https://issues.apache.org/jira/browse/AMQ-6013 - init serializable packages statically

2015-10-20 12:30:46 +02:00 · 2015-10-20 12:30:46 +02:00 · 7eb9b218b2
parent e7a4b53f79
commit 7eb9b218b2
4 changed files with 12 additions and 19 deletions
--- a/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java
+++ b/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java
@ -34,10 +34,15 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream {
    private static final ClassLoader FALLBACK_CLASS_LOADER =
        ClassLoadingAwareObjectInputStream.class.getClassLoader();

-    private static String[] serializablePackages;
+    public static final String[] serializablePackages;

    private final ClassLoader inLoader;

+    static {
+        serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES",
+                    "java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(",");
+    }
+
    public ClassLoadingAwareObjectInputStream(InputStream in) throws IOException {
        super(in);
        inLoader = in.getClass().getClassLoader();
@ -83,24 +88,15 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream {
        }
    }

-    public static String[] getSerialziablePackages() {
-       if (serializablePackages == null) {
-           serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES",
-                       "java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(",");
-       }
-
-       return serializablePackages;
-    };
-
    public static boolean isAllAllowed() {
-        return getSerialziablePackages().length == 1 && getSerialziablePackages()[0].equals("*");
+        return serializablePackages.length == 1 && serializablePackages[0].equals("*");
    }

    private void checkSecurity(Class clazz) throws ClassNotFoundException {
        if (!clazz.isPrimitive()) {
            if (clazz.getPackage() != null && !isAllAllowed()) {
               boolean found = false;
-               for (String packageName : getSerialziablePackages()) {
+               for (String packageName : serializablePackages) {
                   if (clazz.getPackage().getName().equals(packageName) || clazz.getPackage().getName().startsWith(packageName + ".")) {
                       found = true;
                       break;
--- a/activemq-http/src/main/java/org/apache/activemq/transport/xstream/XStreamWireFormat.java
+++ b/activemq-http/src/main/java/org/apache/activemq/transport/xstream/XStreamWireFormat.java
@ -19,14 +19,11 @@ package org.apache.activemq.transport.xstream;
 import java.io.IOException;
 import java.io.Reader;

-<<<<<<< HEAD
-=======
 import com.thoughtworks.xstream.converters.Converter;
 import com.thoughtworks.xstream.converters.MarshallingContext;
 import com.thoughtworks.xstream.converters.UnmarshallingContext;
 import com.thoughtworks.xstream.io.HierarchicalStreamReader;
 import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
->>>>>>> a7e2a44... https://issues.apache.org/jira/browse/AMQ-6013 - restrict classes which can be serialized inside the broker
 import org.apache.activemq.command.MarshallAware;
 import org.apache.activemq.command.MessageDispatch;
 import org.apache.activemq.transport.stomp.XStreamSupport;
@ -102,7 +99,8 @@ public class XStreamWireFormat extends TextWireFormat {
    }

    // Properties
-    // -------------------------------------------------activemq-http/src/main/java/org/apache/activemq/transport/xstream/XStreamWireFormat.java
+    // -------------------------------------------------
+    public XStream getXStream() {
        if (xStream == null) {
            xStream = createXStream();
            // make it work in OSGi env
--- a/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/XStreamSupport.java
+++ b/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/XStreamSupport.java
@ -37,7 +37,7 @@ public class XStreamSupport {
        if (ClassLoadingAwareObjectInputStream.isAllAllowed()) {
            stream.addPermission(AnyTypePermission.ANY);
        } else {
-            for (String packageName : ClassLoadingAwareObjectInputStream.getSerialziablePackages()) {
+            for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) {
                stream.allowTypesByWildcard(new String[]{packageName + ".**"});
            }
        }
--- a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTestSupport.java
+++ b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTestSupport.java
@ -111,8 +111,7 @@ public class StompTestSupport {
    }

    public void startBroker() throws Exception {
-        System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "*");
-        createBroker(true);
+        createBroker();

        XStreamBrokerContext context = new XStreamBrokerContext();
        brokerService.setBrokerContext(context);