Rabbitmq报unauthorized异常_add allowed class name patterns to the message con

问题：

Caused by: java.lang.SecurityException: Attempt to deserialize unauthorized class cn.seczone.sscsp.common.model.TaskSbomMessageMq; add allowed class name patterns to the message converter or, if you trust the message orginiator, set environment variable ‘SPRING_AMQP_DESERIALIZATION_TRUST_ALL’ or system property ‘spring.amqp.deserialization.trust.all’ to true

经过查博客和gpt最终得到几个结果

方案一：

在配置文件配置信任的类

spring:
  rabbitmq:
    listener:
      simple:
        allowed-classes:
          - cn.baidu.kkscsp.common.mq.TaskSbomMessageMq
          - cn.baidu.kkscsp.common.mq.TaskMessageMq
1
2
3
4
5
6
7

方案二：

自定义一下一个消息转换的bean，并在其中设置信任的包，即实体类的路径
生产者：

public class RabbitMQConfig {

    @Bean
    public MessageConverter jsonToMapMessageConverter() {
        DefaultClassMapper defaultClassMapper = new DefaultClassMapper();
        defaultClassMapper.setTrustedPackages("cn.baidu.kkscsp.common.mq"); // trusted packages
        Jackson2JsonMessageConverter jackson2JsonMessageConverter = new Jackson2JsonMessageConverter();
        jackson2JsonMessageConverter.setClassMapper(defaultClassMapper);
        return jackson2JsonMessageConverter;
    }
}
1
2
3
4
5
6
7
8
9
10
11

消费者：

@Configuration
public class RabbitMQConfig {
    @Bean
    public MessageConverter messageConverter(){
        return new Jackson2JsonMessageConverter();
    }
}
1
2
3
4
5
6
7

最终测试方案二是没问题，方案一没效果。