From 2463f92a9e7521a5c52b1e102654594bc06e2056 Mon Sep 17 00:00:00 2001 From: Gary Russell Date: Mon, 27 Sep 2021 14:00:54 -0400 Subject: [PATCH] Do not deserialize in Message.toString() --- .../springframework/amqp/core/Message.java | 24 ++++--------------- .../amqp/core/MessageTests.java | 5 ++-- 2 files changed, 6 insertions(+), 23 deletions(-) diff --git a/spring-amqp/src/main/java/org/springframework/amqp/core/Message.java b/spring-amqp/src/main/java/org/springframework/amqp/core/Message.java index 15e9c6c727..f10cc5d7a3 100644 --- a/spring-amqp/src/main/java/org/springframework/amqp/core/Message.java +++ b/spring-amqp/src/main/java/org/springframework/amqp/core/Message.java @@ -16,16 +16,11 @@ package org.springframework.amqp.core; -import java.io.ByteArrayInputStream; import java.io.Serializable; import java.nio.charset.Charset; import java.util.Arrays; -import java.util.LinkedHashSet; -import java.util.Set; -import org.springframework.amqp.utils.SerializationUtils; import org.springframework.util.Assert; -import org.springframework.util.ClassUtils; /** * The 0-8 and 0-9-1 AMQP specifications do not define an Message class or interface. Instead, when performing an @@ -48,9 +43,6 @@ public class Message implements Serializable { private static final String DEFAULT_ENCODING = Charset.defaultCharset().name(); - private static final Set ALLOWED_LIST_PATTERNS = - new LinkedHashSet<>(Arrays.asList("java.util.*", "java.lang.*")); - private static String bodyEncoding = DEFAULT_ENCODING; private final MessageProperties messageProperties; @@ -79,20 +71,13 @@ public Message(byte[] body, MessageProperties messageProperties) { //NOSONAR } /** - * Add patterns to the allowed list of permissible package/class name patterns for - * deserialization in {@link #toString()}. - * The patterns will be applied in order until a match is found. - * A class can be fully qualified or a wildcard '*' is allowed at the - * beginning or end of the class name. - * Examples: {@code com.foo.*}, {@code *.MyClass}. - * By default, only {@code java.util} and {@code java.lang} classes will be - * deserialized. + * No longer used. + * @deprecated toString() no longer deserializes the body. * @param patterns the patterns. * @since 1.5.7 */ + @Deprecated public static void addAllowedListPatterns(String... patterns) { - Assert.notNull(patterns, "'patterns' cannot be null"); - ALLOWED_LIST_PATTERNS.addAll(Arrays.asList(patterns)); } /** @@ -128,8 +113,7 @@ private String getBodyContentAsString() { try { String contentType = this.messageProperties.getContentType(); if (MessageProperties.CONTENT_TYPE_SERIALIZED_OBJECT.equals(contentType)) { - return SerializationUtils.deserialize(new ByteArrayInputStream(this.body), ALLOWED_LIST_PATTERNS, - ClassUtils.getDefaultClassLoader()).toString(); + return "[serialized object]"; } String encoding = encoding(); if (MessageProperties.CONTENT_TYPE_TEXT_PLAIN.equals(contentType) diff --git a/spring-amqp/src/test/java/org/springframework/amqp/core/MessageTests.java b/spring-amqp/src/test/java/org/springframework/amqp/core/MessageTests.java index b9eb8b8bd9..045e3332f0 100644 --- a/spring-amqp/src/test/java/org/springframework/amqp/core/MessageTests.java +++ b/spring-amqp/src/test/java/org/springframework/amqp/core/MessageTests.java @@ -106,9 +106,8 @@ public void fooNotDeserialized() { Message listMessage = new SimpleMessageConverter().toMessage(Collections.singletonList(new Foo()), new MessageProperties()); assertThat(listMessage.toString()).doesNotContainPattern("aFoo"); - Message.addAllowedListPatterns(Foo.class.getName()); - assertThat(message.toString()).contains("aFoo"); - assertThat(listMessage.toString()).contains("aFoo"); + assertThat(message.toString()).contains("[serialized object]"); + assertThat(listMessage.toString()).contains("[serialized object]"); } @SuppressWarnings("serial")