GF Quicklook fails with JDK7U25 or later #14
Comments
|
@glassfishrobot Commented |
|
@glassfishrobot Commented To reproduce, remove that line from domain.xml. Once this issue is resolved, remove that line permanently from domain.xml. |
|
@glassfishrobot Commented |
|
@glassfishrobot Commented |
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Running GF Quicklook with JDK7U25 or later causes a test failure:
[testng] ===============================================
[testng] ejb_remoteview
[testng] Tests run: 3, Failures: 1, Skips: 2
[testng] ===============================================
To reproduce:
1. Unzip glassfish.zip from GF 4.0.1 (I assume GF 4.0 would fail too).
2. Remove the temporary workaround from the GF domain.xml file:
-Djdk.corba.allowOutputStreamSubclass=true
3. Run quicklook tests with JDK7U25 or later.
Quicklook output:
[testng] javax.naming.NamingException: Lookup failed for 'java:global/remoteview/HelloBean!remoteview.HelloHome' in Se
rialContext[myEnv=
{java.naming.factory.initial=com.sun.enterprise.naming.impl.SerialInitContextFactory, java.naming.facto ry.url.pkgs=com.sun.enterprise.naming, java.naming.factory.state=com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryI mpl}
[Root exception is javax.naming.NameNotFoundException: HelloBean!remoteview.HelloHome not found]
[testng] at com.sun.enterprise.naming.impl.SerialContext.lookup(SerialContext.java:491)
[testng] at com.sun.enterprise.naming.impl.SerialContext.lookup(SerialContext.java:438)
[testng] at javax.naming.InitialContext.lookup(InitialContext.java:411)
[testng] at test.ejb.remoteview.RemoteViewTestNG.helloRemote(RemoteViewTestNG.java:58)
[testng] Caused by: javax.naming.NameNotFoundException: HelloBean!remoteview.HelloHome not found
[testng] at com.sun.enterprise.naming.impl.TransientContext.doLookup(TransientContext.java:237)
[testng] at com.sun.enterprise.naming.impl.TransientContext.lookup(TransientContext.java:204)
[testng] at com.sun.enterprise.naming.impl.TransientContext.lookup(TransientContext.java:208)
[testng] at com.sun.enterprise.naming.impl.TransientContext.lookup(TransientContext.java:208)
[testng] at com.sun.enterprise.naming.impl.SerialContextProviderImpl.lookup(SerialContextProviderImpl.java:66)
[testng] at com.sun.enterprise.naming.impl.RemoteSerialContextProviderImpl.lookup(RemoteSerialContextProviderImpl.
java:109)
[testng] at com.sun.corba.ee.impl.presentation.rmi.ReflectiveTie.dispatchToMethod(ReflectiveTie.java:143)
[testng] at com.sun.corba.ee.impl.presentation.rmi.ReflectiveTie._invoke(ReflectiveTie.java:173)
[testng] at com.sun.corba.ee.impl.protocol.ServerRequestDispatcherImpl.dispatchToServant(ServerRequestDispatcherIm
pl.java:528)
[testng] at com.sun.corba.ee.impl.protocol.ServerRequestDispatcherImpl.dispatch(ServerRequestDispatcherImpl.java:1
99)
[testng] at com.sun.corba.ee.impl.protocol.MessageMediatorImpl.handleRequestRequest(MessageMediatorImpl.java:1549)
[testng] at com.sun.corba.ee.impl.protocol.MessageMediatorImpl.handleRequest(MessageMediatorImpl.java:1425)
[testng] at com.sun.corba.ee.impl.protocol.MessageMediatorImpl.handleInput(MessageMediatorImpl.java:930)
[testng] at com.sun.corba.ee.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:213)
[testng] at com.sun.corba.ee.impl.protocol.MessageMediatorImpl.handleRequest(MessageMediatorImpl.java:694)
[testng] at com.sun.corba.ee.impl.protocol.MessageMediatorImpl.dispatch(MessageMediatorImpl.java:496)
[testng] at com.sun.corba.ee.impl.protocol.MessageMediatorImpl.doWork(MessageMediatorImpl.java:2222)
[testng] at com.sun.corba.ee.impl.threadpool.ThreadPoolImpl$WorkerThread.performWork(ThreadPoolImpl.java:497)
[testng] at com.sun.corba.ee.impl.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:540)
