Security error - Starting TomEE Plume 1.7.4

About

Asked 11/4, 2016 at 7:23 Answered 12/4, 2016 at 18:9

I downloaded the newest TomEE Plume 1.7.4 Version and tried to start it from inside IntelliJ IDEA 14 with what seems to me to be a normal server setup and I get a timeout error with the following error message repeatedly printed:

Apr 11, 2016 9:20:31 AM org.apache.openejb.server.ejbd.EjbDaemon service WARNUNG: "null OEJP/4.7" FAIL "Security error - [Ljava.net.URI; is not whitelisted as deserialisable, prevented before loading it." - Debug for StackTrace

I can start the server from normal shell, so seems related to the IDE. Anybody has any idea what the problem is?

Delta answered 11/4, 2016 at 7:23 Comment(0)

Newer versions of TomEE require configuring of whitelisting and blacklisting for Ejbd transport, which is covered here:

http://tomee.apache.org/ejbd-transport.html

conf/system.properties has the blacklist enabled by default

tomee.serialization.class.blacklist = *

... however it can be disabled by setting this value to "-"

tomee.serialization.class.blacklist = -

Braithwaite answered 12/4, 2016 at 18:9 Comment(2)

holy moly, that was it! – Delta 13/4, 2016 at 15:31

Kindly note there are some default blacklist values from 1.7.3 which the link goes into detail for, as this list was previously uneditable. If you just disable the blacklist you will be less secure than you started... Definitely go through that page to see what the old behavior was if that is desired behavior. – Braithwaite 20/4, 2016 at 17:20

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags