Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    RealtimeMessaging and ObjectMessage

    SmartClient Version: v11.1p_2017-10-18/Enterprise Deployment (built 2017-10-18)

    Hello, I've just upgraded my activeMQ broker (standalone version) which I use for realtime messaging to 5.14.5 version.
    I'm now trying to upgrade also the activemq jar deployed in my tomcat cluster where applications are deployed.
    But I got this exception from activeMQ:
    Code:
    2017-10-27 12:41:12,592 ERROR [claudio.bosticco@juventus.com 797] JMSMessageDispatcher Unable to deliver jms message
    javax.jms.JMSException: Failed to build body from content. Serializable class not available to broker. Reason: java.lang.ClassNotFoundException: Forbidden class org.apache.commons.collections4.map.LinkedMap! This class is not trusted to be serialized as ObjectMessage payload. Please take a look at http://activemq.apache.org/objectmessage.html for more information on how to configure trusted classes.
        at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:36)
        at org.apache.activemq.command.ActiveMQObjectMessage.getObject(ActiveMQObjectMessage.java:208)
        at com.isomorphic.messaging.JMSMessageDispatcher.iscMessage(JMSMessageDispatcher.java:463)
        at com.isomorphic.messaging.JMSMessageDispatcher$2.onMessage(JMSMessageDispatcher.java:271)
        at org.apache.activemq.ActiveMQMessageConsumer.dispatch(ActiveMQMessageConsumer.java:1401)
        at org.apache.activemq.ActiveMQSessionExecutor.dispatch(ActiveMQSessionExecutor.java:131)
        at org.apache.activemq.ActiveMQSessionExecutor.iterate(ActiveMQSessionExecutor.java:202)
        at org.apache.activemq.thread.PooledTaskRunner.runTask(PooledTaskRunner.java:133)
        at org.apache.activemq.thread.PooledTaskRunner$1.run(PooledTaskRunner.java:48)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
    Caused by: java.lang.ClassNotFoundException: Forbidden class org.apache.commons.collections4.map.LinkedMap! This class is not trusted to be serialized as ObjectMessage payload. Please take a look at http://activemq.apache.org/objectmessage.html for more information on how to configure trusted classes.
        at org.apache.activemq.util.ClassLoadingAwareObjectInputStream.checkSecurity(ClassLoadingAwareObjectInputStream.java:112)
        at org.apache.activemq.util.ClassLoadingAwareObjectInputStream.resolveClass(ClassLoadingAwareObjectInputStream.java:57)
        at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1612)
        at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1517)
        at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1771)
        at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1350)
        at java.io.ObjectInputStream.readObject(ObjectInputStream.java:370)
        at java.util.ArrayList.readObject(ArrayList.java:771)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1017)
        at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1893)
        at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1798)
        at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1350)
        at java.io.ObjectInputStream.readObject(ObjectInputStream.java:370)
        at org.apache.activemq.command.ActiveMQObjectMessage.getObject(ActiveMQObjectMessage.java:206)
        ... 10 more
    As they say in that linked page http://activemq.apache.org/objectmessage.html :
    Although ObjectMessage usage is generally discouraged, as it introduces coupling of class paths between producers and consumers, ActiveMQ supports them as part of the JMS specification.
    So I'm asking: what's your take about ObjectMessages ?
    Must I go ahead and explicitly whitelist packages like that of Collections4? Or it it possible to tell the RealtimeMessaging system not to use them?
    Last edited by claudiobosticco; 27 Oct 2017, 07:29.

    #2
    Presumably ActiveMQ is whining about this because they would prefer to see a XML or JSON message instead, since using Collections means that all servers need to have the Collections .jar.

    In this case this is clearly a ludicrous concern, so go ahead and configure ActiveMQ to allow these objects through.

    Comment

    Working...
    X