Skip to content

Add configuration key spring.rabbitmq.template.allowed-list-patterns #40421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add configuration key spring.rabbitmq.template.allowed-list-patterns #40421

wants to merge 1 commit into from

Conversation

quaff
Copy link
Contributor

@quaff quaff commented Apr 18, 2024

Fix

java.lang.SecurityException: Attempt to deserialize unauthorized class com.example.domain.Message; add allowed class name patterns to the message converter or, if you trust the message orginiator, set environment variable 'SPRING_AMQP_DESERIALIZATION_TRUST_ALL' or system property 'spring.amqp.deserialization.trust.all' to true

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Apr 18, 2024
@quaff
Add configuration key spring.rabbitmq.template.allowed-list-patterns
135f0d6 
Fix
```
java.lang.SecurityException: Attempt to deserialize unauthorized class com.example.domain.Message; add allowed class name patterns to the message converter or, if you trust the message orginiator, set environment variable 'SPRING_AMQP_DESERIALIZATION_TRUST_ALL' or system property 'spring.amqp.deserialization.trust.all' to true
```
@philwebb philwebb changed the title Add configuration key spring.rabbitmq.template.allowed-list-patterns Add configuration key spring.rabbitmq.template.allowed-list-patterns Apr 18, 2024
@philwebb philwebb added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 18, 2024
@philwebb philwebb added this to the 3.3.x milestone Apr 18, 2024
@philwebb philwebb self-assigned this Apr 18, 2024
@philwebb philwebb modified the milestones: 3.3.x, 3.3.0-RC1 Apr 18, 2024
philwebb pushed a commit that referenced this pull request Apr 18, 2024
@quaff @philwebb
Add spring.rabbitmq.template.allowed-list-patterns property
c329c5f 
Update `RabbitProperties` and `RabbitTemplateConfigurer` to support a
`spring.rabbitmq.template.allowed-list-patterns` property.

The can be used to prevent errors of the form:

	java.lang.SecurityException: Attempt to deserialize unauthorized
	class com.example.domain.Message; add allowed class name patterns
	to the message converter or, if you trust the message orginiator,
	set environment variable 'SPRING_AMQP_DESERIALIZATION_TRUST_ALL'
	or system property 'spring.amqp.deserialization.trust.all' to true

See gh-40421
philwebb added a commit that referenced this pull request Apr 18, 2024
@philwebb
Polish 'Add spring.rabbitmq.template.allowed-list-patterns property'
d243d7e 
See gh-40421
@philwebb philwebb closed this in c5935ea Apr 18, 2024
izeye added a commit to izeye/spring-boot that referenced this pull request Jul 4, 2024
@izeye
Polish spring-projectsgh-40421
5d1636a
@izeye izeye mentioned this pull request Jul 4, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@philwebb philwebb

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
3.3.0-RC1
Development

Successfully merging this pull request may close these issues.
3 participants
@quaff @philwebb @spring-projects-issues