Nathan Jensen created LOGBACK-1347:
--------------------------------------
Summary: HardenedObjectInputStream can't handle multiple markers
Key: LOGBACK-1347
URL: https://jira.qos.ch/browse/LOGBACK-1347
Project: logback
Issue Type: Bug
Components: logback-classic, logback-core
Affects Versions: 1.2.0
Reporter: Nathan Jensen
Assignee: Logback dev list
I have an application that uses logback classic's SocketAppender to send events
to a separate logging process. The separate process is using logback classic's
ServerSocketReceiver and then tracks details about the events. With logback
1.2 it stopped working and the receiving process started outputting:
"java.io.InvalidClassException: Unauthorized deserialization attempt;
[Ljava.lang.Object;". Trying to track it down I finally found that it happened
when I had two or more Markers on the event. Specifically with code such as:
{code:java}
Marker marker = MarkerFactory.getDetachedMarker(processName);
marker.add(MarkerFactory.getMarker(priority));{code}
Tracing further, the error message comes from logback core's
HardenedObjectInputStream.resolveClass(ObjectStreamClass). The related class
HardenedLoggingEventInputStream has a whitelist of accepted classnames that
includes org.slf4j.helpers.BasicMarker but not Object[]. When the sending
application code calls BasicMarker.add(Marker), the BasicMarker will create a
new internal Vector. That Vector has the field elementData of type Object[]
which gets serialized in the sending process. Then the receiving process does
not accept Object[] during deserialization and produces the error above.
In short, I can't have two slf4j Markers on an event and send it across with
serialization with logback classic's SocketAppender and ServerSocketReceiver.
--
This message was sent by Atlassian JIRA
(v7.3.1#73012)
_______________________________________________
logback-dev mailing list
[email protected]
http://mailman.qos.ch/mailman/listinfo/logback-dev