[testng] ... Removed 26 stack frames
[testng] SKIPPED: nonPortableGlobal
[testng] SKIPPED: portableGlobal
[testng]
server.log output:
Caused by: java.rmi.RemoteException: ; nested exception is:
java.security.AccessControlException: access denied ("java.io.SerializablePermission" "enableSubclassImplementation")
at com.sun.enterprise.naming.impl.LocalSerialContextProviderImpl.lookup(LocalSerialContextProviderImpl.java:142)
at com.sun.enterprise.naming.impl.SerialContext.lookup(SerialContext.java:478)
... 93 more
Caused by: java.security.AccessControlException: access denied ("java.io.SerializablePermission" "enableSubclassImplementation")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at org.omg.CORBA_2_3.portable.OutputStream.checkPermission(OutputStream.java:65)
at org.omg.CORBA_2_3.portable.OutputStream.(OutputStream.java:81)
at com.sun.corba.ee.impl.encoding.CDROutputObject.(CDROutputObject.java:136)
at com.sun.corba.ee.impl.encoding.EncapsOutputStream.(EncapsOutputStream.java:97)
at com.sun.corba.ee.impl.encoding.EncapsOutputStream.(EncapsOutputStream.java:89)
at com.sun.corba.ee.impl.orb.ORBImpl.create_output_stream(ORBImpl.java:706)
at com.sun.corba.ee.impl.corba.AnyImpl.create_input_stream(AnyImpl.java:544)
at org.omg.CosTransactions.OTSPolicyValueHelper.extract(OTSPolicyValueHelper.java:25)
at com.sun.jts.pi.InterceptorImpl.send_request(InterceptorImpl.java:253)
at com.sun.corba.ee.impl.interceptors.InterceptorInvoker.invokeClientInterceptorStartingPoint(InterceptorInvoker.java:290)
at com.sun.corba.ee.impl.interceptors.PIHandlerImpl.invokeClientPIStartingPoint(PIHandlerImpl.java:378)
at com.sun.corba.ee.impl.protocol.ClientRequestDispatcherImpl.beginRequest(ClientRequestDispatcherImpl.java:324)
at com.sun.corba.ee.impl.protocol.ClientDelegateImpl.request(ClientDelegateImpl.java:227)
at com.sun.corba.ee.impl.protocol.ClientDelegateImpl.is_a(ClientDelegateImpl.java:392)
at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:130)
at org.omg.CosNaming.NamingContextHelper.narrow(NamingContextHelper.java:69)
at com.sun.jndi.cosnaming.CNCtx.callResolve(CNCtx.java:490)
at com.sun.jndi.cosnaming.CNCtx.lookup(CNCtx.java:541)
at com.sun.jndi.cosnaming.CNCtx.lookup(CNCtx.java:519)
at javax.naming.InitialContext.lookup(InitialContext.java:411)
at com.sun.enterprise.naming.util.IIOPObjectFactory.getObjectInstance(IIOPObjectFactory.java:71)
at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:321)
at com.sun.enterprise.naming.impl.LocalSerialContextProviderImpl.lookup(LocalSerialContextProviderImpl.java:133)
... 94 more
Here is some mail from the JDK sust team about changes to JDK7U25
we fixed a vulnerability in JDK code around the org.omg.CORBA_2_3.portable.OutputStream class (7u25 fix). Any code extending that class will now need extra permission check if a security manager is installed.
See following for references :
CCC request : http://ccc.us.oracle.com/8004625
Bug DB report : might not be visible if you can't view vulnerabilities :
https://bug.oraclecorp.com/pls/bug/webbug_print.show?c_rptno=14127656
changesets :
src change : http://closedjdk.us.oracle.com/jdk7u/jdk7u25/corba/rev/161ec4dd450d
test case : http://closedjdk.us.oracle.com/jdk7u/jdk7u25/jdk/test/closed/rev/44ba7a614c1e
As per CCC, there is a property flag is allow subclass instantiations without the security check (jdk.corba.allowOutputStreamSubclass=true)
We have added this property to the GF domain.xml file (domain.xml) as a temporary workaround to get QL to pass with JDK7U25 and JDK7U40.
-Djdk.corba.allowOutputStreamSubclass=true
When this issue is resolved, PLEASE remove those lines from the domain.xml file.
Environment
solaris, linux, mac, windows
The text was updated successfully, but these errors were encountered: