Joost van Crugten created AMQ-8117:
--------------------------------------
Summary: VirtualSelectorCacheBrokerPlugin throws false positive
exception
Key: AMQ-8117
URL: https://issues.apache.org/jira/browse/AMQ-8117
Project: ActiveMQ
Issue Type: Bug
Components: Broker
Affects Versions: 5.15.14, 5.15.13, 5.15.12, 5.16.0
Reporter: Joost van Crugten
Attachments: activemq.xml, file.data, image-2021-01-07-09-36-50-044.png
Dear,
The VirtualSelectorCacheBrokerPlugin throws an error in the following method:
{code:java}
if (!(desc.getName().equals("java.lang.String") ||
desc.getName().startsWith("java.util."))) {
throw new InvalidClassException("Unauthorized deserialization attempt",
desc.getName());
}
{code}
This exception is thrown because there are some lines in the selector cache
file that do not match the given "startsWith("java.util.")". The code will
throw an exception because of the "[L" prefix in front of some java.util.
elements in the file:
!image-2021-01-07-09-36-50-044.png!
My activemq.xml and file.data are attached to this ticket.
The selector cache is working fine if I use ActiveMQ version 5.15.11 or below.
I have tried to add jdk.serialFilters for the Concurrent Hashmap, like:
wrapper.java.additional.13=-Djdk.serialFilter=java.util.** (wrapper.conf) and
also tried to add this to the java security file, but that did not work.
I hope this issue can be fixed or if it is not a bug, the documentation can be
complemented with some notes on how to configure this filters the right way.
Best regards,
Joost
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
