[jboss-jira] [JBoss JIRA] (WFLY-5771) IIOP operations need SerializablePermission("enableSubclassImplementation")

Thu Dec 3 10:15:01 EST 2015

Ivo Studensky created WFLY-5771:
-----------------------------------

             Summary: IIOP operations need SerializablePermission("enableSubclassImplementation")
                 Key: WFLY-5771
                 URL: https://issues.jboss.org/browse/WFLY-5771
             Project: WildFly
          Issue Type: Bug
          Components: IIOP, Transactions
    Affects Versions: 10.0.0.CR4
            Reporter: Ivo Studensky
            Assignee: Ivo Studensky

Since JDK 7u25 version {{org.omg.CORBA_2_3.portable.Output/InputStream}} classes need extra permissions if Security Manager is enabled. Because of a previous vulnerability, it now checks {{SerializablePermission("enableSubclassImplementation")}}. There is a property flag to allow subclass instantiations without the security check (jdk.corba.allowOutputStreamSubclass=true), but this system property is subject to removal in the future Java releases, according to my findings. 

At the moment, our IIOP code fails (can be seen in iiop tests of WildFly testsuite) when running with SM enabled.

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)