OFBiz OFBiz - Commits

svn commit: r1735570 - in /ofbiz/branches/release15.12: ./ framework/base/ framework/base/config/ framework/common/servicedef/ framework/service/ framework/start/src/org/ofbiz/base/start/

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
jleroux@apache.org
Reply | Threaded
Open this post in threaded view
|

svn commit: r1735570 - in /ofbiz/branches/release15.12: ./ framework/base/ framework/base/config/ framework/common/servicedef/ framework/service/ framework/start/src/org/ofbiz/base/start/

jleroux@apache.org
Author: jleroux
Date: Fri Mar 18 10:38:54 2016
New Revision: 1735570

URL: http://svn.apache.org/viewvc?rev=1735570&view=rev
Log:
"Applied fix from trunk for revision: 1735569  "
------------------------------------------------------------------------
r1735569 | jleroux | 2016-03-18 11:38:04 +0100 (ven. 18 mars 2016) | 3 lignes

Fixes "Comment out RMI related code because of the Java deserialization issue" - https://issues.apache.org/jira/browse/OFBIZ-6942

I decided to comment out as less as possible because once the RMI loaders, the RMI dispatcher and the related test services are off there is no RMI related danger left (test services are not a danger but would fail during tests run). It's then easier for users who need RMI in their projects to have only to uncomment those and not digg everywhere. Because the naming (JNDI) server relies on the rmi loader it will also be commented out.
------------------------------------------------------------------------


Modified:
    ofbiz/branches/release15.12/   (props changed)
    ofbiz/branches/release15.12/framework/base/config/ofbiz-containers.xml
    ofbiz/branches/release15.12/framework/base/ofbiz-component.xml
    ofbiz/branches/release15.12/framework/common/servicedef/services_test.xml
    ofbiz/branches/release15.12/framework/service/ofbiz-component.xml
    ofbiz/branches/release15.12/framework/start/src/org/ofbiz/base/start/both.properties

Propchange: ofbiz/branches/release15.12/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Mar 18 10:38:54 2016
@@ -9,4 +9,4 @@
 /ofbiz/branches/json-integration-refactoring:1634077-1635900
 /ofbiz/branches/multitenant20100310:921280-927264
 /ofbiz/branches/release13.07:1547657
-/ofbiz/trunk:1722712,1723007,1723248,1724402,1724411,1724566,1724689,1724763,1724916,1724918,1724925,1724930,1724940,1724943,1724946,1724951,1724957,1724975,1724978,1725006,1725217,1725257,1725561,1725574,1726388,1726486,1726493,1726828,1728398,1728411,1729005,1729078,1729609,1729809,1730035,1730456,1730735-1730736,1730747,1730758,1730882,1730889,1731382,1731396,1732454,1732570,1732721,1733951,1733956,1734246,1734269,1734276,1734912,1734918,1735244,1735385,1735398
+/ofbiz/trunk:1722712,1723007,1723248,1724402,1724411,1724566,1724689,1724763,1724916,1724918,1724925,1724930,1724940,1724943,1724946,1724951,1724957,1724975,1724978,1725006,1725217,1725257,1725561,1725574,1726388,1726486,1726493,1726828,1728398,1728411,1729005,1729078,1729609,1729809,1730035,1730456,1730735-1730736,1730747,1730758,1730882,1730889,1731382,1731396,1732454,1732570,1732721,1733951,1733956,1734246,1734269,1734276,1734912,1734918,1735244,1735385,1735398,1735569

Modified: ofbiz/branches/release15.12/framework/base/config/ofbiz-containers.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/release15.12/framework/base/config/ofbiz-containers.xml?rev=1735570&r1=1735569&r2=1735570&view=diff
==============================================================================
--- ofbiz/branches/release15.12/framework/base/config/ofbiz-containers.xml (original)
+++ ofbiz/branches/release15.12/framework/base/config/ofbiz-containers.xml Fri Mar 18 10:38:54 2016
@@ -21,8 +21,11 @@ under the License.
 <ofbiz-containers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/ofbiz-containers.xsd">
 
