What specific version of 5.11 is your client running? The security fix that added this check (https://issues.apache.org/jira/browse/AMQ-6013) was back-ported to 5.11.3, so if you're using that version of 5.11 or later, then you have that change.
Tim On Tue, Sep 12, 2017 at 12:19 AM, khandelwalanuj < anuj.cool.khandel...@gmail.com> wrote: > Hi, > > Currently ActiveMQ broker is using ActiveMQ v5.14 while clients are still > running on v5.11. In the client migration process, we are facing below > problem with ObjectMessages: > > The cases when producer is migrated to 5.14 but consumer is still using the > older version(5.11) are failing and throwing the security exception > provided > below. > > Details about the failure : > [Upgraded ]Broker is running with v5.14 with > -Dorg.apache.activemq.SERIALIZABLE_PACKAGES=* > [Upgraded ]producer running with v5.14 > [Not Upgraded]consumer running with v5.11 and does not specified any > trusted > package property. > > Can someone check why this case is not working as ActiveMQ is supposed to > decouple producer and consumers but here migration is stuck unless both > producer and consumers are migrated to the same version at the same time. > > > Caused by: java.lang.ClassNotFoundException: Forbidden class > producer.test.SampleObjectMessage! This class is not trusted to be > serialized as ObjectMessage payload. Please take a look at > http://activemq.apache.org/objectmessage.html for more information on how > to > configure trusted classes. > at > org.apache.activemq.util.ClassLoadingAwareObjectInputStream.checkSecurity( > ClassLoadingAwareObjectInputStream.java:112) > at > org.apache.activemq.util.ClassLoadingAwareObjectInputStream.resolveClass( > ClassLoadingAwareObjectInputStream.java:57) > at java.io.ObjectInputStream.readNonProxyDesc( > ObjectInputStream.java:1613) > at java.io.ObjectInputStream.readClassDesc( > ObjectInputStream.java:1518) > at > java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1774) > at java.io.ObjectInputStream.readObject0(ObjectInputStream. > java:1351) > at java.io.ObjectInputStream.readObject(ObjectInputStream. > java:371) > at > org.apache.activemq.command.ActiveMQObjectMessage.getObject( > ActiveMQObjectMessage.java:206) > > > > > -- > Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User- > f2341805.html >
