Uploaded image for project: 'logback'
  1. logback
  2. LOGBACK-1347

HardenedObjectInputStream can't handle multiple markers

    Details

      Description

      I have an application that uses logback classic's SocketAppender to send events to a separate logging process.  The separate process is using logback classic's ServerSocketReceiver and then tracks details about the events.  With logback 1.2 it stopped working and the receiving process started outputting: "java.io.InvalidClassException: Unauthorized deserialization attempt; [Ljava.lang.Object;".  Trying to track it down I finally found that it happened when I had two or more Markers on the event.  Specifically with code such as:

      Marker marker = MarkerFactory.getDetachedMarker(processName);
      marker.add(MarkerFactory.getMarker(priority));

      Tracing further, the error message comes from logback core's HardenedObjectInputStream.resolveClass(ObjectStreamClass).  The related class HardenedLoggingEventInputStream has a whitelist of accepted classnames that includes org.slf4j.helpers.BasicMarker but not Object[].  When the sending application code calls BasicMarker.add(Marker), the BasicMarker will create a new internal Vector.  That Vector has the field elementData of type Object[] which gets serialized in the sending process.  Then the receiving process does not accept Object[] during deserialization and produces the error above.

      In short, I can't have two slf4j Markers on an event and send it across with serialization with logback classic's SocketAppender and ServerSocketReceiver.

        Attachments

          Activity

            People

            • Assignee:
              ceki Ceki Gülcü
              Reporter:
              ndjensen Nathan Jensen
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: