activemq的ObjectMessage的安全問題

zhumeilu發表於2018-04-22
MQObject

在使用activemq的物件訊息ObjectMessage的時候,報了一個錯誤,在對獲得的物件進行強轉的時候,

javax.jms.JMSException: Failed to build body from content. Serializable class not available to broker. Reason: java.lang.ClassNotFoundException: Forbidden class com.ssp.common.tools.CommonObjectMessage! This class is not trusted to be serialized as ObjectMessage payload. Please take a look at http://activemq.apache.org/objectmessage.html for more information on how to configure trusted classes.
    at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:36)
    at org.apache.activemq.command.ActiveMQObjectMessage.getObject(ActiveMQObjectMessage.java:208)
複製程式碼

在網上搜尋的解決方案:

將ActiveMQConnectionFactory注入兩個引數中的其中一個就行

<property name="trustedPackages">
	<list>
		<value>org.apache.activemq.test</value>
		<value>org.apache.camel.test</value>
	</list>
</property>
<property name="trustAllPackages" value="true"></property>
	
複製程式碼

用的activemq-all版本是5.11.3,嘗試注入上述的兩個引數,進入ActiveMQConnectionFactory這個類裡面發現並沒有上述的兩個物件.然後將activemq-all版本換成5.14.2,問題解決.

相關文章