You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Samuel Keusch (Jira)" <ji...@apache.org> on 2022/10/21 13:20:00 UTC

[jira] [Updated] (AMQ-9139) HTTP connector: ForbiddenClassException when InvalidClientIDException occurs

     [ https://issues.apache.org/jira/browse/AMQ-9139?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Samuel Keusch updated AMQ-9139:
-------------------------------
    Description: 
When using the HTTP connector and a client with the same Client ID is already connected, the following exception occurs:
{code:java}
022-10-21 14:51:33,044 WARN  [ActiveMQ Transport: HTTP Reader http://localhost:9980] org.apache.activemq.transport.failover.FailoverTransport.handleTransportFailure(FailoverTransport.java:283) - Transport (http://localhost:9980) failed, attempting to automatically reconnect - MDC[]
java.io.IOException: Failed to perform GET on: http://localhost:9980 Reason: javax.jms.InvalidClientIDException
    at org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:36)
    at org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:205)
    at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: com.thoughtworks.xstream.security.ForbiddenClassException: javax.jms.InvalidClientIDException
    at com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
    at com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74)
    at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125)
    at com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47)
    at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.doUnmarshal(AbstractReflectionConverter.java:420)
    at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.unmarshal(AbstractReflectionConverter.java:277)
    at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:74)
    at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:72)
    at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:68)
    at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:52)
    at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:136)
    at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
    at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1421)
    at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1399)
    at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1284)
    at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1275)
    at org.apache.activemq.transport.xstream.XStreamWireFormat.unmarshalText(XStreamWireFormat.java:65)
    at org.apache.activemq.transport.util.TextWireFormat.unmarshal(TextWireFormat.java:56)
    at org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:196)
    ... 1 common frames omitted {code}
In our case, whenever our consumer application is restarted, the consumer application will face a _InvalidClientIDException_ until the previous connection has been cleaned up by the broker (after 30seconds).

But because of the {_}ForbiddenClassException{_}, the consumer application can somehow not recover and will not attempt to reconnect until the client ID is available.

It leads to queues not being consumed, as the affected application is the only consumer for certain queues.

 

I found AMQ-8381 which is very similar but affected another java package (java.util).

*Workaround / solution:*
I believe the _javax.jms_ package should also be added to the allowed packages list of xstream. This can be temporarily done with the following code:

 
{code:java}
static {
  System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.lang,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper"/*default value*/ + ",javax.jms"); 
}{code}
 

 

 

  was:
When using the HTTP connector and a client with the same Client ID is already connected, the following exception occurs:

 

 
{code:java}
022-10-21 14:51:33,044 WARN  [ActiveMQ Transport: HTTP Reader http://localhost:9980] org.apache.activemq.transport.failover.FailoverTransport.handleTransportFailure(FailoverTransport.java:283) - Transport (http://localhost:9980) failed, attempting to automatically reconnect - MDC[]
java.io.IOException: Failed to perform GET on: http://localhost:9980 Reason: javax.jms.InvalidClientIDException
    at org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:36)
    at org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:205)
    at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: com.thoughtworks.xstream.security.ForbiddenClassException: javax.jms.InvalidClientIDException
    at com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
    at com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74)
    at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125)
    at com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47)
    at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.doUnmarshal(AbstractReflectionConverter.java:420)
    at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.unmarshal(AbstractReflectionConverter.java:277)
    at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:74)
    at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:72)
    at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:68)
    at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:52)
    at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:136)
    at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
    at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1421)
    at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1399)
    at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1284)
    at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1275)
    at org.apache.activemq.transport.xstream.XStreamWireFormat.unmarshalText(XStreamWireFormat.java:65)
    at org.apache.activemq.transport.util.TextWireFormat.unmarshal(TextWireFormat.java:56)
    at org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:196)
    ... 1 common frames omitted {code}
In our case, whenever our consumer application is restarted, the consumer will face a InvalidClientIDException until the previous connection has been cleaned up by the broker.

But because of the ForbiddenException, the consumer application can somehow not recover and will not attempting to reconnect until the client ID is available. It leads to queues not being consumed, as the affected application is the only consumer for certain queues.

 

I found AMQ-8381 which is about a similar bug in the past.

 

Workaround / solution:
I believethe _javax.jms_ package should also be added to the allowed packages list of xstream. This can be temporarily done with the following code:

 
{code:java}
static {
  System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.lang,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper"/*default value*/ + ",javax.jms"); }{code}
 

 

 


> HTTP connector: ForbiddenClassException when InvalidClientIDException occurs
> ----------------------------------------------------------------------------
>
>                 Key: AMQ-9139
>                 URL: https://issues.apache.org/jira/browse/AMQ-9139
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: JMS client, Transport
>    Affects Versions: 5.17.0
>            Reporter: Samuel Keusch
>            Priority: Major
>
> When using the HTTP connector and a client with the same Client ID is already connected, the following exception occurs:
> {code:java}
> 022-10-21 14:51:33,044 WARN  [ActiveMQ Transport: HTTP Reader http://localhost:9980] org.apache.activemq.transport.failover.FailoverTransport.handleTransportFailure(FailoverTransport.java:283) - Transport (http://localhost:9980) failed, attempting to automatically reconnect - MDC[]
> java.io.IOException: Failed to perform GET on: http://localhost:9980 Reason: javax.jms.InvalidClientIDException
>     at org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:36)
>     at org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:205)
>     at java.base/java.lang.Thread.run(Thread.java:834)
> Caused by: com.thoughtworks.xstream.security.ForbiddenClassException: javax.jms.InvalidClientIDException
>     at com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
>     at com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74)
>     at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125)
>     at com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47)
>     at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.doUnmarshal(AbstractReflectionConverter.java:420)
>     at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.unmarshal(AbstractReflectionConverter.java:277)
>     at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:74)
>     at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:72)
>     at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:68)
>     at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:52)
>     at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:136)
>     at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
>     at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1421)
>     at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1399)
>     at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1284)
>     at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1275)
>     at org.apache.activemq.transport.xstream.XStreamWireFormat.unmarshalText(XStreamWireFormat.java:65)
>     at org.apache.activemq.transport.util.TextWireFormat.unmarshal(TextWireFormat.java:56)
>     at org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:196)
>     ... 1 common frames omitted {code}
> In our case, whenever our consumer application is restarted, the consumer application will face a _InvalidClientIDException_ until the previous connection has been cleaned up by the broker (after 30seconds).
> But because of the {_}ForbiddenClassException{_}, the consumer application can somehow not recover and will not attempt to reconnect until the client ID is available.
> It leads to queues not being consumed, as the affected application is the only consumer for certain queues.
>  
> I found AMQ-8381 which is very similar but affected another java package (java.util).
> *Workaround / solution:*
> I believe the _javax.jms_ package should also be added to the allowed packages list of xstream. This can be temporarily done with the following code:
>  
> {code:java}
> static {
>   System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.lang,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper"/*default value*/ + ",javax.jms"); 
> }{code}
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)