Search code examples
javaapache-camelactivemq-classicserializable

ActiveMQ property SERIALIZABLE_PACKAGES sending ObjectMessage

Running a simple project using SpringBoot and creating an ActiveMQ broker through @Configuration.

In the Main-method, before SpringApplication.run, I set this;

System.setProperty("org.apache.activemq.SERIALIZABLE_PACKAGES", "*");

Trusting all packages when creating the broker and ActiveMQConnectionFactory;

factory.setTrustAllPackages(true);

Route:

from("timer://getStuffDone?period=5s") //just a test
    .to("bean://superProcessor?method=process")  // new a simple object and puts it as body
    .to("activemq:queue:superQueue?jmsMessageType=Object");

The object:

public class SuperObject {
public String name;}

BUT, I get this:

Caused by: org.apache.camel.NoTypeConversionAvailableException: No type converter available to convert from type: net.supertest.SuperObject to the required type: java.io.Serializable with value net.supertest.SuperObject@2b38b4cb at org.apache.camel.impl.converter.BaseTypeConverterRegistry.mandatoryConvertTo(BaseTypeConverterRegistry.java:206) ~[camel-core-2.22.1.jar:2.22.1] at org.apache.camel.component.jms.JmsBinding.createJmsMessageForType(JmsBinding.java:672) ~[camel-jms-2.22.1.jar:2.22.1]

If I implement Serializable, it works well.., but I was expecting it handle that automaticly as I had used the wildcard in SERIALIZABLE_PACKAGES. Any clues on why it's not working as expected? ActiveMQ version 5.15.6

Solution

  • No, the property org.apache.activemq.SERIALIZABLE_PACKAGES does not relieve you of implementing Serializable. It is just a security setting on the broker to block ObjectMessage marshal/unmarshal by default.

    To allow ObjectMessage serialization you have to configure the needed packages on the broker with org.apache.activemq.SERIALIZABLE_PACKAGES and on the client with factory.setTrustedPackages.

    Regardless of this configuration you have to implement your Object as Serializable.

    From the ActiveMQ Docs:

    ObjectMessage objects depend on Java serialization of marshal/unmarshal object payload. This process is generally considered unsafe as malicious payload can exploit the host system. That's why starting with versions 5.12.2 and 5.13.0, ActiveMQ enforces users to explicitly whitelist packages that can be exchanged using ObjectMessages.