diff --git a/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java b/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java index 74dcdf8e89..f8a7d0c2f7 100644 --- a/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java +++ b/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java @@ -21,6 +21,9 @@ import java.io.InputStream; import java.io.ObjectInputStream; import java.io.ObjectStreamClass; import java.lang.reflect.Proxy; +import java.util.Arrays; +import java.util.Collection; +import java.util.Map; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -31,6 +34,8 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream { private static final ClassLoader FALLBACK_CLASS_LOADER = ClassLoadingAwareObjectInputStream.class.getClassLoader(); + private static String[] serializablePackages; + private final ClassLoader inLoader; public ClassLoadingAwareObjectInputStream(InputStream in) throws IOException { @@ -41,7 +46,9 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream { @Override protected Class resolveClass(ObjectStreamClass classDesc) throws IOException, ClassNotFoundException { ClassLoader cl = Thread.currentThread().getContextClassLoader(); - return load(classDesc.getName(), cl, inLoader); + Class clazz = load(classDesc.getName(), cl, inLoader); + checkSecurity(clazz); + return clazz; } @Override @@ -52,21 +59,58 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream { cinterfaces[i] = load(interfaces[i], cl); } + Class clazz = null; try { - return Proxy.getProxyClass(cl, cinterfaces); + clazz = Proxy.getProxyClass(cl, cinterfaces); } catch (IllegalArgumentException e) { try { - return Proxy.getProxyClass(inLoader, cinterfaces); + clazz = Proxy.getProxyClass(inLoader, cinterfaces); } catch (IllegalArgumentException e1) { // ignore } try { - return Proxy.getProxyClass(FALLBACK_CLASS_LOADER, cinterfaces); + clazz = Proxy.getProxyClass(FALLBACK_CLASS_LOADER, cinterfaces); } catch (IllegalArgumentException e2) { // ignore } + } - throw new ClassNotFoundException(null, e); + if (clazz != null) { + checkSecurity(clazz); + return clazz; + } else { + throw new ClassNotFoundException(null); + } + } + + public static String[] getSerialziablePackages() { + if (serializablePackages == null) { + serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", + "java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(","); + } + + return serializablePackages; + }; + + public static boolean isAllAllowed() { + return getSerialziablePackages().length == 1 && getSerialziablePackages()[0].equals("*"); + } + + private void checkSecurity(Class clazz) throws ClassNotFoundException { + if (!clazz.isPrimitive()) { + if (clazz.getPackage() != null && !isAllAllowed()) { + boolean found = false; + for (String packageName : getSerialziablePackages()) { + if (clazz.getPackage().getName().equals(packageName) || clazz.getPackage().getName().startsWith(packageName + ".")) { + found = true; + break; + } + } + + if (!found) { + throw new ClassNotFoundException("Forbidden " + clazz + "! This class is not allowed to be serialized. Add package with 'org.apache.activemq.SERIALIZABLE_PACKAGES' system property."); + } + } } } diff --git a/activemq-http/src/main/java/org/apache/activemq/transport/xstream/XStreamWireFormat.java b/activemq-http/src/main/java/org/apache/activemq/transport/xstream/XStreamWireFormat.java index 179f90d99b..7174fdf17a 100755 --- a/activemq-http/src/main/java/org/apache/activemq/transport/xstream/XStreamWireFormat.java +++ b/activemq-http/src/main/java/org/apache/activemq/transport/xstream/XStreamWireFormat.java @@ -20,13 +20,13 @@ import java.io.IOException; import java.io.Reader; import com.thoughtworks.xstream.converters.Converter; -import com.thoughtworks.xstream.converters.ConverterLookup; import com.thoughtworks.xstream.converters.MarshallingContext; import com.thoughtworks.xstream.converters.UnmarshallingContext; import com.thoughtworks.xstream.io.HierarchicalStreamReader; import com.thoughtworks.xstream.io.HierarchicalStreamWriter; import org.apache.activemq.command.MarshallAware; import org.apache.activemq.command.MessageDispatch; +import org.apache.activemq.transport.stomp.XStreamSupport; import org.apache.activemq.transport.util.TextWireFormat; import org.apache.activemq.util.ByteSequence; import org.apache.activemq.wireformat.WireFormat; @@ -117,7 +117,7 @@ public class XStreamWireFormat extends TextWireFormat { // Implementation methods // ------------------------------------------------------------------------- protected XStream createXStream() { - final XStream xstream = new XStream(); + final XStream xstream = XStreamSupport.createXStream(); xstream.ignoreUnknownElements(); xstream.registerConverter(new Converter() { final Converter delegate = xstream.getConverterLookup().lookupConverterForType(ByteSequence.class); diff --git a/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/JmsFrameTranslator.java b/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/JmsFrameTranslator.java index 3525b23305..35041822f2 100644 --- a/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/JmsFrameTranslator.java +++ b/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/JmsFrameTranslator.java @@ -91,7 +91,7 @@ public class JmsFrameTranslator extends LegacyFrameTranslator implements BrokerC msg = createMapMessage(in); break; default: - throw new Exception("Unkown transformation: " + transformation); + throw new Exception("Unknown transformation: " + transformation); } } catch (Throwable e) { command.getHeaders().put(Headers.TRANSFORMATION_ERROR, e.getMessage()); @@ -254,7 +254,7 @@ public class JmsFrameTranslator extends LegacyFrameTranslator implements BrokerC } if (xstream == null) { - xstream = new XStream(); + xstream = XStreamSupport.createXStream(); xstream.ignoreUnknownElements(); } diff --git a/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/XStreamSupport.java b/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/XStreamSupport.java new file mode 100644 index 0000000000..94ae7b71d8 --- /dev/null +++ b/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/XStreamSupport.java @@ -0,0 +1,47 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.transport.stomp; + +import com.thoughtworks.xstream.XStream; +import com.thoughtworks.xstream.security.AnyTypePermission; +import com.thoughtworks.xstream.security.NoTypePermission; +import com.thoughtworks.xstream.security.PrimitiveTypePermission; +import org.apache.activemq.util.ClassLoadingAwareObjectInputStream; + +import java.util.Collection; +import java.util.Map; + +public class XStreamSupport { + + public static XStream createXStream() { + XStream stream = new XStream(); + stream.addPermission(NoTypePermission.NONE); + stream.addPermission(PrimitiveTypePermission.PRIMITIVES); + stream.allowTypeHierarchy(Collection.class); + stream.allowTypeHierarchy(Map.class); + stream.allowTypes(new Class[]{String.class}); + if (ClassLoadingAwareObjectInputStream.isAllAllowed()) { + stream.addPermission(AnyTypePermission.ANY); + } else { + for (String packageName : ClassLoadingAwareObjectInputStream.getSerialziablePackages()) { + stream.allowTypesByWildcard(new String[]{packageName + ".**"}); + } + } + return stream; + } + +} diff --git a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTestSupport.java b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTestSupport.java index e0db6d98b7..3e1aa94e4c 100644 --- a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTestSupport.java +++ b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTestSupport.java @@ -119,7 +119,7 @@ public class StompTestSupport { } public void startBroker() throws Exception { - + System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "*"); createBroker(true); XStreamBrokerContext context = new XStreamBrokerContext(); diff --git a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/util/XStreamBrokerContext.java b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/util/XStreamBrokerContext.java index 2b1243e75c..56482253ed 100644 --- a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/util/XStreamBrokerContext.java +++ b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/util/XStreamBrokerContext.java @@ -23,6 +23,7 @@ import org.apache.activemq.broker.BrokerContext; import org.apache.activemq.transport.stomp.SamplePojo; import com.thoughtworks.xstream.XStream; +import org.apache.activemq.transport.stomp.XStreamSupport; public class XStreamBrokerContext implements BrokerContext { @@ -30,7 +31,7 @@ public class XStreamBrokerContext implements BrokerContext { public XStreamBrokerContext() { - XStream stream = new XStream(); + XStream stream = XStreamSupport.createXStream(); stream.processAnnotations(SamplePojo.class); beansMap.put("xstream", stream); diff --git a/activemq-web/src/main/java/org/apache/activemq/web/MessageQuery.java b/activemq-web/src/main/java/org/apache/activemq/web/MessageQuery.java index 040fb60ad8..e416e52adf 100644 --- a/activemq-web/src/main/java/org/apache/activemq/web/MessageQuery.java +++ b/activemq-web/src/main/java/org/apache/activemq/web/MessageQuery.java @@ -81,9 +81,9 @@ public class MessageQuery extends QueueBrowseQuery { if (message instanceof ObjectMessage) { try { return ((ObjectMessage) message).getObject(); - } catch (JMSException e) { + } catch (Exception e) { //message could not be parsed, make the reason available - return e; + return new String("Cannot display ObjectMessage body. Reason: " + e.getMessage()); } } if (message instanceof MapMessage) {