https://issues.apache.org/jira/browse/AMQ-6013 - init serializable packages statically

2015-10-20 12:30:46 +02:00 · 2015-10-20 12:30:46 +02:00 · e100638244
parent 490436c136
commit e100638244
3 changed files with 9 additions and 14 deletions
--- a/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java
+++ b/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java
@ -34,10 +34,15 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream {
    private static final ClassLoader FALLBACK_CLASS_LOADER =
        ClassLoadingAwareObjectInputStream.class.getClassLoader();

-    private static String[] serializablePackages;
+    public static final String[] serializablePackages;

    private final ClassLoader inLoader;

+    static {
+        serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES",
+                    "java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(",");
+    }
+
    public ClassLoadingAwareObjectInputStream(InputStream in) throws IOException {
        super(in);
        inLoader = in.getClass().getClassLoader();
@ -83,24 +88,15 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream {
        }
    }

-    public static String[] getSerialziablePackages() {
-       if (serializablePackages == null) {
-           serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES",
-                       "java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(",");
-       }
-
-       return serializablePackages;
-    };
-
    public static boolean isAllAllowed() {
-        return getSerialziablePackages().length == 1 && getSerialziablePackages()[0].equals("*");
+        return serializablePackages.length == 1 && serializablePackages[0].equals("*");
    }

    private void checkSecurity(Class clazz) throws ClassNotFoundException {
        if (!clazz.isPrimitive()) {
            if (clazz.getPackage() != null && !isAllAllowed()) {
               boolean found = false;
-               for (String packageName : getSerialziablePackages()) {
+               for (String packageName : serializablePackages) {
                   if (clazz.getPackage().getName().equals(packageName) || clazz.getPackage().getName().startsWith(packageName + ".")) {
                       found = true;
                       break;
--- a/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/XStreamSupport.java
+++ b/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/XStreamSupport.java
@ -37,7 +37,7 @@ public class XStreamSupport {
        if (ClassLoadingAwareObjectInputStream.isAllAllowed()) {
            stream.addPermission(AnyTypePermission.ANY);
        } else {
-            for (String packageName : ClassLoadingAwareObjectInputStream.getSerialziablePackages()) {
+            for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) {
                stream.allowTypesByWildcard(new String[]{packageName + ".**"});
            }
        }
--- a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTestSupport.java
+++ b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTestSupport.java
@ -119,7 +119,6 @@ public class StompTestSupport {
    }

    public void startBroker() throws Exception {
-        System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "*");
        createBroker(true);

        XStreamBrokerContext context = new XStreamBrokerContext();