Hi,
Is there a way to disable stack traces being returned with the HTTP
Transport. Using 5.18.x I configure AMQ with <transportConnector
name="http" uri="http://localhost:12345"/
Then with curl if I post some XML data I get:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 500
com.thoughtworks.xstream.security.ForbiddenClassException:
jdk.nashorn.internal.objects.NativeString</title>
</head>
<body><h2>HTTP ERROR 500
com.thoughtworks.xstream.security.ForbiddenClassException:
jdk.nashorn.internal.objects.NativeString</h2>
<table>
<tr><th>URI:</th><td>/</td></tr>
<tr><th>STATUS:</th><td>500</td></tr>
<tr><th>MESSAGE:</th><td>com.thoughtworks.xstream.security.ForbiddenClassException:
jdk.nashorn.internal.objects.NativeString</td></tr>
<tr><th>SERVLET:</th><td>org.apache.activemq.transport.http.HttpTunnelServlet-1fdca564</td></tr>
<tr><th>CAUSED
BY:</th><td>com.thoughtworks.xstream.security.ForbiddenClassException:
jdk.nashorn.internal.objects.NativeString</td></tr>
</table>
<h3>Caused
by:</h3><pre>com.thoughtworks.xstream.security.ForbiddenClassException:
jdk.nashorn.internal.objects.NativeString
at
com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
etc.
It's a bad practice from a security point of view to return detailed
error messages to clients. I didn't see an obvious way of turning this
off though.
Colm.
