.interceptors.interposition.InterpositionClientRequestInterceptorImpl.send_request(InterpositionClientRequestInterceptorImpl.java:280) > at com.sun.corba.se.impl.interceptors.InterceptorInvoker.invokeClientInterceptorStartingPoint(InterceptorInvoker.java:245) > at com.sun.corba.se.impl.interceptors.PIHandlerImpl.invokeClientPIStartingPoint(PIHandlerImpl.java:355) > at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(CorbaClientRequestDispatcherImpl.java:293) > at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:137) > at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:449) > at com.arjuna.ArjunaOTS._ArjunaTransactionStub.is_top_level_transaction(_ArjunaTransactionStub.java:193) > at com.arjuna.ats.jts.OTSManager.destroyControl(OTSManager.java:133) > at com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple.destroyAction(ArjunaTransactionImple.java:2201) > at com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple.commit(ArjunaTransactionImple.java:392) > at com.arjuna.ats.internal.jts.ControlWrapper.commit(ControlWrapper.java:244) > at com.arjuna.ats.internal.jts.orbspecific.CurrentImple.commit(CurrentImple.java:247) > at com.arjuna.ats.jts.extensions.AtomicTransaction.commit(AtomicTransaction.java:276) > at com.arjuna.ats.internal.jta.transaction.jts.TransactionImple.commitAndDisassociate(TransactionImple.java:1313) > at com.arjuna.ats.internal.jta.transaction.jts.BaseTransaction.commit(BaseTransaction.java:130) > at com.arjuna.ats.jbossatx.BaseTransactionManagerDelegate.commit(BaseTransactionManagerDelegate.java:89) > at org.jboss.tm.usertx.client.ServerVMClientUserTransaction.commit(ServerVMClientUserTransaction.java:178) > at org.jboss.as.test.iiop.transaction.ClientEjb.testSynchronization(ClientEjb.java:65) > {noformat} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JBTM-2577) CDR Input/Output streams need SerializablePermission("enableSubclassImplementation") when Security Manager is in force

by Ivo Studensky (JIRA)

