Merge pull request #665 from mattrpav/AMQ-8282
[AMQ-8282] Migrate from deprecated .newInstance() calls to .getConstr…
diff --git a/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java b/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java
index 47d4754..322e1e7 100644
--- a/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java
@@ -372,6 +372,7 @@
if (!(desc.getName().startsWith("java.lang.")
|| desc.getName().startsWith("com.thoughtworks.xstream")
|| desc.getName().startsWith("java.util.")
+ || desc.getName().length() > 2 && desc.getName().substring(2).startsWith("java.util.") // Allow arrays
|| desc.getName().startsWith("org.apache.activemq."))) {
throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
}
diff --git a/activemq-broker/src/main/java/org/apache/activemq/transport/nio/AutoInitNioSSLTransport.java b/activemq-broker/src/main/java/org/apache/activemq/transport/nio/AutoInitNioSSLTransport.java
index 98d0d79..e5717ac 100644
--- a/activemq-broker/src/main/java/org/apache/activemq/transport/nio/AutoInitNioSSLTransport.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/transport/nio/AutoInitNioSSLTransport.java
@@ -158,9 +158,8 @@
return readSize;
}
- //Prevent concurrent access to SSLEngine
@Override
- public synchronized void serviceRead() {
+ public void serviceRead() {
try {
if (handshakeInProgress) {
doHandshake();
diff --git a/activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java b/activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
index 4c944f4..d0e2fc8 100644
--- a/activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
+++ b/activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
@@ -243,9 +243,8 @@
}
}
- //Prevent concurrent access to SSLEngine
@Override
- public synchronized void serviceRead() {
+ public void serviceRead() {
try {
if (handshakeInProgress) {
doHandshake();
@@ -374,7 +373,8 @@
}
}
- protected int secureRead(ByteBuffer plain) throws Exception {
+ //Prevent concurrent access while reading from the channel
+ protected synchronized int secureRead(ByteBuffer plain) throws Exception {
if (!(inputBuffer.position() != 0 && inputBuffer.hasRemaining()) || status == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
int bytesRead = channel.read(inputBuffer);
diff --git a/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java b/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java
index a41c15a..448cb6a 100644
--- a/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java
+++ b/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java
@@ -4250,6 +4250,7 @@
if (!(desc.getName().startsWith("java.lang.")
|| desc.getName().startsWith("com.thoughtworks.xstream")
|| desc.getName().startsWith("java.util.")
+ || desc.getName().length() > 2 && desc.getName().substring(2).startsWith("java.util.") // Allow arrays
|| desc.getName().startsWith("org.apache.activemq."))) {
throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
}