无法发布我的消息,出现反序列化未经授权的类错误

问题描述 投票:0回答:2

我正在尝试使用 RabbitMq 创建消息队列。当我尝试将消息推送到队列时,我收到以下错误消息

  1. org.springframework.amqp.rabbit.support.ListenerExecutionFailedException:无法转换消息

  2. 尝试反序列化未经授权的类 com.example.rabbitmq.model.MessageInfo; 将允许的类名模式添加到消息转换器,或者,如果您信任消息发起者,请将环境变量“SPRING_AMQP_DESERIALIZATION_TRUST_ALL”或系统属性“spring.amqp.deserialization.trust.all”设置为 true。

如果我使用 JSON 字符串而不是 Java 对象,我就能够发布我的消息并能够接收我的消息,但我正在尝试发布一个 Java 对象。

以下是当我尝试在rabbitmq控制台中查看消息时RabbitMQ中的配置设置

priority:   0
delivery_mode:  2
headers:    
content_type:   application/x-java-serialized-object

我的配置类:

@Bean
public Queue queue() {
    return  new Queue(QUEUE);
}

@Bean
public TopicExchange exchange() {
    return new TopicExchange(EXCHANGE);
}

@Bean
public Binding binding(Queue queue, TopicExchange exchange) {
    return BindingBuilder
            .bind(queue)
            .to(exchange)
            .with(ROUTING_KEY);
}

@Bean
public Jackson2JsonMessageConverter messageConverter() {
    Jackson2JsonMessageConverter converter = new Jackson2JsonMessageConverter() ;

    return  converter;
}

@Bean
public AmqpTemplate template(ConnectionFactory connectionFactory) {
    RabbitTemplate template = new RabbitTemplate(connectionFactory);

    template.setMessageConverter(messageConverter());
    return  template;
}

我的出版商:

public String publishMessage(@RequestBody CustomMessage message) {
    System.out.println(" Message received == >"+message.getMessage());

    MessageInfo  msMessageInfo =  MessageInfo.builder().messageId(UUID.randomUUID().toString()).message(message.getMessage())
            .messageDate(new Date())
            .build();
   
    template.convertAndSend(RabbitMqExchangeConfig.EXCHANGE,
            RabbitMqExchangeConfig.ROUTING_KEY, msMessageInfo);

    return "Message Published";
}

我的接收器:

@RabbitListener(queues = RabbitMqExchangeConfig.QUEUE)
public void listener(MessageInfo message) {
    System.out.println(" --- >  delivered messagd :: == > "+message);
}
rabbitmq spring-jms spring-rabbit rabbitmq-exchange rabbitmqctl
2个回答
0
投票

对于 Java 对象,

SimpleMessageConverter
依赖于 Java 序列化。 由于它被证明是易受攻击的,因此默认情况下不允许任何自定义类在消费者端进行反序列化。

在文档中查看更多信息:https://docs.spring.io/spring-amqp/reference/amqp/message-converters.html#java-deserialization.

还有 

AllowedListDeserializingMessageConverter
Javadocs:

/**
 * Set simple patterns for allowable packages/classes for deserialization.
 * The patterns will be applied in order until a match is found.
 * A class can be fully qualified or a wildcard '*' is allowed at the
 * beginning or end of the class name.
 * Examples: {@code com.foo.*}, {@code *.MyClass}.
 * @param patterns the patterns.
 */
public void setAllowedListPatterns(List<String> patterns) {
0
投票

我建议您在以下链接中查看我对此问题的回答:

https://stackoverflow.com/a/78064593/8185956

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.