Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-8117

VirtualSelectorCacheBrokerPlugin throws false positive exception

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 5.16.0, 5.15.12, 5.15.13, 5.15.14
    • Fix Version/s: 5.17.0, 5.15.16, 5.16.3
    • Component/s: Broker
    • Labels:
      None

      Description

      Dear,

      The VirtualSelectorCacheBrokerPlugin throws an error in the following method:

      if (!(desc.getName().equals("java.lang.String") || desc.getName().startsWith("java.util."))) {
       throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
       }
      

      This exception is thrown because there are some lines in the selector cache file that do not match the given "startsWith("java.util.")". The code will throw an exception because of the "[L" prefix in front of some java.util. elements in the file:

      My activemq.xml and file.data are attached to this ticket.

      The selector cache is working fine if I use ActiveMQ version 5.15.11 or below.

      I have tried to add jdk.serialFilters for the Concurrent Hashmap, like:

      wrapper.java.additional.13=-Djdk.serialFilter=java.util.** (wrapper.conf) and also tried to add this to the java security file, but that did not work.

      I hope this issue can be fixed or if it is not a bug, the documentation can be complemented with some notes on how to configure this filters the right way.

      Best regards,

      Joost

        Attachments

        1. file.data
          1.0 kB
          Joost
        2. activemq.xml
          6 kB
          Joost
        3. image-2021-01-07-09-36-50-044.png
          12 kB
          Joost

          Activity

            People

            • Assignee:
              jbonofre Jean-Baptiste Onofré
              Reporter:
              jvanc Joost
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h 40m
                1h 40m