[英]Spring Boot trusted packages for rabbitmq
We're building a Spring Boot application (2.0.4-RELEASE) that receives messages via RabbitMQ. 我们正在构建一个Spring Boot应用程序(2.0.4-RELEASE),该应用程序通过RabbitMQ接收消息。 Hence the
application.properties
contains the rabbit related config: 因此,
application.properties
包含与Rabbit相关的配置:
spring.rabbitmq.addresses=****
spring.rabbitmq.username=****
spring.rabbitmq.password=****
spring.rabbitmq.listener.simple.concurrency=2
spring.rabbitmq.listener.simple.prefetch=5
spring.rabbitmq.listener.simple.retry.enabled=true
spring.rabbitmq.listener.simple.retry.max-attempts=5
Configuration: 组态:
@Bean
public TopicExchange fileUpdate() {
return new TopicExchange("my.fancy.exchange", true, false);
}
@Bean
public Queue fileUpload() {
return new Queue("myFancyQueue", true);
}
@Bean
public Binding bindingUpload(Queue queue, TopicExchange eventExchange) {
return BindingBuilder.bind(queue).to(eventExchange).with("");
}
Message Consumer: 消息使用者:
@RabbitListener(queues = "myFancyQueue")
public void receive(Object message) {
...
}
When receiving a message of a specific type (eg __TypeId__: my.fancy.package.Clazz
) the following error is thrown: 收到特定类型的消息(例如
__TypeId__: my.fancy.package.Clazz
)时,将引发以下错误:
Caused by: java.lang.IllegalArgumentException: The class 'my.fancy.package.Clazz' is not in the trusted packages: [java.util, java.lang].
原因:java.lang.IllegalArgumentException:类'my.fancy.package.Clazz'不在受信任的程序包中:[java.util,java.lang]。 If you believe this class is safe to deserialize, please provide its name.
如果您认为该类别可以安全地反序列化,请提供其名称。 If the serialization is only done by a trusted source, you can also enable trust all (*).
如果序列化仅由受信任的源完成,则还可以启用全部信任(*)。
From what I've discovered so far activeMQ provides a configuration option for that through the application.properties
as 到目前为止,我发现activeMQ通过
application.properties
为它提供了一个配置选项,如下所示:
spring.activemq.packages.trust-all=
or 要么
spring.activemq.packages.trusted=
but I can't find any similar option that would work for rabbitMQ. 但我找不到适用于RabbitMQ的任何类似选项。 So far I've been using a workaround that solves my problem but of course it would be great to have an option like that in the configuration file.
到目前为止,我一直在使用一种解决方法来解决我的问题,但是在配置文件中当然也可以有这样的选项。
My solution so far: 到目前为止,我的解决方案:
Adding to the configuration class: 添加到配置类:
@Bean
public MessageConverter jsonMessageConverter() {
Jackson2JsonMessageConverter jsonMessageConverter = new Jackson2JsonMessageConverter(new ObjectMapper());
jsonMessageConverter.setClassMapper(new ImporterClassMapper(FileUploadMessage.class));
return jsonMessageConverter;
}
@Bean
public RabbitTemplate rabbitTemplate(ConnectionFactory connectionFactory) {
RabbitTemplate template = new RabbitTemplate(connectionFactory);
template.setMessageConverter(jsonMessageConverter());
return template;
}
And changing the message consumer to 并将消息使用者更改为
@Resource(name = "jsonMessageConverter")
private MessageConverter messageConverter;
@RabbitListener(queues = "${uploaded.files.queue}")
public void receive(Message message) {
FileUploadMessage uploadMessage = (FileUploadMessage) messageConverter.fromMessage(message);
...
}
Plus adding a class mapper that allows unkown types to be imported and sets a default type to which messages should be cast to on import: 加上添加一个类映射器,该类映射器允许导入未知类型,并设置导入时将消息强制转换为的默认类型:
public class ImporterClassMapper implements ClassMapper, InitializingBean {
private volatile Class<?> defaultType;
public ImporterClassMapper(Class<?> defaultType) {
this.defaultType = defaultType;
}
@Override
public void afterPropertiesSet() throws Exception {
// nothing to do
}
@Override
public void fromClass(Class<?> clazz, MessageProperties properties) {
// avoid setting __TypeId__ header so consumers from other modules can implement their own DTOs
}
@Override
public Class<?> toClass(MessageProperties properties) {
return this.defaultType;
}
public void setClass(Class<?> type) {
this.defaultType = type;
}
}
Any advise on how to improve this solution? 对如何改进此解决方案有何建议?
I fixed the same error by setting trusted packages on the Spring AMQP ClassMapper being used. 我通过在使用的Spring AMQP ClassMapper上设置受信任的软件包来修复了相同的错误。
@Configuration
public class RabbitConfig {
@Bean
@Scope("prototype")
public SimpleRabbitListenerContainerFactory rabbitListenerContainerFactory(SimpleRabbitListenerContainerFactory factory, ObjectMapper objectMapper) {
factory.setMessageConverter(jsonToMapMessageConverter(objectMapper));
return factory;
}
@Bean
public MessageConverter jsonToMapMessageConverter(ObjectMapper objectMapper) {
Jackson2JsonMessageConverter messageConverter = new ImplicitJsonMessageConverter(objectMapper);
DefaultClassMapper classMapper = new DefaultClassMapper();
classMapper.setTrustedPackages("*");
classMapper.setDefaultType(Map.class);
messageConverter.setClassMapper(classMapper);
return messageConverter;
}
public static class ImplicitJsonMessageConverter extends Jackson2JsonMessageConverter {
public ImplicitJsonMessageConverter(ObjectMapper jsonObjectMapper) {
super(jsonObjectMapper, "*");
}
@Override
public Object fromMessage(Message message) throws MessageConversionException {
message.getMessageProperties().setContentType("application/json");
return super.fromMessage(message);
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.