Apache/activemq
1
0
Fork 0
mirror of https://github.com/apache/activemq.git synced 2025-02-27 20:59:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

AMQ-8011 - Performance Related issue in ClassLoadingAwareObjectInputStream.checkSecurity()

Browse Source
This commit is contained in:
Andrew Levandoski 2020-10-20 17:21:31 -04:00
parent fa8b4c5215
commit f3e0ab4c5a
1 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java
View File

@ -98,18 +98,21 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream {
}
private void checkSecurity(Class clazz) throws ClassNotFoundException {
if (!clazz.isPrimitive()) {
if (clazz.getPackage() != null && !trustAllPackages()) {
boolean found = false;
for (String packageName : getTrustedPackages()) {
if (clazz.getPackage().getName().equals(packageName) || clazz.getPackage().getName().startsWith(packageName + ".")) {
found = true;
break;
}
}
if (!found) {
throw new ClassNotFoundException("Forbidden " + clazz + "! This class is not trusted to be serialized as ObjectMessage payload. Please take a look at http://activemq.apache.org/objectmessage.html for more information on how to configure trusted classes.");
}
if (trustAllPackages() || clazz.isPrimitive()) {
return;
}
boolean found = false;
Package thePackage = clazz.getPackage();
if (thePackage != null) {
for (String trustedPackage : getTrustedPackages()) {
if (thePackage.getName().equals(trustedPackage) || thePackage.getName().startsWith(trustedPackage + ".")) {
found = true;
break;
}
}
if (!found) {
throw new ClassNotFoundException("Forbidden " + clazz + "! This class is not trusted to be serialized as ObjectMessage payload. Please take a look at http://activemq.apache.org/objectmessage.html for more information on how to configure trusted classes.");
}
}
}