Apache/activemq
1
0
Fork 0
mirror of https://github.com/apache/activemq.git synced 2025-02-28 05:09:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

AMQ-8011 - Performance Related issue in ClassLoadingAwareObjectInputStream.checkSecurity()

Browse Source
This commit is contained in:
Andrew Levandoski 2020-10-20 17:21:31 -04:00
parent fa8b4c5215
commit f3e0ab4c5a
1 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
activemq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java
View File

@ -98,18 +98,21 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream {
} }
private void checkSecurity(Class clazz) throws ClassNotFoundException { private void checkSecurity(Class clazz) throws ClassNotFoundException {
if (!clazz.isPrimitive()) { if (trustAllPackages() || clazz.isPrimitive()) {
if (clazz.getPackage() != null && !trustAllPackages()) { return;
boolean found = false; }
for (String packageName : getTrustedPackages()) {
if (clazz.getPackage().getName().equals(packageName) || clazz.getPackage().getName().startsWith(packageName + ".")) { boolean found = false;
found = true; Package thePackage = clazz.getPackage();
break; if (thePackage != null) {
} for (String trustedPackage : getTrustedPackages()) {
} if (thePackage.getName().equals(trustedPackage) || thePackage.getName().startsWith(trustedPackage + ".")) {
if (!found) { found = true;
throw new ClassNotFoundException("Forbidden " + clazz + "! This class is not trusted to be serialized as ObjectMessage payload. Please take a look at http://activemq.apache.org/objectmessage.html for more information on how to configure trusted classes."); break;
} }
}
if (!found) {
throw new ClassNotFoundException("Forbidden " + clazz + "! This class is not trusted to be serialized as ObjectMessage payload. Please take a look at http://activemq.apache.org/objectmessage.html for more information on how to configure trusted classes.");
} }
} }
} }