Reputation: 499
Unable to publish my message getting deserialize unauthorized class error
I am trying to create a message queue using RabbitMq. When I try to push my message to the queue, I getbelow error message
-
org.springframework.amqp.rabbit.support.ListenerExecutionFailedException: Failed to convert message
-
Attempt to deserialize unauthorized class com.example.rabbitmq.model.MessageInfo; add allowed class name patterns to the message converter or, if you trust the message originator, set environment variable 'SPRING_AMQP_DESERIALIZATION_TRUST_ALL' or system property 'spring.amqp.deserialization.trust.all' to true.
If I use a JSON string instead of a Java object, I am able to publish my message and able to receive my message, but I am trying to publish a Java object.
Below are the configuration settings in RabbitMQ when I try to view the message in rabbitmq console
priority: 0
delivery_mode: 2
headers:
content_type: application/x-java-serialized-object
My configuration class:
@Bean
public Queue queue() {
return new Queue(QUEUE);
}
@Bean
public TopicExchange exchange() {
return new TopicExchange(EXCHANGE);
}
@Bean
public Binding binding(Queue queue, TopicExchange exchange) {
return BindingBuilder
.bind(queue)
.to(exchange)
.with(ROUTING_KEY);
}
@Bean
public Jackson2JsonMessageConverter messageConverter() {
Jackson2JsonMessageConverter converter = new Jackson2JsonMessageConverter() ;
return converter;
}
@Bean
public AmqpTemplate template(ConnectionFactory connectionFactory) {
RabbitTemplate template = new RabbitTemplate(connectionFactory);
template.setMessageConverter(messageConverter());
return template;
}
My publisher:
public String publishMessage(@RequestBody CustomMessage message) {
System.out.println(" Message received == >"+message.getMessage());
MessageInfo msMessageInfo = MessageInfo.builder().messageId(UUID.randomUUID().toString()).message(message.getMessage())
.messageDate(new Date())
.build();
template.convertAndSend(RabbitMqExchangeConfig.EXCHANGE,
RabbitMqExchangeConfig.ROUTING_KEY, msMessageInfo);
return "Message Published";
}
My receiver :
@RabbitListener(queues = RabbitMqExchangeConfig.QUEUE)
public void listener(MessageInfo message) {
System.out.println(" --- > delivered messagd :: == > "+message);
}
Upvotes: 1
Views: 780
Answers (1)
Reputation: 121552
For Java object the SimpleMessageConverter relies on Java serialization.
And since it proves to be vulnerable, no any custom class is allowed for deserialization on the consumer side by default.
See more info in docs: https://docs.spring.io/spring-amqp/reference/amqp/message-converters.html#java-deserialization.
And the AllowedListDeserializingMessageConverter Javadocs:
/**
* Set simple patterns for allowable packages/classes for deserialization.
* The patterns will be applied in order until a match is found.
* A class can be fully qualified or a wildcard '*' is allowed at the
* beginning or end of the class name.
* Examples: {@code com.foo.*}, {@code *.MyClass}.
* @param patterns the patterns.
*/
public void setAllowedListPatterns(List<String> patterns) {
Upvotes: 1
Related Questions
- Spring AMQP @RabbitListener is not ready to receive messages on @ApplicationReadyEvent. Queues/Bindings declared too slow?
- Can't convert Message object from RabbitMQ to java class
- Trouble with RabbitMQ fanout exchange
- How can I abstract RabbitMQ Consumer and Producer from the main project source code
- Failed to start bean 'org.springframework.amqp.rabbit.config.internalRabbitListenerEndpointRegistry'
- Java Spring send back message to queue from consumer
- RabbitMQ Failed to declare queue and Listener is not able to get queue on server
- @RabbitListener strange behavior with containerFactory
- How do I add beans dynamically in code in a Spring (Boot) application?