我正在尝试发送接收ActiveMQ消息。但是我看到消息又带着这些消息返回。
JMSException in onMessage(): javax.jms.JMSException: Failed to build body from content. Serializable class not available to broker. Reason: java.lang.ClassNotFoundException: Forbidden class com.logicalprovisioning.common.gtc.shared.GTCMessage! This class is not trusted to be serialized as ObjectMessage payload. Please take a look at http://activemq.apache.org/objectmessage.html for more information on how to configure trusted classes.
所以我阅读了邮件中的链接。而且我尝试按照说明进行操作。尽管我必须说关于在哪里放置配置不是很好写。
所以我做的是:1.我将bin文件夹中activemq.bat文件中的ACTIVEMQ_OPTS行编辑为
if "%ACTIVEMQ_OPTS%" == "" set ACTIVEMQ_OPTS=-Xms1G -Xmx1G -Djava.util.logging.config.file=logging.properties -Djava.security.auth.login.config="%ACTIVEMQ_CONF%\login.config" -Dorg.apache.activemq.SERIALIZABLE_PACKAGES=com.logicalprovisioning.common.gtc.shared.GTCMessage
没有用。
我也在win64文件夹的activemq.bat中添加了以上行。它没有用。
我修改了订户对象的创建,以添加受信任的程序包。喜欢:
String providerEndpoints = "tcp://" + host + ":" + port + "?wireFormat.maxInactivityDuration=7200000";
// Set the trusted packages/classes to move back and forth on the ActiveMQ JMS service.
ArrayList<String> trustedClasses = new ArrayList<String>();
trustedClasses.add("com.logicalprovisioning.common.gtc.shared.GTCMessage");
// Obtain the factory
ActiveMQConnectionFactory activeMQConnectionFactory = new ActiveMQConnectionFactory();
activeMQConnectionFactory.setBrokerURL(providerEndpoints);
// Add the trusted packages/classes to the ActiveMQ consumer.
activeMQConnectionFactory.setTrustedPackages(trustedClasses);
//Create the connection
setConnection(activeMQConnectionFactory.createQueueConnection());
getConnection().setClientID(this.getName());
// Make a session
setSession(getConnection().createQueueSession(false, Session.AUTO_ACKNOWLEDGE));
getSession().createQueue(jmsDestination);
// Create the destination
Destination destination = getSession().createQueue(jmsDestination);
String selector = "JMSCorrelationID = '" + getActionRequest().getOriginId() + "_" + getActionRequest().getRequestId() + "'" ;
setConsumer(getSession().createConsumer(destination, selector));
getConsumer().setMessageListener(new DefaultMessageListener(this));
// Start ...
gtcMessages = new GTCMessageQueue<GTCMessage>(); // We'll need a message store now
getConnection().start();
而且我也为制作人添加了类似的内容:
Context initialContext = new InitialContext();
Context environmentContext = (Context) initialContext.lookup("java:comp/env");
String queueConnectionFactoryNameLookup = PalInit.getProperty("jms.queue.connection.factory");
// Set the trusted packages/classes to move back and forth on the ActiveMQ JMS service.
ArrayList<String> trustedClasses = new ArrayList<String>();
trustedClasses.add("com.logicalprovisioning.common.gtc.shared.GTCMessage");
ActiveMQConnectionFactory activeMQConnectionFactory = (ActiveMQConnectionFactory) environmentContext.lookup(queueConnectionFactoryNameLookup);
activeMQConnectionFactory.setTrustedPackages(trustedClasses);
// Create connection
QueueConnection queueConnection = activeMQConnectionFactory.createQueueConnection();
queueConnection.start();
// Create session and producer
setSession(queueConnection.createSession(false, Session.AUTO_ACKNOWLEDGE));
String queueName = PalInit.getProperty("jms.destination");
Queue jmsQueue = getSession().createQueue(queueName);
setProducer(getSession().createProducer(jmsQueue));
setQueueConnection(queueConnection);
// Set Message "Time to Live" to the request timeout plus 10 minutes
getProducer().setTimeToLive(getTimeout() + (10 * 60 * 1000L));
但是似乎没有任何作用。我在Tomcat的lib文件夹中有ActiveMQ-All jar,GTCMessage类所在的jar也是如此。谁能告诉我我在做什么错?这是缺少类的问题还是我的配置错误?任何帮助,将不胜感激。谢谢!
该应用程序正在Tomcat 9,JAVA 1.8和Active MQ 5.15.11上运行。
我认为您的问题是您要设置特定的class的名称,而不是该类的package。 The code查看包名称,而不是类名称。试试这个:
// Set the trusted packages to move back and forth on the ActiveMQ JMS service.
ArrayList<String> trustedPackages = new ArrayList<String>();
trustedPackages.add("com.logicalprovisioning.common.gtc.shared");
ActiveMQConnectionFactory activeMQConnectionFactory = (ActiveMQConnectionFactory) environmentContext.lookup(queueConnectionFactoryNameLookup);
activeMQConnectionFactory.setTrustedPackages(trustedPackages);
我认为您无需在经纪人本身上进行设置。
除此之外,我强烈建议您不要使用JMS ObjectMessage
。他们依靠Java序列化来封送和取消封送对象有效负载。通常认为此过程是不安全的,因为恶意负载可能会利用主机系统。为此已经创建了Lots of CVEs,这就是为什么大多数JMS提供程序都强制用户将可以使用ObjectMessage
消息交换的程序包明确列入白名单的原因。
使用JMS ObjectMessage
还有许多其他与安全性无关的问题,应该read about。