From e100638244c4ca5eb2a1f16bcdc671c9859c2694 Mon Sep 17 00:00:00 2001 From: Dejan Bosanac Date: Tue, 20 Oct 2015 12:30:46 +0200 Subject: [PATCH] https://issues.apache.org/jira/browse/AMQ-6013 - init serializable packages statically --- .../ClassLoadingAwareObjectInputStream.java | 20 ++++++++----------- .../transport/stomp/XStreamSupport.java | 2 +- .../transport/stomp/StompTestSupport.java | 1 - 3 files changed, 9 insertions(+), 14 deletions(-) diff --git a/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java b/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java index f8a7d0c2f7..645a47dd0c 100644 --- a/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java +++ b/activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java @@ -34,10 +34,15 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream { private static final ClassLoader FALLBACK_CLASS_LOADER = ClassLoadingAwareObjectInputStream.class.getClassLoader(); - private static String[] serializablePackages; + public static final String[] serializablePackages; private final ClassLoader inLoader; + static { + serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", + "java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(","); + } + public ClassLoadingAwareObjectInputStream(InputStream in) throws IOException { super(in); inLoader = in.getClass().getClassLoader(); @@ -83,24 +88,15 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream { } } - public static String[] getSerialziablePackages() { - if (serializablePackages == null) { - serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", - "java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(","); - } - - return serializablePackages; - }; - public static boolean isAllAllowed() { - return getSerialziablePackages().length == 1 && getSerialziablePackages()[0].equals("*"); + return serializablePackages.length == 1 && serializablePackages[0].equals("*"); } private void checkSecurity(Class clazz) throws ClassNotFoundException { if (!clazz.isPrimitive()) { if (clazz.getPackage() != null && !isAllAllowed()) { boolean found = false; - for (String packageName : getSerialziablePackages()) { + for (String packageName : serializablePackages) { if (clazz.getPackage().getName().equals(packageName) || clazz.getPackage().getName().startsWith(packageName + ".")) { found = true; break; diff --git a/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/XStreamSupport.java b/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/XStreamSupport.java index 94ae7b71d8..abcca72a75 100644 --- a/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/XStreamSupport.java +++ b/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/XStreamSupport.java @@ -37,7 +37,7 @@ public class XStreamSupport { if (ClassLoadingAwareObjectInputStream.isAllAllowed()) { stream.addPermission(AnyTypePermission.ANY); } else { - for (String packageName : ClassLoadingAwareObjectInputStream.getSerialziablePackages()) { + for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) { stream.allowTypesByWildcard(new String[]{packageName + ".**"}); } } diff --git a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTestSupport.java b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTestSupport.java index 3e1aa94e4c..b783a54c9b 100644 --- a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTestSupport.java +++ b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTestSupport.java @@ -119,7 +119,6 @@ public class StompTestSupport { } public void startBroker() throws Exception { - System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "*"); createBroker(true); XStreamBrokerContext context = new XStreamBrokerContext();