svn commit: r1717180 - /ofbiz/trunk/build.xml

Author: jleroux
Date: Mon Nov 30 05:23:29 2015
New Revision: 1717180

URL: http://svn.apache.org/viewvc?rev=1717180&view=rev
Log:
Temporary workaround which should be used by anyone responsible for OFBiz security until OFBIZ-6568 is fixed. To get the contrast-rO0.jar see https://github.com/Contrast-Security-OSS/contrast-rO0

In r1717058 I missed to add start-batch-secure and both-secure

Modified:
    ofbiz/trunk/build.xml

Modified: ofbiz/trunk/build.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/build.xml?rev=1717180&r1=1717179&r2=1717180&view=diff
==============================================================================
--- ofbiz/trunk/build.xml (original)
+++ ofbiz/trunk/build.xml Mon Nov 30 05:23:29 2015
@@ -594,7 +594,7 @@ under the License.
         </java>
     </target>
     <target name="start-secure"
-            description="Start OFBiz same than start but pre-loading the contrast-rO0 lib (from OFBiz roo dir) to secure OFBiz from the deserialization issue">
+            description="Same than start but pre-loading the contrast-rO0 lib (from OFBiz roo dir) to secure OFBiz from the deserialization issue">
         <java jar="ofbiz.jar" fork="true">
             <jvmarg value="${memory.initial.param}"/>
             <jvmarg value="${memory.max.param}"/>
@@ -612,6 +612,16 @@ under the License.
             <arg value="-portoffset=${portoffset}"/>
         </java>
     </target>
+    <target name="start-batch-secure"
+        description="Same than start-batch but pre-loading the contrast-rO0 lib (from OFBiz roo dir) to secure OFBiz from the deserialization issue">
+        <java jar="ofbiz.jar" fork="true" spawn="true">
+            <jvmarg value="${memory.initial.param}"/>
+            <jvmarg value="${memory.max.param}"/>
+            <jvmarg value="-javaagent:${ofbiz.home.dir}/contrast-rO0.jar"/>
+            <arg value="start-batch"/>
+            <arg value="-portoffset=${portoffset}"/>
+        </java>
+    </target>
     <target name="start-debug"
             description="Start OFBiz in debugging mode. It uses the 8091 port by default. Use -Dportoffset=portNumber to shift all ports with the portNumber value.">
         <java jar="ofbiz.jar" fork="true">
@@ -641,6 +651,16 @@ under the License.
             <jvmarg value="${memory.max.param}"/>
             <arg value="both"/>
             <arg value="-portoffset=${portoffset}"/>
+        </java>
+    </target>
+    <target name="start-both-secure"
+        description="Same than start-pos but pre-loading the contrast-rO0 lib (from OFBiz roo dir) to secure OFBiz from the deserialization issue">
+        <java jar="ofbiz.jar" fork="true">
+            <jvmarg value="${memory.initial.param}"/>
+            <jvmarg value="-javaagent:${ofbiz.home.dir}/contrast-rO0.jar"/>
+            <jvmarg value="${memory.max.param}"/>
+            <arg value="both"/>
+            <arg value="-portoffset=${portoffset}"/>
         </java>
     </target>
     <target name="stop"