logo标签列表

SpringBoot + ActiveMQ - 如何设置可信包?

javaspring-bootactivemq
20

我正在创建两个使用JMS通信的SpringBoot服务器和客户端应用程序,使用的activemq版本是5.12.1一切正常,但是当我更新到5.12.3版本时,我遇到了以下错误:

org.springframework.jms.support.converter.MessageConversionException: Could not convert JMS message; nested exception is javax.jms.JMSException: Failed to build body from content. Serializable class not available to broker. Reason: java.lang.ClassNotFoundException: Forbidden class MyClass! This class is not trusted to be serialized as ObjectMessage payload. Please take a look at http://activemq.apache.org/objectmessage.html for more information on how to configure trusted classes.

我访问了提供的URL地址,并发现我的问题与ActiveMQ发布的 5.12.2 版本中实施的新安全性有关,我知道我可以通过定义可信包来解决这个问题,但我不知道在我的SpringBoot项目中放置这样的配置文件应该放在哪里。

我只是在应用程序属性中设置JMS队列的URI,并在“主”类中使用@EnableJms启用JMS,这是我在单独代理上的配置:

@Configuration
@ConfigurationProperties(prefix = "activemq")
public class BrokerConfiguration {

    /**
     * Defaults to TCP 10000
     */
    private String connectorURI = "tcp://0.0.0.0:10000";
    private String kahaDBDataDir = "../../data/activemq";

    public String getConnectorURI() {
        return connectorURI;
    }

    public void setConnectorURI(String connectorURI) {
        this.connectorURI = connectorURI;
    }

    public String getKahaDBDataDir() {
        return kahaDBDataDir;
    }

    public void setKahaDBDataDir(String kahaDBDataDir) {
        this.kahaDBDataDir = kahaDBDataDir;
    }

    @Bean(initMethod = "start", destroyMethod = "stop")
    public BrokerService broker() throws Exception {
        KahaDBPersistenceAdapter persistenceAdapter = new KahaDBPersistenceAdapter();
        persistenceAdapter.setDirectory(new File(kahaDBDataDir));

        final BrokerService broker = new BrokerService();
        broker.addConnector(getConnectorURI());
        broker.setPersistent(true);
        broker.setPersistenceAdapter(persistenceAdapter);
        broker.setShutdownHooks(Collections.<Runnable> singletonList(new SpringContextHook()));
        broker.setUseJmx(false);

        final ManagementContext managementContext = new ManagementContext();
        managementContext.setCreateConnector(true);
        broker.setManagementContext(managementContext);

        return broker;
    }
}

所以我想知道在哪里指定可信包。

谢谢 :)

6个回答
34

您只需在 application.properties 中设置以下 Spring Boot 属性之一即可设置信任的包。

spring.activemq.packages.trust-all=true

或者

spring.activemq.packages.trusted=<package1>,<package2>,<package3>

我猜它只在较新的Spring-Boot版本中可用? - AntoineB
24

添加以下的bean:

@Bean
public ActiveMQConnectionFactory activeMQConnectionFactory() {
    ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("your broker URL");
    factory.setTrustedPackages(Arrays.asList("com.my.package"));
    return factory;
}
下一个版本将通过配置属性添加此功能: https://github.com/spring-projects/spring-boot/issues/5631
谢谢 :) 我只是不得不编辑你的答案,因为 setTrustedPackage 只接受 List<String> 作为参数,而不是 String - AntoineB
抱歉!当然它有。ActiveMQConnectionFactory还有一个setTrustAllPackages(boolean)方法,因此您不必逐个设置它们。 - Jim.R
我尝试了相同的解决方案,但对我没有起作用。 - Ravat Tailor
setTrustedPackages和setTrustedPackage在2020年不存在。 - yenk
4

方法: public void setTrustedPackages(List<String> trustedPackages)

描述: 添加所有用于发送和接收Message对象的包。

代码: connectionFactory.setTrustedPackages(Arrays.asList("org.api","java.util"))

已实现的代码:

private static final String DEFAULT_BROKER_URL = "tcp://localhost:61616";

private static final String RESPONSE_QUEUE = "api-response";

@Bean
public ActiveMQConnectionFactory connectionFactory(){
    ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory();
    connectionFactory.setBrokerURL(DEFAULT_BROKER_URL);
    connectionFactory.setTrustedPackages(Arrays.asList("org.api","java.util"));
    return connectionFactory;
}

@Bean
public JmsTemplate jmsTemplate(){
    JmsTemplate template = new JmsTemplate();
    template.setConnectionFactory(connectionFactory());
    template.setDefaultDestinationName(RESPONSE_QUEUE);
    return template;
}
2
如果还有人在寻找答案,下面的代码片段对我有用:
@Bean
public ActiveMQConnectionFactory connectionFactory() {
    ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory();
    connectionFactory.setBrokerURL(BROKER_URL);
    connectionFactory.setPassword(BROKER_USERNAME);
    connectionFactory.setUserName(BROKER_PASSWORD);
    connectionFactory.setTrustAllPackages(true); // all packages are considered as trusted 
    //connectionFactory.setTrustedPackages(Arrays.asList("com.my.package")); // selected packages
    return connectionFactory;
}
1

我正在设置Java_opts,类似于以下内容,并将其传递给Java命令,这对我有效。

JAVA_OPTS=-Xmx256M -Xms16M -Dorg.apache.activemq.SERIALIZABLE_PACKAGES=*
java $JAVA_OPTS -Dapp.config.location=/data/config -jar <your_jar>.jar --spring.config.location=file:/data/config/<your config file path>.yml
0

是的,我发现它在新版本中的配置。

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.4.0.RELEASE</version>
</parent>

spring:
profiles:
    active: @profileActive@
cache:
  ehcache:
    config: ehcache.xml
activemq:
  packages:
    trusted: com.stylrplus.api.model
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接