activemq-classicxstream

ActiveMQ XStream ForbiddenClassException

I'm using ActiveMQ 5.16.2 as broker and client 5.16.1 in my java app. Sometimes I get this error in a loop:

---- Debugging information ----
cause-exception     : com.thoughtworks.xstream.security.ForbiddenClassException
cause-message       : java.io.IOException
class               : org.apache.activemq.command.ExceptionResponse
required-type       : org.apache.activemq.command.ExceptionResponse
converter-type      : 
com.thoughtworks.xstream.converters.reflection.ReflectionConverter
path                : /org.apache.activemq.command.ExceptionResponse/exception
line number         : 5
version             : 1.4.15
-------------------------------
    at org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:34)
    at org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:205)
    at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: com.thoughtworks.xstream.converters.ConversionException: 
---- Debugging information ----
cause-exception     : com.thoughtworks.xstream.security.ForbiddenClassException
cause-message       : java.io.IOException
class               : org.apache.activemq.command.ExceptionResponse
required-type       : org.apache.activemq.command.ExceptionResponse
converter-type      : com.thoughtworks.xstream.converters.reflection.ReflectionConverter
path                : /org.apache.activemq.command.ExceptionResponse/exception
line number         : 5
version             : 1.4.15
-------------------------------
    at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:77)
    at com.thoughtworks.xstream.core.AbstractReferenceUnmarshaller.convert(AbstractReferenceUnmarshaller.java:72)
    at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:66)
    at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:50)
    at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:134)
    at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
    at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1409)
    at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1388)
    at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1273)
    at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1264)
    at org.apache.activemq.transport.xstream.XStreamWireFormat.unmarshalText(XStreamWireFormat.java:66)
    at org.apache.activemq.transport.util.TextWireFormat.unmarshal(TextWireFormat.java:56)
    at org.apache.activemq.transport.http.HttpClientTransport.run(HttpClientTransport.java:196)
... 1 common frames omitted
Caused by: com.thoughtworks.xstream.security.ForbiddenClassException: java.io.IOException
   at com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
   at com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74)
   at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125)
   at com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47)
   at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.doUnmarshal(AbstractReflectionConverter.java:420)
   at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.unmarshal(AbstractReflectionConverter.java:277)
   at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:72)
... 13 common frames omitted

I already have a similar error this XStream when I'm in 5.16.0 and correct in 5.16.1, but now it's another one.

I tried using the 5.16.2 client, but I get the same error:

--- Debugging information ----
cause-exception     : 
com.thoughtworks.xstream.security.ForbiddenClassException
cause-message       : java.io.IOException
class               : org.apache.activemq.command.ExceptionResponse
required-type       : org.apache.activemq.command.ExceptionResponse
converter-type      : com.thoughtworks.xstream.converters.reflection.ReflectionConverter
path                : /org.apache.activemq.command.ExceptionResponse/exception
line number         : 5
version             : 1.4.16
-------------------------------

The exception occurs on the client. We are using XStream because the client is connecting via HTTP and XStream is required on the client for this use-case according to the documentation.

This application has been running in TCP for a very long time, but we have to use it also in HTTPS. Since we've been testing HTTPS we have had some weird behavior with tests that fail due to XStream errors, but other HTTPS calls work without problem. I'm just trying to figure out why switching to HTTPS is causing this.

Solution

  • It looks to me like XStream is trying to deal with an OpenWire org.apache.activemq.command.ExceptionResponse message which is coming from the broker. This message contains a serialized java.io.IOException and XStream fails to convert this as it is expecting an XML payload instead. That's why the exception says:

    Caused by: com.thoughtworks.xstream.security.ForbiddenClassException: java.io.IOException

    The ForbiddenClassException is the exception which XStream throws in response to the java.io.IOException which it can't convert.

    It's not clear what is triggering the java.io.IOException in the first place so that would be worth investigating (e.g. look at the broker logs). The XStream failure itself appears to be a bug. However, I'm not sure how well-maintained the HTTP/S transport is so a bug-fix may not be available soon (if ever). You might try migrating from ActiveMQ 5.x (i.e. "Classic") to ActiveMQ Artemis which also supports HTTP/S.