mirror of https://github.com/apache/activemq.git
https://issues.apache.org/jira/browse/AMQ-6013 - init serializable packages statically
This commit is contained in:
parent
490436c136
commit
e100638244
|
@ -34,10 +34,15 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream {
|
|||
private static final ClassLoader FALLBACK_CLASS_LOADER =
|
||||
ClassLoadingAwareObjectInputStream.class.getClassLoader();
|
||||
|
||||
private static String[] serializablePackages;
|
||||
public static final String[] serializablePackages;
|
||||
|
||||
private final ClassLoader inLoader;
|
||||
|
||||
static {
|
||||
serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES",
|
||||
"java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(",");
|
||||
}
|
||||
|
||||
public ClassLoadingAwareObjectInputStream(InputStream in) throws IOException {
|
||||
super(in);
|
||||
inLoader = in.getClass().getClassLoader();
|
||||
|
@ -83,24 +88,15 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream {
|
|||
}
|
||||
}
|
||||
|
||||
public static String[] getSerialziablePackages() {
|
||||
if (serializablePackages == null) {
|
||||
serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES",
|
||||
"java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(",");
|
||||
}
|
||||
|
||||
return serializablePackages;
|
||||
};
|
||||
|
||||
public static boolean isAllAllowed() {
|
||||
return getSerialziablePackages().length == 1 && getSerialziablePackages()[0].equals("*");
|
||||
return serializablePackages.length == 1 && serializablePackages[0].equals("*");
|
||||
}
|
||||
|
||||
private void checkSecurity(Class clazz) throws ClassNotFoundException {
|
||||
if (!clazz.isPrimitive()) {
|
||||
if (clazz.getPackage() != null && !isAllAllowed()) {
|
||||
boolean found = false;
|
||||
for (String packageName : getSerialziablePackages()) {
|
||||
for (String packageName : serializablePackages) {
|
||||
if (clazz.getPackage().getName().equals(packageName) || clazz.getPackage().getName().startsWith(packageName + ".")) {
|
||||
found = true;
|
||||
break;
|
||||
|
|
|
@ -37,7 +37,7 @@ public class XStreamSupport {
|
|||
if (ClassLoadingAwareObjectInputStream.isAllAllowed()) {
|
||||
stream.addPermission(AnyTypePermission.ANY);
|
||||
} else {
|
||||
for (String packageName : ClassLoadingAwareObjectInputStream.getSerialziablePackages()) {
|
||||
for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) {
|
||||
stream.allowTypesByWildcard(new String[]{packageName + ".**"});
|
||||
}
|
||||
}
|
||||
|
|
|
@ -119,7 +119,6 @@ public class StompTestSupport {
|
|||
}
|
||||
|
||||
public void startBroker() throws Exception {
|
||||
System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "*");
|
||||
createBroker(true);
|
||||
|
||||
XStreamBrokerContext context = new XStreamBrokerContext();
|
||||
|
|
Loading…
Reference in New Issue