You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2020/02/12 12:44:58 UTC
[activemq] branch master updated: [AMQ-7399]
org.apache.activemq.SERIALIZABLE_PACKAGES doesn't include java* by default
This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/activemq.git
The following commit(s) were added to refs/heads/master by this push:
new 097506a [AMQ-7399] org.apache.activemq.SERIALIZABLE_PACKAGES doesn't include java* by default
new ee16d9d Merge pull request #446 from jbonofre/AMQ-7399
097506a is described below
commit 097506a45837f55e4d010e4094d60a36f6672ebd
Author: jbonofre <jb...@apache.org>
AuthorDate: Fri Feb 7 10:50:52 2020 +0100
[AMQ-7399] org.apache.activemq.SERIALIZABLE_PACKAGES doesn't include java* by default
---
.../java/org/apache/activemq/transport/amqp/AmqpTestSupport.java | 1 +
.../src/test/java/org/apache/activemq/JmsQueueTransactionTest.java | 2 +-
.../test/java/org/apache/activemq/JmsTransactionTestSupport.java | 2 ++
.../apache/activemq/util/ClassLoadingAwareObjectInputStream.java | 3 +--
.../activemq/util/ClassLoadingAwareObjectInputStreamTest.java | 5 +++++
.../transport/http/HttpJMSMessagesWithCompressionTest.java | 2 ++
.../java/org/apache/activemq/ra/JmsXAQueueTransactionTest.java | 6 ++++++
.../org/apache/activemq/ra/JmsXARollback2CxTransactionTest.java | 1 +
.../src/test/java/org/apache/activemq/bugs/AMQ3537Test.java | 4 ++++
.../src/test/java/org/apache/activemq/joramtests/JoramJmsTest.java | 4 ++++
.../java/org/apache/activemq/usecases/ChangeSentMessageTest.java | 5 +++++
.../apache/activemq/usecases/ObjectMessageNotSerializableTest.java | 7 ++++---
assembly/src/release/bin/activemq | 3 ---
assembly/src/release/bin/env | 7 +++++++
14 files changed, 43 insertions(+), 9 deletions(-)
diff --git a/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java b/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java
index 69d1998..73a22cc 100644
--- a/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java
+++ b/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java
@@ -100,6 +100,7 @@ public class AmqpTestSupport {
@Before
public void setUp() throws Exception {
LOG.info("========== start " + getTestName() + " ==========");
+ System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util");
exceptions.clear();
startBroker();
diff --git a/activemq-broker/src/test/java/org/apache/activemq/JmsQueueTransactionTest.java b/activemq-broker/src/test/java/org/apache/activemq/JmsQueueTransactionTest.java
index c2e9510..2b0f4f3 100644
--- a/activemq-broker/src/test/java/org/apache/activemq/JmsQueueTransactionTest.java
+++ b/activemq-broker/src/test/java/org/apache/activemq/JmsQueueTransactionTest.java
@@ -108,7 +108,7 @@ public class JmsQueueTransactionTest extends JmsTransactionTestSupport {
*
* @throws Exception
*/
- public void testSendReceiveInSeperateSessionTest() throws Exception {
+ public void testSendReceiveInSeparatedSessionTest() throws Exception {
session.close();
int batchCount = 10;
diff --git a/activemq-broker/src/test/java/org/apache/activemq/JmsTransactionTestSupport.java b/activemq-broker/src/test/java/org/apache/activemq/JmsTransactionTestSupport.java
index 423f1ee..539a1e0 100644
--- a/activemq-broker/src/test/java/org/apache/activemq/JmsTransactionTestSupport.java
+++ b/activemq-broker/src/test/java/org/apache/activemq/JmsTransactionTestSupport.java
@@ -114,6 +114,7 @@ public abstract class JmsTransactionTestSupport extends TestSupport implements M
/**
*/
protected BrokerService createBroker() throws Exception, URISyntaxException {
+ System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util");
return BrokerFactory.createBroker(new URI("broker://()/localhost?persistent=false"));
}
@@ -569,6 +570,7 @@ public abstract class JmsTransactionTestSupport extends TestSupport implements M
}
public void testChangeMutableObjectInObjectMessageThenRollback() throws Exception {
+
ArrayList<String> list = new ArrayList<String>();
list.add("First");
Message outbound = session.createObjectMessage(list);
diff --git a/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java b/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java
index 0453939..95ad9ee 100644
--- a/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java
+++ b/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java
@@ -40,8 +40,7 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream {
private final ClassLoader inLoader;
static {
- serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES",
- "java.lang,javax.security,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(",");
+ serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES","org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(",");
}
public ClassLoadingAwareObjectInputStream(InputStream in) throws IOException {
diff --git a/activemq-client/src/test/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStreamTest.java b/activemq-client/src/test/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStreamTest.java
index e2e9c61..a30d813 100644
--- a/activemq-client/src/test/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStreamTest.java
+++ b/activemq-client/src/test/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStreamTest.java
@@ -35,6 +35,10 @@ import org.junit.rules.TestName;
public class ClassLoadingAwareObjectInputStreamTest {
+ static {
+ System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util");
+ }
+
private final String ACCEPTS_ALL_FILTER = "*";
private final String ACCEPTS_NONE_FILTER = "";
@@ -364,6 +368,7 @@ public class ClassLoadingAwareObjectInputStreamTest {
@Test
public void testReadObjectFailsWithUntrustedType() throws Exception {
+
byte[] serialized = serializeObject(new SimplePojo(name.getMethodName()));
try (ByteArrayInputStream input = new ByteArrayInputStream(serialized);
diff --git a/activemq-http/src/test/java/org/apache/activemq/transport/http/HttpJMSMessagesWithCompressionTest.java b/activemq-http/src/test/java/org/apache/activemq/transport/http/HttpJMSMessagesWithCompressionTest.java
index 559dfd1..a86c6c2 100644
--- a/activemq-http/src/test/java/org/apache/activemq/transport/http/HttpJMSMessagesWithCompressionTest.java
+++ b/activemq-http/src/test/java/org/apache/activemq/transport/http/HttpJMSMessagesWithCompressionTest.java
@@ -18,6 +18,7 @@
package org.apache.activemq.transport.http;
import java.net.URISyntaxException;
+import java.util.Arrays;
import java.util.concurrent.atomic.AtomicInteger;
import javax.jms.BytesMessage;
import javax.jms.Connection;
@@ -71,6 +72,7 @@ public class HttpJMSMessagesWithCompressionTest {
protected ConnectionFactory createConnectionFactory() throws URISyntaxException {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(getBrokerURL());
+ factory.setTrustedPackages(Arrays.asList("java.lang".split(",")));
return factory;
}
diff --git a/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXAQueueTransactionTest.java b/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXAQueueTransactionTest.java
index 2800de5..f55325e 100644
--- a/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXAQueueTransactionTest.java
+++ b/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXAQueueTransactionTest.java
@@ -43,6 +43,12 @@ public class JmsXAQueueTransactionTest extends JmsQueueTransactionTest {
private Xid xid;
@Override
+ protected void setUp() throws Exception {
+ System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util");
+ super.setUp();
+ }
+
+ @Override
protected BrokerService createBroker() throws Exception {
return BrokerFactory.createBroker(new URI("broker://()/localhost?persistent=false&useJmx=false"));
}
diff --git a/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXARollback2CxTransactionTest.java b/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXARollback2CxTransactionTest.java
index 81a995e..ba0201c 100644
--- a/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXARollback2CxTransactionTest.java
+++ b/activemq-ra/src/test/java/org/apache/activemq/ra/JmsXARollback2CxTransactionTest.java
@@ -59,6 +59,7 @@ public class JmsXARollback2CxTransactionTest extends JmsQueueTransactionTest {
@Override
protected void setUp() throws Exception {
LOG.info("Starting ----------------------------> {}", this.getName());
+ System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util");
super.setUp();
}
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ3537Test.java b/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ3537Test.java
index fe8e3fd..d3d6ebe 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ3537Test.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ3537Test.java
@@ -50,6 +50,10 @@ import org.junit.Test;
@SuppressWarnings({ "rawtypes", "unchecked" })
public class AMQ3537Test implements InvocationHandler, Serializable {