[ https://issues.jboss.org/browse/JBTM-2577?page=com.atlassian.jira.plugin.... ] Ivo Studensky updated JBTM-2577: -------------------------------- Status: Pull Request Sent (was: Open) > CDR Input/Output streams need SerializablePermission("enableSubclassImplementation") when Security Manager is in force > ---------------------------------------------------------------------------------------------------------------------- > > Key: JBTM-2577 > URL: https://issues.jboss.org/browse/JBTM-2577 > Project: JBoss Transaction Manager > Issue Type: Bug > Components: JTS > Affects Versions: 5.2.8.Final > Reporter: Ivo Studensky > Assignee: Ivo Studensky > > Since JDK 7u25 version {{org.omg.CORBA_2_3.portable.Output/InputStream}} classes need extra permissions if Security Manager is enabled. Because of a previous vulnerability, it now checks {{SerializablePermission("enableSubclassImplementation")}}. There is a property flag to allow subclass instantiations without the security check ({{jdk.corba.allowOutputStreamSubclass=true}}), but this system property is subject to removal in the future Java releases, according to my findings. > At the moment, our IIOP code fails (can be seen in iiop tests of WildFly testsuite) when running with SM enabled. > See the following stacktraces: > {noformat} > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:271) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at org.omg.CORBA_2_3.portable.InputStream.checkPermission(InputStream.java:67) > at org.omg.CORBA_2_3.portable.InputStream.<init>(InputStream.java:84) > at com.sun.corba.se.impl.encoding.WrapperInputStream.<init>(WrapperInputStream.java:74) > at com.sun.corba.se.impl.corba.TypeCodeImpl.read_value(TypeCodeImpl.java:1273) > at com.sun.corba.se.impl.encoding.CDRInputStream_1_0.read_any(CDRInputStream_1_0.java:695) > at com.sun.corba.se.impl.encoding.CDRInputStream.read_any(CDRInputStream.java:238) > at org.omg.CosTransactions.PropagationContextHelper.read(PropagationContextHelper.java:88) > at com.arjuna.ArjunaOTS._ArjunaTransactionStub.get_txcontext(_ArjunaTransactionStub.java:387) > at com.arjuna.ats.jts.orbspecific.javaidl.interceptors.interposition.InterpositionClientRequestInterceptorImpl.send_request(InterpositionClientRequestInterceptorImpl.java:223) > at com.sun.corba.se.impl.interceptors.InterceptorInvoker.invokeClientInterceptorStartingPoint(InterceptorInvoker.java:245) > at com.sun.corba.se.impl.interceptors.PIHandlerImpl.invokeClientPIStartingPoint(PIHandlerImpl.java:355) > at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(CorbaClientRequestDispatcherImpl.java:293) > at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:137) > at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:449) > at org.omg.CosTransactions._ResourceStub.commit_one_phase(_ResourceStub.java:94) > at com.arjuna.ats.internal.jts.resources.ResourceRecord.topLevelOnePhaseCommit(ResourceRecord.java:537) > at com.arjuna.ats.arjuna.coordinator.BasicAction.onePhaseCommit(BasicAction.java:2361) > at com.arjuna.ats.arjuna.coordinator.BasicAction.End(BasicAction.java:1495) > - locked <0x360a> (a com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple) > at com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple.commit(ArjunaTransactionImple.java:375) > at com.arjuna.ats.internal.jts.ControlWrapper.commit(ControlWrapper.java:244) > at com.arjuna.ats.internal.jts.orbspecific.CurrentImple.commit(CurrentImple.java:247) > at com.arjuna.ats.jts.extensions.AtomicTransaction.commit(AtomicTransaction.java:276) > at com.arjuna.ats.internal.jta.transaction.jts.TransactionImple.commitAndDisassociate(TransactionImple.java:1313) > at com.arjuna.ats.internal.jta.transaction.jts.BaseTransaction.commit(BaseTransaction.java:130) > at com.arjuna.ats.jbossatx.BaseTransactionManagerDelegate.commit(BaseTransactionManagerDelegate.java:89) > at org.jboss.tm.usertx.client.ServerVMClientUserTransaction.commit(ServerVMClientUserTransaction.java:178) > at org.jboss.as.test.iiop.transaction.ClientEjb.testSynchronization(ClientEjb.java:65) > {noformat} > {noformat} > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:271) > at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175) > at org.omg.CORBA_2_3.portable.InputStream.checkPermission(InputStream.java:67) > at org.omg.CORBA_2_3.portable.InputStream.<init>(InputStream.java:84) > at com.sun.corba.se.impl.encoding.WrapperInputStream.<init>(WrapperInputStream.java:74) > at com.sun.corba.se.impl.corba.TypeCodeImpl.read_value(TypeCodeImpl.java:1273) > at com.sun.corba.se.impl.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2018) > at com.sun.corba.se.impl.corba.TypeCodeImpl.copy(TypeCodeImpl.java:2054) > at com.sun.corba.se.impl.corba.AnyImpl.write_value(AnyImpl.java:610) > at com.sun.corba.se.impl.interceptors.CDREncapsCodec.encodeImpl(CDREncapsCodec.java:173) > at com.sun.corba.se.impl.interceptors.CDREncapsCodec.encode_value(CDREncapsCodec.java:119) > at com.arjuna.ats.jts.orbspecific.javaidl.interceptors.interposition.InterpositionClientRequestInterceptorImpl.send_request(InterpositionClientRequestInterceptorImpl.java:280) > at com.sun.corba.se.impl.interceptors.InterceptorInvoker.invokeClientInterceptorStartingPoint(InterceptorInvoker.java:245) > at com.sun.corba.se.impl.interceptors.PIHandlerImpl.invokeClientPIStartingPoint(PIHandlerImpl.java:355) > at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(CorbaClientRequestDispatcherImpl.java:293) > at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:137) > at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:449) > at com.arjuna.ArjunaOTS._ArjunaTransactionStub.is_top_level_transaction(_ArjunaTransactionStub.java:193) > at com.arjuna.ats.jts.OTSManager.destroyControl(OTSManager.java:133) > at com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple.destroyAction(ArjunaTransactionImple.java:2201) > at com.arjuna.ats.internal.jts.orbspecific.coordinator.ArjunaTransactionImple.commit(ArjunaTransactionImple.java:392) > at com.arjuna.ats.internal.jts.ControlWrapper.commit(ControlWrapper.java:244) > at com.arjuna.ats.internal.jts.orbspecific.CurrentImple.commit(CurrentImple.java:247) > at com.arjuna.ats.jts.extensions.AtomicTransaction.commit(AtomicTransaction.java:276) > at com.arjuna.ats.internal.jta.transaction.jts.TransactionImple.commitAndDisassociate(TransactionImple.java:1313) > at com.arjuna.ats.internal.jta.transaction.jts.BaseTransaction.commit(BaseTransaction.java:130) > at com.arjuna.ats.jbossatx.BaseTransactionManagerDelegate.commit(BaseTransactionManagerDelegate.java:89) > at org.jboss.tm.usertx.client.ServerVMClientUserTransaction.commit(ServerVMClientUserTransaction.java:178) > at org.jboss.as.test.iiop.transaction.ClientEjb.testSynchronization(ClientEjb.java:65) > {noformat} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 2 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

jbossts-issues December 2015