[
https://issues.apache.org/jira/browse/AMQ-8381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17420907#comment-17420907
]
Jean-Baptiste Onofré commented on AMQ-8381:
-------------------------------------------
That's normal, it's a limitation, fixed in 5.16.3. Did you test with 5.16.3 ?
By the way, I provided some details in this blog post:
[https://nanthrax.blogspot.com/2021/08/apache-activemq-5163-has-been-released.html]
See the section "Include java.util in the allowed package list".
You can always include the missing packages in the ALLOWED_PACKAGES env
variable used by ActiveMQ.
> com.thoughtworks.xstream.security.ForbiddenClassException
> ---------------------------------------------------------
>
> Key: AMQ-8381
> URL: https://issues.apache.org/jira/browse/AMQ-8381
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 5.16.2
> Environment: broker version : 5.16.2
> Server : CentOs
> Reporter: Pierre-Alexandre Mançaux
> Assignee: Jean-Baptiste Onofré
> Priority: Major
>
> +*Info*+
> broker version : 5.16.2
> Client: 5.16.1 (also test with 5.16.2)
>
> +*Cause*+
> after switching from tcp to https, sometimes we got exception like :
>
>
> {code:java}
> // code placeholder
> ---- Debugging information ----
> cause-exception :
> com.thoughtworks.xstream.security.ForbiddenClassException
> cause-message : java.io.IOException
> class : org.apache.activemq.command.ExceptionResponse
> required-type : org.apache.activemq.command.ExceptionResponse
> converter-type :
> com.thoughtworks.xstream.converters.reflection.ReflectionConverter
> path : /org.apache.activemq.command.ExceptionResponse/exception
> line number : 5
> version : 1.4.15
> -------------------------------
> at
> org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:34)
> at
> org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:205)
> at java.base/java.lang.Thread.run(Thread.java:829)
> Caused by: com.thoughtworks.xstream.converters.ConversionException:
> ---- Debugging information ----
> cause-exception :
> com.thoughtworks.xstream.security.ForbiddenClassException
> cause-message : java.io.IOException
> class : org.apache.activemq.command.ExceptionResponse
> required-type : org.apache.activemq.command.ExceptionResponse
> converter-type :
> com.thoughtworks.xstream.converters.reflection.ReflectionConverter
> path : /org.apache.activemq.command.ExceptionResponse/exception
> line number : 5
> version : 1.4.15
> -------------------------------
> at
> com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:77)
> at
> com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:72)
> at
> com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
> at
> com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50)
> at
> com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134)
> at
> com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
> at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1409)
> at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1388)
> at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1273)
> at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1264)
> at
> org.apache.activemq.transport.xstream.XStreamWireFormat.unmarshalText(XStreamWireFormat.java:66)
> at
> org.apache.activemq.transport.util.TextWireFormat.unmarshal(TextWireFormat.java:56)
> at
> org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:196)
> ... 1 common frames omitted
> Caused by: com.thoughtworks.xstream.security.ForbiddenClassException:
> java.io.IOException
> at
> com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
> at
> com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74)
> at
> com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125)
> at
> com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47)
> at
> com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.doUnmarshal(AbstractReflectionConverter.java:420)
> at
> com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.unmarshal(AbstractReflectionConverter.java:277)
> at
> com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
> ... 13 common frames omitted
> {code}
>
> It's not happening all the time, for now all is working good, but this random
> error can appear in production and no solution to resolve it.
>
> after talking with Justin Bertram on stackoverflow, he said to me :
>
> "It looks like XStream is trying to deal with an OpenWire
> {{org.apache.activemq.command.ExceptionResponse}} message which is coming
> from the broker. This message contains a serialized {{java.io.IOException}}
> and XStream fails to convert this as it is expecting an XML payload instead.
> That's why the exception says:
>
> {code:java}
> Caused by: com.thoughtworks.xstream.security.ForbiddenClassException:
> java.io.IOException{code}
>
> The {{ForbiddenClassException}} is the exception which XStream throws in
> response to the {{java.io.IOException}} which it can't convert.
> It's not clear what is triggering the {{java.io.IOException from broker"}}
>
>
> Does it possible to manage this type of exception?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
