[AMQ-7149] activemq-client using HTTP transport requires Stomp - ASF JIRA

Agile Board

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 5.14.6, 5.15.8, 5.15.9, 5.16.0
Fix Version/s: 5.16.2, 5.17.0
Component/s: JMS client, STOMP, Transport
Labels:
- httpclient
- stomp

Patch Info:

Patch Available

Description

Both the Stomp and HTTP connectors use the XStream library for serializing and deserializing objects on the wire (to/from XML). The XStreamSupport class sets up XStream with some configuration on what classes can/can't be deserialized to prevent deserialization vulnerabilities.

In order to avoid duplicating that code, it was placed in the stomp module, and then referenced in the http module. This was introduced around 5.13. This can cause a client side class not found exception when using simple http communication:

"Exception in thread "ActiveMQ Transport: HTTP Reader http://localhost:9090/" java.lang.NoClassDefFoundError: org/apache/activemq/transport/stomp/XStreamSupport

        at org.apache.activemq.transport.xstream.XStreamWireFormat.createXStream(XStreamWireFormat.java:127)

        at org.apache.activemq.transport.xstream.XStreamWireFormat.getXStream(XStreamWireFormat.java:113)

        at org.apache.activemq.transport.xstream.XStreamWireFormat.unmarshalText(XStreamWireFormat.java:66)

        at org.apache.activemq.transport.util.TextWireFormat.unmarshal(TextWireFormat.java:56)

        at org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:199)

..."

The proposed patch places the XStreamSupport class in activemq-client, thus correcting this issue without requiring the inclusion of the optional activemq-stomp library in the client.