[jira] [Updated] (AMQ-9139) HTTP connector: ForbiddenClassException when InvalidClientIDException occurs

[Samuel Keusch (Jira)]

     [ 
https://issues.apache.org/jira/browse/AMQ-9139?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Samuel Keusch updated AMQ-9139:
-------------------------------
    Priority: Minor  (was: Major)

> HTTP connector: ForbiddenClassException when InvalidClientIDException occurs
> ----------------------------------------------------------------------------
>
>                 Key: AMQ-9139
>                 URL: https://issues.apache.org/jira/browse/AMQ-9139
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: JMS client, Transport
>    Affects Versions: 5.17.0
>            Reporter: Samuel Keusch
>            Priority: Minor
>
> When using the HTTP connector and a client with the same Client ID is already 
> connected, the following exception occurs:
> {code:java}
> 022-10-21 14:51:33,044 WARN  [ActiveMQ Transport: HTTP Reader 
> http://localhost:9980] 
> org.apache.activemq.transport.failover.FailoverTransport.handleTransportFailure(FailoverTransport.java:283)
>  - Transport (http://localhost:9980) failed, attempting to automatically 
> reconnect - MDC[]
> java.io.IOException: Failed to perform GET on: http://localhost:9980 Reason: 
> javax.jms.InvalidClientIDException
>     at 
> org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:36)
>     at 
> org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:205)
>     at java.base/java.lang.Thread.run(Thread.java:834)
> Caused by: com.thoughtworks.xstream.security.ForbiddenClassException: 
> javax.jms.InvalidClientIDException
>     at 
> com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
>     at 
> com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74)
>     at 
> com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125)
>     at 
> com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47)
>     at 
> com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.doUnmarshal(AbstractReflectionConverter.java:420)
>     at 
> com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.unmarshal(AbstractReflectionConverter.java:277)
>     at 
> com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:74)
>     at 
> com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:72)
>     at 
> com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:68)
>     at 
> com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:52)
>     at 
> com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:136)
>     at 
> com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
>     at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1421)
>     at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1399)
>     at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1284)
>     at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1275)
>     at 
> org.apache.activemq.transport.xstream.XStreamWireFormat.unmarshalText(XStreamWireFormat.java:65)
>     at 
> org.apache.activemq.transport.util.TextWireFormat.unmarshal(TextWireFormat.java:56)
>     at 
> org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:196)
>     ... 1 common frames omitted {code}
> In our case, whenever our consumer application is restarted, the consumer 
> application will face a _InvalidClientIDException_ until the previous 
> connection has been cleaned up by the broker (after 30seconds).
> But because of the {_}ForbiddenClassException{_}, the consumer application 
> can somehow not recover and will not attempt to reconnect until the client ID 
> is available.
> It leads to queues not being consumed, as the affected application is the 
> only consumer for certain queues.
>  
> I found AMQ-8381 which is very similar but affected another java package 
> (java.util).
> *Workaround / solution:*
> I believe the _javax.jms_ package should also be added to the allowed 
> packages list of xstream. This can be temporarily done with the following 
> code:
>  
> {code:java}
> static {
>   System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", 
> "java.lang,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper"/*default
>  value*/ + ",javax.jms"); 
> }{code}
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)