+ static {
+ System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util,org.apache.activemq.bugs");
+ }
+
private static final long serialVersionUID = 1L;
/**
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/joramtests/JoramJmsTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/joramtests/JoramJmsTest.java
index 00c5423..467e9e3 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/joramtests/JoramJmsTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/joramtests/JoramJmsTest.java
@@ -44,6 +44,10 @@ import org.objectweb.jtests.jms.conform.topic.TemporaryTopicTest;
*/
public class JoramJmsTest extends TestCase {
+ static {
+ System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util,java.lang");
+ }
+
public static Test suite() {
TestSuite suite = new TestSuite();
suite.addTestSuite(SelectorTest.class);
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ChangeSentMessageTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ChangeSentMessageTest.java
index 90dfa2d..0f7cd2b 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ChangeSentMessageTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ChangeSentMessageTest.java
@@ -32,6 +32,11 @@ import org.apache.activemq.test.TestSupport;
*
*/
public class ChangeSentMessageTest extends TestSupport {
+
+ static {
+ System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "java.util,java.lang");
+ }
+
private static final int COUNT = 200;
private static final String VALUE_NAME = "value";
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ObjectMessageNotSerializableTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ObjectMessageNotSerializableTest.java
index c9f0f53..5f02b0e 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ObjectMessageNotSerializableTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/usecases/ObjectMessageNotSerializableTest.java
@@ -56,13 +56,14 @@ public class ObjectMessageNotSerializableTest extends CombinationTestSupport {
}
protected void setUp() throws Exception {
+ System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "org.apache.activemq.usecases,java.util,java.lang");
exceptions.clear();
broker = createBroker();
}
- public void testSendNotSerializeableObjectMessage() throws Exception {
+ public void testSendNotSerializableObjectMessage() throws Exception {
- final ActiveMQDestination destination = new ActiveMQQueue("testQ");
+ final ActiveMQDestination destination = new ActiveMQQueue("testQ");
final MyObject obj = new MyObject("A message");
final CountDownLatch consumerStarted = new CountDownLatch(1);
@@ -129,7 +130,7 @@ public class ObjectMessageNotSerializableTest extends CombinationTestSupport {
assertTrue("no unexpected exceptions: " + exceptions, exceptions.isEmpty());
}
- public void testSendNotSerializeableObjectMessageOverTcp() throws Exception {
+ public void testSendNotSerializableObjectMessageOverTcp() throws Exception {
final ActiveMQDestination destination = new ActiveMQTopic("testTopic");
final MyObject obj = new MyObject("A message");
diff --git a/assembly/src/release/bin/activemq b/assembly/src/release/bin/activemq
index c8d7f03..4e86c99 100755
--- a/assembly/src/release/bin/activemq
+++ b/assembly/src/release/bin/activemq
@@ -40,9 +40,6 @@
#
# For more information on configuring the script, see http://activemq.apache.org/unix-shell-script.html
#
-#
-# Authors:
-# Marc Schoechlin <ms...@256bit.org>
# ------------------------------------------------------------------------
# IMPROVED DEBUGGING (execute with bash -x)
diff --git a/assembly/src/release/bin/env b/assembly/src/release/bin/env
index 400e9b8..947807b 100644
--- a/assembly/src/release/bin/env
+++ b/assembly/src/release/bin/env
@@ -113,3 +113,10 @@ ACTIVEMQ_USER=""
# (set JAVACMD to "auto" for automatic detection)
#JAVA_HOME=""
JAVACMD="auto"
+
+# Packages allowed for serialization (when used with ObjectMessage).
+# Packages set is limited to org.apache.activemmq, org.fusesource.hawtbuf and com.thoughtworks.xstream.mapper by default.
+# java* packages are excluded by default for security reason.
+#ACTIVEMQ_OPTS="-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper"
+# You have explicitely add java.lang, javax.security, and java.util packages and your own packages:
+#ACTIVEMQ_OPTS="-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=java.lang,javax.security,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper"