[jira] [Work logged] (ARTEMIS-4763) properties config - support metrics plugin, conversion of .class for non string attributes and empty init

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4763?focusedWorklogId=918300&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-918300
 ]

ASF GitHub Bot logged work on ARTEMIS-4763:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 08/May/24 11:35
            Start Date: 08/May/24 11:35
    Worklog Time Spent: 10m 
      Work Description: cshannon commented on PR #4924:
URL: 
https://github.com/apache/activemq-artemis/pull/4924#issuecomment-2100376697

   @gtully - You are right that it may not help much in this case since it's 
server side config and if you have access to the file system to modify jars on 
the classpath or update the config you have already it's likely too late. This 
is different than the OpenWire CVE where a client could send in the malicious 
command so they did not need access. 
   
   I figured it was still worth bringing it up for discussion as I still think 
it's a good idea to play it safer and make it a bit more strict. There are also 
2 other nice things about adding a new interface and requiring a type besides 
security reasons that I think make it worthwhile.
   
   1. This makes validation a bit easier as requiring a specific type is a 
quick way to make sure someone didn't screw up the configuration and that the 
class used was intended.
   2. If desired, it allows requiring the implementations provide certain 
behavior by adding method signatures to the interface. This may not be required 
in this case but it's nice to have that option.




Issue Time Tracking
-------------------

    Worklog Id:     (was: 918300)
    Time Spent: 1h 10m  (was: 1h)

> properties config - support metrics plugin, conversion of .class for non 
> string attributes and empty init 
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-4763
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4763
>             Project: ActiveMQ Artemis
>          Issue Type: New Feature
>          Components: Configuration
>    Affects Versions: 2.33.0
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>            Priority: Major
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> the metrics plugin is not a broker plugin, so cannot be initialised via the 
> broker plugins collection. We can only add .class instances to collections.
> The metrics instance is an attribute that needs a class type argument on the 
> metrics configuration.
> supporting a conversion to any non string scalar type using a .class value 
> will work nicely.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)