| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2035135 | 1.4.0 | Peter Jones | P4 | Closed | Fixed | beta |
If a client makes a remote call to a server, sending instances of J2SE platform classes, and the client happens to have java.rmi.server.codebase set to something that the server does not have permission to connect to or read from, the remote call with fail with an UnmarshalException containing a ClassNotFoundException containing an AccessControlException (access denied). This is both nonintuitive and undesirable.
Here's a trivial example:
public class Test implements Test.Simple {
public interface Simple extends java.rmi.Remote {
public void foo(Object x) throws java.rmi.RemoteException;
}
public void foo(Object s) {
}
public static void main(String[] args) throws Exception {
System.setSecurityManager(new SecurityManager());
Simple s = (Simple)java.rmi.server.UnicastRemoteObject.exportObject(new Test());
s.foo(Boolean.TRUE);
}
}
Run this with only localhost connect permission granted, and java.rmi.server.codebase set to some file: URL.
Here's a trivial example:
public class Test implements Test.Simple {
public interface Simple extends java.rmi.Remote {
public void foo(Object x) throws java.rmi.RemoteException;
}
public void foo(Object s) {
}
public static void main(String[] args) throws Exception {
System.setSecurityManager(new SecurityManager());
Simple s = (Simple)java.rmi.server.UnicastRemoteObject.exportObject(new Test());
s.foo(Boolean.TRUE);
}
}
Run this with only localhost connect permission granted, and java.rmi.server.codebase set to some file: URL.
- backported by
-
JDK-2035135 codebase annotation of platform classes causes UnmarshalExceptions
-
- Closed
-
- duplicates
-
JDK-4353431 RMI java.lang.ClassNotFoundException
-
- Closed
-
- relates to
-
-
- Resolved
-
-
-
- Closed
-