[AMQ-8117] VirtualSelectorCacheBrokerPlugin throws false positive exception - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 5.16.0, 5.15.12, 5.15.13, 5.15.14
Fix Version/s: 5.15.16, 5.16.3, 5.17.0
Component/s: Broker
Labels:
None

Description

Dear,

The VirtualSelectorCacheBrokerPlugin throws an error in the following method:

if (!(desc.getName().equals("java.lang.String") || desc.getName().startsWith("java.util."))) {
 throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
 }

This exception is thrown because there are some lines in the selector cache file that do not match the given "startsWith("java.util.")". The code will throw an exception because of the "[L" prefix in front of some java.util. elements in the file:

My activemq.xml and file.data are attached to this ticket.

The selector cache is working fine if I use ActiveMQ version 5.15.11 or below.

I have tried to add jdk.serialFilters for the Concurrent Hashmap, like:

wrapper.java.additional.13=-Djdk.serialFilter=java.util.** (wrapper.conf) and also tried to add this to the java security file, but that did not work.

I hope this issue can be fixed or if it is not a bug, the documentation can be complemented with some notes on how to configure this filters the right way.

Best regards,

Joost

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

image-2021-01-07-09-36-50-044.png
07/Jan/21 08:36
12 kB
Joost
file.data
07/Jan/21 08:30
1.0 kB
Joost
activemq.xml
07/Jan/21 08:30
6 kB
Joost

Activity

People

Assignee:: Jean-Baptiste Onofré

Reporter:: Joost

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 07/Jan/21 08:42

Updated:: 04/Jun/21 08:28

Resolved:: 04/Jun/21 04:17

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 40m