https://issues.apache.org/jira/browse/AMQ-6013 - init serializable pa…

…ckages statically
apache · Dec 3, 2015 · 7eb9b21 · 7eb9b21
1 parent e7a4b53
commit 7eb9b21
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 19 deletions.
diff --git a/...emq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java b/...emq-client/src/main/java/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java
@@ -34,10 +34,15 @@ public class ClassLoadingAwareObjectInputStream extends ObjectInputStream {
     private static final ClassLoader FALLBACK_CLASS_LOADER =
         ClassLoadingAwareObjectInputStream.class.getClassLoader();
 
-    private static String[] serializablePackages;
+    public static final String[] serializablePackages;
 
     private final ClassLoader inLoader;
 
+    static {
+        serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES",
+                    "java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(",");
+    }
+
     public ClassLoadingAwareObjectInputStream(InputStream in) throws IOException {
         super(in);
         inLoader = in.getClass().getClassLoader();
@@ -83,24 +88,15 @@ protected Class<?> resolveProxyClass(String[] interfaces) throws IOException, Cl
         }
     }
 
-    public static String[] getSerialziablePackages() {
-       if (serializablePackages == null) {
-           serializablePackages = System.getProperty("org.apache.activemq.SERIALIZABLE_PACKAGES",
-                       "java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper").split(",");
-       }
-
-       return serializablePackages;
-    };
-
     public static boolean isAllAllowed() {
-        return getSerialziablePackages().length == 1 && getSerialziablePackages()[0].equals("*");
+        return serializablePackages.length == 1 && serializablePackages[0].equals("*");
     }
 
     private void checkSecurity(Class clazz) throws ClassNotFoundException {
         if (!clazz.isPrimitive()) {
             if (clazz.getPackage() != null && !isAllAllowed()) {
                boolean found = false;
-               for (String packageName : getSerialziablePackages()) {
+               for (String packageName : serializablePackages) {
                    if (clazz.getPackage().getName().equals(packageName) || clazz.getPackage().getName().startsWith(packageName + ".")) {
                        found = true;
                        break;

diff --git a/activemq-http/src/main/java/org/apache/activemq/transport/xstream/XStreamWireFormat.java b/activemq-http/src/main/java/org/apache/activemq/transport/xstream/XStreamWireFormat.java
@@ -19,14 +19,11 @@
 import java.io.IOException;
 import java.io.Reader;
 
-<<<<<<< HEAD
-=======
 import com.thoughtworks.xstream.converters.Converter;
 import com.thoughtworks.xstream.converters.MarshallingContext;
 import com.thoughtworks.xstream.converters.UnmarshallingContext;
 import com.thoughtworks.xstream.io.HierarchicalStreamReader;
 import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
->>>>>>> a7e2a44... https://issues.apache.org/jira/browse/AMQ-6013 - restrict classes which can be serialized inside the broker
 import org.apache.activemq.command.MarshallAware;
 import org.apache.activemq.command.MessageDispatch;
 import org.apache.activemq.transport.stomp.XStreamSupport;
@@ -102,7 +99,8 @@ public int getCurrentWireFormatVersion() {
     }
 
     // Properties
-    // -------------------------------------------------activemq-http/src/main/java/org/apache/activemq/transport/xstream/XStreamWireFormat.java
+    // -------------------------------------------------
+    public XStream getXStream() {
         if (xStream == null) {
             xStream = createXStream();
             // make it work in OSGi env

diff --git a/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/XStreamSupport.java b/activemq-stomp/src/main/java/org/apache/activemq/transport/stomp/XStreamSupport.java
@@ -37,7 +37,7 @@ public static XStream createXStream() {
         if (ClassLoadingAwareObjectInputStream.isAllAllowed()) {
             stream.addPermission(AnyTypePermission.ANY);
         } else {
-            for (String packageName : ClassLoadingAwareObjectInputStream.getSerialziablePackages()) {
+            for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) {
                 stream.allowTypesByWildcard(new String[]{packageName + ".**"});
             }
         }

diff --git a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTestSupport.java b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompTestSupport.java
@@ -111,8 +111,7 @@ public void tearDown() throws Exception {
     }
 
     public void startBroker() throws Exception {
-        System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "*");
-        createBroker(true);
+        createBroker();
 
         XStreamBrokerContext context = new XStreamBrokerContext();
         brokerService.setBrokerContext(context);