+    <!-- Because of the danger of Java deserialization when using RMI, we (PMC) have decided to comment out main RMI related code entries.
+         If you need RMI you just need to uncomment those places - See OFBIZ-6942 for details -->
     <!-- load the ofbiz component container (always first) -->
-    <container name="component-container" loaders="main,rmi,pos,load-data" class="org.ofbiz.base.container.ComponentContainer"/>
+    <!-- <container name="component-container" loaders="main,rmi,pos,load-data" class="org.ofbiz.base.container.ComponentContainer"/> -->
+    <container name="component-container" loaders="main,pos,load-data" class="org.ofbiz.base.container.ComponentContainer"/>
 
     <container name="component-container-test" loaders="test" class="org.ofbiz.base.container.ComponentContainer">
         <property name="ofbiz.instrumenterClassName" value="org.ofbiz.base.config.CoberturaInstrumenter"/>

Modified: ofbiz/branches/release15.12/framework/base/ofbiz-component.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/release15.12/framework/base/ofbiz-component.xml?rev=1735570&r1=1735569&r2=1735570&view=diff
==============================================================================
--- ofbiz/branches/release15.12/framework/base/ofbiz-component.xml (original)
+++ ofbiz/branches/release15.12/framework/base/ofbiz-component.xml Fri Mar 18 10:38:54 2016
@@ -33,11 +33,13 @@ under the License.
 
     <test-suite loader="main" location="testdef/basetests.xml"/>
 
+    <!-- Because of the danger of Java deserialization when using RMI, we (PMC) have decided to comment out main RMI related code entries.
+         If you need RMI you just need to uncomment those places - See OFBIZ-6942 for details -->
     <!-- load the naming (JNDI) server -->
-    <container name="naming-container" loaders="rmi" class="org.ofbiz.base.container.NamingServiceContainer">
+    <!-- <container name="naming-container" loaders="rmi" class="org.ofbiz.base.container.NamingServiceContainer">
         <property name="host" value="0.0.0.0"/>
         <property name="port" value="1099"/>
-    </container>
+    </container> -->
 
     <!-- load BeanShell remote telnet server -->
     <!-- Commented out by default for security reasons -->

Modified: ofbiz/branches/release15.12/framework/common/servicedef/services_test.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/release15.12/framework/common/servicedef/services_test.xml?rev=1735570&r1=1735569&r2=1735570&view=diff
==============================================================================
--- ofbiz/branches/release15.12/framework/common/servicedef/services_test.xml (original)
+++ ofbiz/branches/release15.12/framework/common/servicedef/services_test.xml Fri Mar 18 10:38:54 2016
@@ -47,15 +47,17 @@ under the License.
     <service name="testError" engine="java" export="true" validate="false" require-new-transaction="true" max-retry="1"
             location="org.ofbiz.common.CommonServices" invoke="returnErrorService">
     </service>
+    <!-- Because of the danger of Java deserialization when using RMI, we (PMC) have decided to comment out main RMI related code entries.
+         If you need RMI you just need to uncomment those places - See OFBIZ-6942 for details -->
     <!-- see serviceengine.xml to configure the rmi location alias -->
-    <service name="testRmi" engine="rmi" validate="false"
+    <!-- <service name="testRmi" engine="rmi" validate="false"
             location="main-rmi" invoke="testScv">
         <implements service="testScv"/>
     </service>
     <service name="testRmiFail" engine="rmi" validate="false"
             location="main-rmi" invoke="testBsh">
         <implements service="testScv"/>
-    </service>
+    </service> -->
 
     <service name="testRollback" engine="java" export="true" validate="false"
             location="org.ofbiz.common.CommonServices" invoke="testRollbackListener">

