[
https://issues.apache.org/jira/browse/AMQ-7149?focusedWorklogId=255104&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-255104
]
ASF GitHub Bot logged work on AMQ-7149:
---------------------------------------
Author: ASF GitHub Bot
Created on: 06/Jun/19 13:49
Start Date: 06/Jun/19 13:49
Worklog Time Spent: 10m
Work Description: jgallimore commented on pull request #365: AMQ-7149
Remove dependency activemq-http and activemq-stomp
URL: https://github.com/apache/activemq/pull/365
This PR moves `XStreamSupport` to `activemq-client`.
Currently this sits in `activemq-stomp`, thus requiring the ActiveMQ HTTP
client to require `activemq-stomp` module on its class path, even if the client
isn't using stomp.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 255104)
Time Spent: 10m
Remaining Estimate: 0h
> activemq-client using HTTP transport requires Stomp
> ---------------------------------------------------
>
> Key: AMQ-7149
> URL: https://issues.apache.org/jira/browse/AMQ-7149
> Project: ActiveMQ
> Issue Type: Bug
> Components: JMS client, stomp, Transport
> Affects Versions: 5.14.6, 5.16.0, 5.15.8, 5.15.9
> Reporter: Bruno Baptista
> Priority: Major
> Labels: httpclient, stomp
> Attachments: activemq.diff
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Both the Stomp and HTTP connectors use the XStream library for serializing
> and deserializing objects on the wire (to/from XML). The XStreamSupport class
> sets up XStream with some configuration on what classes can/can't be
> deserialized to prevent deserialization vulnerabilities.
>
> In order to avoid duplicating that code, it was placed in the stomp module,
> and then referenced in the http module. This was introduced around 5.13. This
> can cause a client side class not found exception when using simple http
> communication:
>
> {code:java}
> "Exception in thread "ActiveMQ Transport: HTTP Reader http://localhost:9090/";
> java.lang.NoClassDefFoundError:
> org/apache/activemq/transport/stomp/XStreamSupport
> at
> org.apache.activemq.transport.xstream.XStreamWireFormat.createXStream(XStreamWireFormat.java:127)
> at
> org.apache.activemq.transport.xstream.XStreamWireFormat.getXStream(XStreamWireFormat.java:113)
> at
> org.apache.activemq.transport.xstream.XStreamWireFormat.unmarshalText(XStreamWireFormat.java:66)
> at
> org.apache.activemq.transport.util.TextWireFormat.unmarshal(TextWireFormat.java:56)
> at
> org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:199)
> ..."
> {code}
>
> The proposed patch places the XStreamSupport class in activemq-client, thus
> correcting this issue without requiring the inclusion of the optional
> activemq-stomp library in the client.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
