Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong ClassLoader is used for message deserialization when devtools are active #2609

Closed
deje07 opened this issue Feb 6, 2024 · 0 comments
Closed

Wrong ClassLoader is used for message deserialization when devtools are active #2609

deje07 opened this issue Feb 6, 2024 · 0 comments
Labels
(EOL) for: backport-to-3.0.x in: rabbitmq status: backported type: bug
Milestone
3.1.2

Comments

@deje07
Copy link

deje07 commented Feb 6, 2024

Experienced with version 3.0.10 (probably all versions starting from 3.0).

When Spring Boot devtools are active, messages should be deserialized using the RestartClassLoader, but they are using AppClassLoader by default.

This will cause that message handlers for specific message types will not be found, since handlers are loaded via RestartClassLoader, and their parameter's class loader will be the same, so they will never be compatible with the same class loaded into AppClassLoader.

Both the SimpleMessageConverter (which is the default in Spring Boot) and the SerializerMessageConverter are affected.

Expected behavior

Message deserialization should work also with devtools enabled, by default. The ClassLoader to be used should be obtained via org.springframework.util.ClassUtils.getDefaultClassLoader() or equivalent.

Sample

I can provide a sample if required, but it is pretty straightforward what happens:

  • in SimpleMessageConverter the method createObjectInputStream will create the ObjectInputStream with no regard to other class loaders. Previously (before 3.0) it used beanClassLoader obtained via ClassUtils.getDefaultClassLoader().
  • in SerializerMessageConverter, when the DefaultDeserializer is used, the converter obtains the class loader from the DefaultDeserializer.classLoader property, which is null by default, which means current class loader will be used and not the proper one.

The commit that breaks the behavior seems to be 1a1b1f6, where RMI support gets removed.
@artembilan artembilan added this to the 3.1.2 milestone Feb 6, 2024
artembilan added a commit that referenced this issue Feb 6, 2024
@artembilan
GH-2609: Restore ClassLoader for SerMC & SimpleMC
780aeac 
Fixes: #2609

The deserialization functionality must rely on the `ClassLoader` from the application context (at least, by default).

* Fix `SimpleMessageConverter` to accept `BeanClassLoaderAware` and use it for `ConfigurableObjectInputStream`
* Fix `SerializerMessageConverter` to accept `BeanClassLoaderAware`
* Remove reflection for the `new DirectFieldAccessor(deserializer).getPropertyValue("classLoader")`
from the `SerializerMessageConverter` since it is not this converter responsibility
to interfere into provided `Deserializer` logic

**Cherry-pick to `3.0.x`**

(cherry picked from commit e7be534)
@spring-builds spring-builds mentioned this issue Feb 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
(EOL) for: backport-to-3.0.x in: rabbitmq status: backported type: bug
Projects
None yet
Milestone
3.1.2
Development

No branches or pull requests
3 participants
@artembilan @spring-builds @deje07