RealtimeMessaging and ObjectMessage

claudiobosticco

Registered Developer

Join Date: Sep 2008
Posts: 3091

RealtimeMessaging and ObjectMessage

27 Oct 2017, 03:00

SmartClient Version: v11.1p_2017-10-18/Enterprise Deployment (built 2017-10-18)

Hello, I've just upgraded my activeMQ broker (standalone version) which I use for realtime messaging to 5.14.5 version.
I'm now trying to upgrade also the activemq jar deployed in my tomcat cluster where applications are deployed.
But I got this exception from activeMQ:

Code:

2017-10-27 12:41:12,592 ERROR [claudio.bosticco@juventus.com 797] JMSMessageDispatcher Unable to deliver jms message
javax.jms.JMSException: Failed to build body from content. Serializable class not available to broker. Reason: java.lang.ClassNotFoundException: Forbidden class org.apache.commons.collections4.map.LinkedMap! This class is not trusted to be serialized as ObjectMessage payload. Please take a look at http://activemq.apache.org/objectmessage.html for more information on how to configure trusted classes.
    at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:36)
    at org.apache.activemq.command.ActiveMQObjectMessage.getObject(ActiveMQObjectMessage.java:208)
    at com.isomorphic.messaging.JMSMessageDispatcher.iscMessage(JMSMessageDispatcher.java:463)
    at com.isomorphic.messaging.JMSMessageDispatcher$2.onMessage(JMSMessageDispatcher.java:271)
    at org.apache.activemq.ActiveMQMessageConsumer.dispatch(ActiveMQMessageConsumer.java:1401)
    at org.apache.activemq.ActiveMQSessionExecutor.dispatch(ActiveMQSessionExecutor.java:131)
    at org.apache.activemq.ActiveMQSessionExecutor.iterate(ActiveMQSessionExecutor.java:202)
    at org.apache.activemq.thread.PooledTaskRunner.runTask(PooledTaskRunner.java:133)
    at org.apache.activemq.thread.PooledTaskRunner$1.run(PooledTaskRunner.java:48)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ClassNotFoundException: Forbidden class org.apache.commons.collections4.map.LinkedMap! This class is not trusted to be serialized as ObjectMessage payload. Please take a look at http://activemq.apache.org/objectmessage.html for more information on how to configure trusted classes.
    at org.apache.activemq.util.ClassLoadingAwareObjectInputStream.checkSecurity(ClassLoadingAwareObjectInputStream.java:112)
    at org.apache.activemq.util.ClassLoadingAwareObjectInputStream.resolveClass(ClassLoadingAwareObjectInputStream.java:57)
    at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1612)
    at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1517)
    at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1771)
    at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1350)
    at java.io.ObjectInputStream.readObject(ObjectInputStream.java:370)
    at java.util.ArrayList.readObject(ArrayList.java:771)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1017)
    at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1893)
    at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1798)
    at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1350)
    at java.io.ObjectInputStream.readObject(ObjectInputStream.java:370)
    at org.apache.activemq.command.ActiveMQObjectMessage.getObject(ActiveMQObjectMessage.java:206)
    ... 10 more

As they say in that linked page http://activemq.apache.org/objectmessage.html :

Although ObjectMessage usage is generally discouraged, as it introduces coupling of class paths between producers and consumers, ActiveMQ supports them as part of the JMS specification.

So I'm asking: what's your take about ObjectMessages ?
Must I go ahead and explicitly whitelist packages like that of Collections4? Or it it possible to tell the RealtimeMessaging system not to use them?

Last edited by claudiobosticco; 27 Oct 2017, 07:29.

Tags: None

Isomorphic

Administrator

Join Date: May 2006

Posts: 54650
#2

27 Oct 2017, 12:56

Presumably ActiveMQ is whining about this because they would prefer to see a XML or JSON message instead, since using Collections means that all servers need to have the Collections .jar.

In this case this is clearly a ludicrous concern, so go ahead and configure ActiveMQ to allow these objects through.
Comment

Previous template Next

Announcement

RealtimeMessaging and ObjectMessage

Comment