[jira] [Commented] (AMQ-8117) VirtualSelectorCacheBrokerPlugin throws false positive exception

Wed, 05 May 2021 11:57:05 -0700 


    [ 
https://issues.apache.org/jira/browse/AMQ-8117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17339850#comment-17339850
 ] 

simon nyborg valter commented on AMQ-8117:
------------------------------------------

 ConcurrentHashMap does write a Segments array once serialized and so getName 
would be  [Ljava.util.concurrent.ConcurrentHashMap$Segment;

my own quickfix i guess can just be to add

|| desc.getName().startsWith("[Ljava.util.")

 

but i wonder how come this is there in the first place and not just depending 
on what can be done via jdk.serialFilter as understand it was backported to 
java 6,7,8 and is pretty much the same or is the reason you have to support 
older jvm's ?

 

 

 

 

> VirtualSelectorCacheBrokerPlugin throws false positive exception
> ----------------------------------------------------------------
>
>                 Key: AMQ-8117
>                 URL: https://issues.apache.org/jira/browse/AMQ-8117
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.16.0, 5.15.12, 5.15.13, 5.15.14
>            Reporter: Joost
>            Assignee: Jean-Baptiste Onofré
>            Priority: Blocker
>             Fix For: 5.15.16, 5.16.3
>
>         Attachments: activemq.xml, file.data, 
> image-2021-01-07-09-36-50-044.png
>
>
> Dear,
> The VirtualSelectorCacheBrokerPlugin throws an error in the following method:
> {code:java}
> if (!(desc.getName().equals("java.lang.String") || 
> desc.getName().startsWith("java.util."))) {
>  throw new InvalidClassException("Unauthorized deserialization attempt", 
> desc.getName());
>  }
> {code}
> This exception is thrown because there are some lines in the selector cache 
> file that do not match the given "startsWith("java.util.")". The code will 
> throw an exception because of the "[L" prefix in front of some java.util. 
> elements in the file:
> !image-2021-01-07-09-36-50-044.png!
> My activemq.xml and file.data are attached to this ticket.
> The selector cache is working fine if I use ActiveMQ version 5.15.11 or below.
> I have tried to add jdk.serialFilters for the Concurrent Hashmap, like:
> wrapper.java.additional.13=-Djdk.serialFilter=java.util.** (wrapper.conf) and 
> also tried to add this to the java security file, but that did not work.
> I hope this issue can be fixed or if it is not a bug, the documentation can 
> be complemented with some notes on how to configure this filters the right 
> way.
> Best regards,
> Joost



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to