[jboss-jira] [JBoss JIRA] (WFLY-5771) IIOP operations need SerializablePermission("enableSubclassImplementation")
Ivo Studensky (JIRA)
issues at jboss.org
Thu Dec 3 11:06:00 EST 2015
[ https://issues.jboss.org/browse/WFLY-5771?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136768#comment-13136768 ]
Ivo Studensky commented on WFLY-5771:
-------------------------------------
Similar fix has to be done for Narayana as well, see JBTM-2577.
> IIOP operations need SerializablePermission("enableSubclassImplementation")
> ---------------------------------------------------------------------------
>
> Key: WFLY-5771
> URL: https://issues.jboss.org/browse/WFLY-5771
> Project: WildFly
> Issue Type: Bug
> Components: IIOP, Transactions
> Affects Versions: 10.0.0.CR4
> Reporter: Ivo Studensky
> Assignee: Ivo Studensky
>
> Since JDK 7u25 version {{org.omg.CORBA_2_3.portable.Output/InputStream}} classes need extra permissions if Security Manager is enabled. Because of a previous vulnerability, it now checks {{SerializablePermission("enableSubclassImplementation")}}. There is a property flag to allow subclass instantiations without the security check (jdk.corba.allowOutputStreamSubclass=true), but this system property is subject to removal in the future Java releases, according to my findings.
> At the moment, our IIOP code fails (can be seen in iiop tests of WildFly testsuite) when running with SM enabled.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list