Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.0.0.ER4
Affects Version/s: 7.0.0.ER1
Component/s: IIOP
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.0.0.GA
Workaround:

Workaround Exists
Workaround Description:

Hide

There is a property flag to allow subclass instantiations without the security check (jdk.corba.allowOutputStreamSubclass=true).

Show
There is a property flag to allow subclass instantiations without the security check (jdk.corba.allowOutputStreamSubclass=true).
Git Pull Request:
https://github.com/jbossas/jboss-eap7/pull/98

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Since JDK 7u25 version org.omg.CORBA_2_3.portable.Output/InputStream classes need extra permissions if Security Manager is enabled. Because of a previous vulnerability, it now checks SerializablePermission("enableSubclassImplementation"). There is a property flag to allow subclass instantiations without the security check (jdk.corba.allowOutputStreamSubclass=true), but this system property is subject to removal in the future Java releases, according to my findings.

At the moment, our IIOP code fails (can be seen in iiop tests of WildFly testsuite) when running with SM enabled.

blocks

JBEAP-971 Fix issues in tests with Security Manager

Closed

is cloned by

WFLY-5771 IIOP operations need SerializablePermission("enableSubclassImplementation")

Closed

is related to

JBEAP-1439 Tests from IIOP module fails with security manager

Closed

Assignee:: Ivo Studensky

Reporter:: Ivo Studensky

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2015/12/08 7:21 AM

Updated:: 2020/09/14 5:31 AM

Resolved:: 2015/12/21 4:23 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates