You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Jean-Baptiste Onofré (Jira)" <ji...@apache.org> on 2021/03/24 10:39:00 UTC

[jira] [Resolved] (AMQ-7149) activemq-client using HTTP transport requires Stomp

     [ https://issues.apache.org/jira/browse/AMQ-7149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jean-Baptiste Onofré resolved AMQ-7149.
---------------------------------------
    Fix Version/s: 5.16.2
       Resolution: Fixed

> activemq-client using HTTP transport requires Stomp
> ---------------------------------------------------
>
>                 Key: AMQ-7149
>                 URL: https://issues.apache.org/jira/browse/AMQ-7149
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: JMS client, STOMP, Transport
>    Affects Versions: 5.14.6, 5.15.8, 5.15.9, 5.16.0
>            Reporter: Bruno Baptista
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>              Labels: httpclient, stomp
>             Fix For: 5.17.0, 5.16.2
>
>         Attachments: activemq.diff
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Both the Stomp and HTTP connectors use the XStream library for serializing and deserializing objects on the wire (to/from XML). The XStreamSupport class sets up XStream with some configuration on what classes can/can't be deserialized to prevent deserialization vulnerabilities.
>  
> In order to avoid duplicating that code, it was placed in the stomp module, and then referenced in the http module. This was introduced around 5.13. This can cause a client side class not found exception when using simple http communication:
>   
> {code:java}
> "Exception in thread "ActiveMQ Transport: HTTP Reader http://localhost:9090/" java.lang.NoClassDefFoundError: org/apache/activemq/transport/stomp/XStreamSupport
>         at org.apache.activemq.transport.xstream.XStreamWireFormat.createXStream(XStreamWireFormat.java:127)
>         at org.apache.activemq.transport.xstream.XStreamWireFormat.getXStream(XStreamWireFormat.java:113)
>         at org.apache.activemq.transport.xstream.XStreamWireFormat.unmarshalText(XStreamWireFormat.java:66)
>         at org.apache.activemq.transport.util.TextWireFormat.unmarshal(TextWireFormat.java:56)
>         at org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:199)
> ..."
> {code}
>  
> The proposed patch places the XStreamSupport class in activemq-client, thus correcting this issue without requiring the inclusion of the optional activemq-stomp library in the client.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)