Red Hat SummitRed Hat AMQ 6
As of February 2025, Red Hat is no longer supporting Red Hat AMQ 6. If you are using AMQ 6, please upgrade: Migrating to AMQ 7.このコンテンツは選択した言語では利用できません。
5.6. Security Options for JMS ObjectMessage Serialization
Overview
リンクのコピーリンクがクリップボードにコピーされました!
The
javax.jms.ObjectMessage type can be used to send messages containing a serialized Java object. This feature has been available since JMS 1.0 and is supported by Apache ActiveMQ, but use of this feature is generally not recommended, for the following reasons:
- Architecturally, messaging systems enable loose coupling between producers and consumers, but
ObjectMessagere-introduces tight coupling, thereby negating a key benefit of the message-based architecture. - Using
ObjectMessageintroduces coupling of class paths between producers and consumers. - Using
ObjectMessagepresents a significant security risk, because the serialized objects can be used to transfer malicious code.
Security risks
リンクのコピーリンクがクリップボードにコピーされました!
ObjectMessage objects depend on Java serialization to marshal and unmarshal their object payload. This process is generally considered unsafe, because a malicious payload can exploit the host system. For this reason, starting from AMQ 6.3, AMQ forces users to explicitly whitelist packages that can be exchanged using ObjectMessage messages.
Whitelisting Java packages
リンクのコピーリンクがクリップボードにコピーされました!
To whitelist Java packages, so that they can be used in a serialized object message, you are required to list the acceptable packages in the
org.apache.activemq.SERIALIZABLE_PACKAGES system property. This system property can be used both on the server side (broker) and on the client side.
For example, on the broker side, you can set this property in the
InstallDir/etc/system.properties file, as follows:
org.apache.activemq.SERIALIZABLE_PACKAGES="java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper,com.mycompany.myapp"
org.apache.activemq.SERIALIZABLE_PACKAGES="java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper,com.mycompany.myapp"
Which adds the
com.mycompany.myapp package to the list of trusted packages. Note that the other packages listed here are enabled by default, because they are necessary for the regular broker to work.
Bypassing the whitelist mechanism
リンクのコピーリンクがクリップボードにコピーされました!
In case you want to bypass the whitelist mechanism, you can allow all packages to be trusted by specifying the
* wildcard character—for example:
org.apache.activemq.SERIALIZABLE_PACKAGES="*"
org.apache.activemq.SERIALIZABLE_PACKAGES="*"Warning
Disabling the whitelist mechanism can be useful in a testing environment, but it should not be used in a deployed system.
Client-side whitelisting API
リンクのコピーリンクがクリップボードにコピーされました!
On the client side, you can also configure trusted packages using the
org.apache.activemq.SERIALIZABLE_PACKAGES system property, but this approach is usually not convenient for client applications. An alternative approach is to use the API methods defined on the ActiveMQConnectionFactory class (where these API settings would override the system property, if it is set). There are two additional methods defined available:
- The
setTrustedPackages()method allows you to set the list of trusted packages you want to be to unserialize—for example:ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616"); factory.setTrustedPackages(new ArrayList(Arrays.asList("org.apache.activemq.test,org.apache.camel.test".split(","))));ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616"); factory.setTrustedPackages(new ArrayList(Arrays.asList("org.apache.activemq.test,org.apache.camel.test".split(","))));Copy to Clipboard Copied! Toggle word wrap Toggle overflow The list of trusted packages can also be set in XML. For example, a Camel endpoint in a Spring XML file can be configured as follows:Copy to Clipboard Copied! Toggle word wrap Toggle overflow - The
setTrustAllPackages()allows you to turn off the security check and trust all classes. It can be useful for testing purposes. For example:ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616"); factory.setTrustAllPackages(true);ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616"); factory.setTrustAllPackages(true);Copy to Clipboard Copied! Toggle word wrap Toggle overflow The whitelist mechanism can also be disabled in Spring XML as follows:Copy to Clipboard Copied! Toggle word wrap Toggle overflow WarningDisabling the whitelist mechanism can be useful in a testing environment, but it should not be used in a deployed system.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}