You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Pierre-Alexandre Mançaux (Jira)" <ji...@apache.org> on 2021/09/10 09:22:00 UTC

[jira] [Created] (AMQ-8381) com.thoughtworks.xstream.security.ForbiddenClassException

Pierre-Alexandre Mançaux created AMQ-8381:
---------------------------------------------

             Summary: com.thoughtworks.xstream.security.ForbiddenClassException
                 Key: AMQ-8381
                 URL: https://issues.apache.org/jira/browse/AMQ-8381
             Project: ActiveMQ
          Issue Type: Bug
          Components: Broker
    Affects Versions: 5.16.3, 5.16.2
         Environment: broker version : 5.16.2

Server : CentOs 
            Reporter: Pierre-Alexandre Mançaux


+*Info*+

broker version : 5.16.2

Client: 5.16.1 (also test with 5.16.2)

 

+*Cause*+

after switching from tcp to https, sometimes we got exception like  :

 

 
{code:java}
// code placeholder

---- Debugging information ----
cause-exception     : com.thoughtworks.xstream.security.ForbiddenClassException
cause-message       : java.io.IOException
class               : org.apache.activemq.command.ExceptionResponse
required-type       : org.apache.activemq.command.ExceptionResponse
converter-type      : 
com.thoughtworks.xstream.converters.reflection.ReflectionConverter
path                : /org.apache.activemq.command.ExceptionResponse/exception
line number         : 5
version             : 1.4.15
-------------------------------
    at org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:34)
    at org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:205)
    at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: com.thoughtworks.xstream.converters.ConversionException: 
---- Debugging information ----
cause-exception     : com.thoughtworks.xstream.security.ForbiddenClassException
cause-message       : java.io.IOException
class               : org.apache.activemq.command.ExceptionResponse
required-type       : org.apache.activemq.command.ExceptionResponse
converter-type      : com.thoughtworks.xstream.converters.reflection.ReflectionConverter
path                : /org.apache.activemq.command.ExceptionResponse/exception
line number         : 5
version             : 1.4.15
-------------------------------
    at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:77)
    at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:72)
    at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
    at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50)
    at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134)
    at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
    at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1409)
    at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1388)
    at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1273)
    at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1264)
    at org.apache.activemq.transport.xstream.XStreamWireFormat.unmarshalText(XStreamWireFormat.java:66)
    at org.apache.activemq.transport.util.TextWireFormat.unmarshal(TextWireFormat.java:56)
    at org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:196)
... 1 common frames omitted
Caused by: com.thoughtworks.xstream.security.ForbiddenClassException: java.io.IOException
   at com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
   at com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74)
   at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125)
   at com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47)
   at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.doUnmarshal(AbstractReflectionConverter.java:420)
   at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.unmarshal(AbstractReflectionConverter.java:277)
   at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
... 13 common frames omitted
{code}
 

It's not happening all the time, for now all is working good, but this random error can appear in production and no solution to resolve it.

 

after talking with Justin Bertram on stackoverflow, he said to me :

 

"It looks like XStream is trying to deal with an OpenWire {{org.apache.activemq.command.ExceptionResponse}} message which is coming from the broker. This message contains a serialized {{java.io.IOException}} and XStream fails to convert this as it is expecting an XML payload instead. That's why the exception says:

 

{{}}
{code:java}
Caused by: com.thoughtworks.xstream.security.ForbiddenClassException: java.io.IOException{code}
{{}}

 

The {{ForbiddenClassException}} is the exception which XStream throws in response to the {{java.io.IOException}} which it can't convert.

It's not clear what is triggering the {{java.io.IOException from broker"}}

 

 

Does it possible to manage this type of exception?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)