Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-8381

com.thoughtworks.xstream.security.ForbiddenClassException

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 5.16.2
    • None
    • Broker
    • None
    • broker version : 5.16.2

      Server : CentOs 

    Description

      Info

      broker version : 5.16.2

      Client: 5.16.1 (also test with 5.16.2)

       

      Cause

      after switching from tcp to https, sometimes we got exception like  :

       

       

      // code placeholder
      
      ---- Debugging information ----
      cause-exception     : com.thoughtworks.xstream.security.ForbiddenClassException
      cause-message       : java.io.IOException
      class               : org.apache.activemq.command.ExceptionResponse
      required-type       : org.apache.activemq.command.ExceptionResponse
      converter-type      : 
      com.thoughtworks.xstream.converters.reflection.ReflectionConverter
      path                : /org.apache.activemq.command.ExceptionResponse/exception
      line number         : 5
      version             : 1.4.15
      -------------------------------
          at org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:34)
          at org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:205)
          at java.base/java.lang.Thread.run(Thread.java:829)
      Caused by: com.thoughtworks.xstream.converters.ConversionException: 
      ---- Debugging information ----
      cause-exception     : com.thoughtworks.xstream.security.ForbiddenClassException
      cause-message       : java.io.IOException
      class               : org.apache.activemq.command.ExceptionResponse
      required-type       : org.apache.activemq.command.ExceptionResponse
      converter-type      : com.thoughtworks.xstream.converters.reflection.ReflectionConverter
      path                : /org.apache.activemq.command.ExceptionResponse/exception
      line number         : 5
      version             : 1.4.15
      -------------------------------
          at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:77)
          at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:72)
          at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
          at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50)
          at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134)
          at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
          at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1409)
          at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1388)
          at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1273)
          at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1264)
          at org.apache.activemq.transport.xstream.XStreamWireFormat.unmarshalText(XStreamWireFormat.java:66)
          at org.apache.activemq.transport.util.TextWireFormat.unmarshal(TextWireFormat.java:56)
          at org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:196)
      ... 1 common frames omitted
      Caused by: com.thoughtworks.xstream.security.ForbiddenClassException: java.io.IOException
         at com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
         at com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74)
         at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125)
         at com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47)
         at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.doUnmarshal(AbstractReflectionConverter.java:420)
         at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.unmarshal(AbstractReflectionConverter.java:277)
         at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
      ... 13 common frames omitted
      

       

      It's not happening all the time, for now all is working good, but this random error can appear in production and no solution to resolve it.

       

      after talking with Justin Bertram on stackoverflow, he said to me :

       

      "It looks like XStream is trying to deal with an OpenWire org.apache.activemq.command.ExceptionResponse message which is coming from the broker. This message contains a serialized java.io.IOException and XStream fails to convert this as it is expecting an XML payload instead. That's why the exception says:

       

      Caused by: com.thoughtworks.xstream.security.ForbiddenClassException: java.io.IOException

       

      The ForbiddenClassException is the exception which XStream throws in response to the java.io.IOException which it can't convert.

      It's not clear what is triggering the java.io.IOException from broker"

       

       

      Does it possible to manage this type of exception?

      Attachments

        Activity

          People

            jbonofre Jean-Baptiste Onofré
            palex2013 Pierre-Alexandre Mançaux
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: