This class is not allowed to be serialized. Add package with 'org.apache.activemq.SERIALIZABLE_PACKAGES' system property

[sgjava <sg...@gmail.com>]

Failed to build body from content. Serializable class not available to
broker. Reason: java.lang.ClassNotFoundException: Forbidden class
com.bhn.services.dto.TuneToChannelDto! This class is not allowed to be
serialized. Add package with 'org.apache.activemq.SERIALIZABLE_PACKAGES'
system property.

I added
-Dorg.apache.activemq.SERIALIZABLE_PACKAGES="java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper,com.bhn.services.dto"
to argLine of maven-surefire-plugin, in the test itself, etc. and I still
get the same error.



--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/This-class-is-not-allowed-to-be-serialized-Add-package-with-org-apache-activemq-SERIALIZABLE-PACKAGEy-tp4677229.html
Sent from the TomEE Users mailing list archive at Nabble.com.

Re: This class is not allowed to be serialized. Add package with 'org.apache.activemq.SERIALIZABLE_PACKAGES' system property

[Steve Goldsmith <sg...@gmail.com>]

See http://activemq.apache.org/objectmessage.html. For tests using TomEE
embedded I use:

System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES",

"java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper,com.mycompany.myapp");

The same as the documentation and it works fine. I agree with Romain that *
is a security risk (even if that did work). As for lack of documentation
the link I provided above was enough for me. What else are you looking for?

On Sat, Jan 9, 2016 at 6:06 PM, Romain Manni-Bucau <rm...@gmail.com>
wrote:

> Setting it as system props on both sides work. It is impacting but for
> security.
> Le 9 janv. 2016 23:50, "Scott Lovenberg" <sc...@gmail.com> a
> écrit :
>
> > sgjava <sgjava <at> gmail.com> writes:
> >
> > >
> > > Answering my own question, this property must be set on client and
> > server.
> > >
> >
> > Hi!
> >
> > Any chance you remember where/how you set this?  My client and server are
> > on the same box/same JVM, but setting this as a karaf environment
> variable
> > gives me nothing, setting it via properties apparently won't be a thing
> > until 5.13.1 (not yet released as of 2016.01.09) and putting
> > "System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES","*");" in
> > both the client and the server's constructors has yielded no change in
> > behavior.
> >
> > As an aside; frankly, IMHO, this is breaking behavior for a point release
> > due to the lack of documentation and the fact that it's enabled by
> > default, in a core component, on a service that I already have to
> > authenticate with to connect to even within the same JVM.
> >
> >
>



-- 
Steven P. Goldsmith

Re: This class is not allowed to be serialized. Add package with 'org.apache.activemq.SERIALIZABLE_PACKAGES' system property

[Romain Manni-Bucau <rm...@gmail.com>]

Setting it as system props on both sides work. It is impacting but for
security.
Le 9 janv. 2016 23:50, "Scott Lovenberg" <sc...@gmail.com> a
écrit :

> sgjava <sgjava <at> gmail.com> writes:
>
> >
> > Answering my own question, this property must be set on client and
> server.
> >
>
> Hi!
>
> Any chance you remember where/how you set this?  My client and server are
> on the same box/same JVM, but setting this as a karaf environment variable
> gives me nothing, setting it via properties apparently won't be a thing
> until 5.13.1 (not yet released as of 2016.01.09) and putting
> "System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES","*");" in
> both the client and the server's constructors has yielded no change in
> behavior.
>
> As an aside; frankly, IMHO, this is breaking behavior for a point release
> due to the lack of documentation and the fact that it's enabled by
> default, in a core component, on a service that I already have to
> authenticate with to connect to even within the same JVM.
>
>

Re: This class is not allowed to be serialized. Add package with 'org.apache.activemq.SERIALIZABLE_PACKAGES' system property

[Scott Lovenberg <sc...@gmail.com>]

sgjava <sgjava <at> gmail.com> writes:

> 
> Answering my own question, this property must be set on client and 
server.
> 

Hi!

Any chance you remember where/how you set this?  My client and server are 
on the same box/same JVM, but setting this as a karaf environment variable 
gives me nothing, setting it via properties apparently won't be a thing 
until 5.13.1 (not yet released as of 2016.01.09) and putting 
"System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES","*");" in 
both the client and the server's constructors has yielded no change in 
behavior.  

As an aside; frankly, IMHO, this is breaking behavior for a point release 
due to the lack of documentation and the fact that it's enabled by 
default, in a core component, on a service that I already have to 
authenticate with to connect to even within the same JVM.  

Re: This class is not allowed to be serialized. Add package with 'org.apache.activemq.SERIALIZABLE_PACKAGES' system property

[sgjava <sg...@gmail.com>]

Answering my own question, this property must be set on client and server.



--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/This-class-is-not-allowed-to-be-serialized-Add-package-with-org-apache-activemq-SERIALIZABLE-PACKAGEy-tp4677229p4677230.html
Sent from the TomEE Users mailing list archive at Nabble.com.