Modified: ofbiz/branches/release15.12/framework/service/ofbiz-component.xml
URL: http://svn.apache.org/viewvc/ofbiz/branches/release15.12/framework/service/ofbiz-component.xml?rev=1735570&r1=1735569&r2=1735570&view=diff
==============================================================================
--- ofbiz/branches/release15.12/framework/service/ofbiz-component.xml (original)
+++ ofbiz/branches/release15.12/framework/service/ofbiz-component.xml Fri Mar 18 10:38:54 2016
@@ -44,12 +44,17 @@ under the License.
     <keystore name="rmitrust" type="jks" password="changeit" is-truststore="true"
               is-certstore="false" loader="main" location="config/rmitrust.jks"/>
 
-    <container name="service-container" loaders="main,rmi,pos,load-data,test" class="org.ofbiz.service.ServiceContainer">
+    <!-- Because of the danger of Java deserialization when using RMI, we (PMC) have decided to comment out main RMI related code entries.
+         If you need RMI you just need to uncomment those places - See OFBIZ-6942 for details -->
+    <!-- <container name="service-container" loaders="main,rmi,pos,load-data,test" class="org.ofbiz.service.ServiceContainer"> -->
+    <container name="service-container" loaders="main,pos,load-data,test" class="org.ofbiz.service.ServiceContainer">
         <property name="dispatcher-factory" value="org.ofbiz.service.GenericDispatcherFactory"/>
     </container>
 
+    <!-- Because of the danger of Java deserialization when using RMI, we (PMC) have decided to comment out main RMI related code entries.
+         If you need RMI you just need to uncomment those places - See OFBIZ-6942 for details -->
     <!-- RMI Service Dispatcher -->
-    <container name="rmi-dispatcher" loaders="rmi" class="org.ofbiz.service.rmi.RmiServiceContainer">
+    <!-- <container name="rmi-dispatcher" loaders="rmi" class="org.ofbiz.service.rmi.RmiServiceContainer">
         <property name="bound-name" value="RMIDispatcher"/>
         <property name="bound-host" value="127.0.0.1"/>
         <property name="bound-port" value="1099"/>
@@ -61,7 +66,7 @@ under the License.
         <property name="ssl-keystore-pass" value="changeit"/>
         <property name="ssl-keystore-alias" value="rmissl"/>
         <property name="ssl-client-auth" value="false"/>
-    </container>
+    </container> -->
 
     <!-- JavaMail Listener Container - Triggers MCA Rules -->
     <!-- if delete-mail is set to true, will delete messages after fetching them. otherwise, will try to mark them as seen

Modified: ofbiz/branches/release15.12/framework/start/src/org/ofbiz/base/start/both.properties
URL: http://svn.apache.org/viewvc/ofbiz/branches/release15.12/framework/start/src/org/ofbiz/base/start/both.properties?rev=1735570&r1=1735569&r2=1735570&view=diff
==============================================================================
--- ofbiz/branches/release15.12/framework/start/src/org/ofbiz/base/start/both.properties (original)
+++ ofbiz/branches/release15.12/framework/start/src/org/ofbiz/base/start/both.properties Fri Mar 18 10:38:54 2016
@@ -35,7 +35,10 @@ ofbiz.start.loader1=org.ofbiz.base.splas
 
 # --- StartupLoader implementations to load (in order)
 ofbiz.start.loader2=org.ofbiz.base.container.ContainerLoader
-ofbiz.start.loader2.loaders=main,pos,rmi
+# Because of the danger of Java deserialization when using RMI, we (PMC) have decided to comment out main RMI related code entries.
+# If you need RMI you just need to uncomment those places - See OFBIZ-6942 for details -->
+#ofbiz.start.loader2.loaders=main,pos,rmi
+ofbiz.start.loader2.loaders=main,pos
 
 # -- Splash Logo
 ofbiz.start.splash.logo=framework/images/webapp/images/ofbiz_logo.gif


Free forum by Nabble Edit this page