search

Wechat-Group / WxJava

微信开发 Java SDK ,支持包括微信支付,开放平台,小程序,企业微信,视频号,公众号等的后端开发
Apache License 2.0
29.76k stars 8.53k forks source link

com.thoughtworks.xstream.security.ForbiddenClassException #3293

Closed 1554833267 closed 1 month ago

1554833267 commented 4 months ago

调用该方法,这行报错 image

参数: signature=4861b70a5d0d9ca92a41398b3060d0209549ae55&timestamp=1716261387&nonce=616620240&encrypt_type=aes&msg_signature=611e592f354ab858a02499a866aa8e05378f98b3

具体报错信息: com.thoughtworks.xstream.security.ForbiddenClassException: java.util.List at com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26) ~[xstream-1.4.20.jar!/:1.4.20] at com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74) ~[xstream-1.4.20.jar!/:1.4.20] at com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125) ~[xstream-1.4.20.jar!/:1.4.20] at com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47) ~[xstream-1.4.20.jar!/:1.4.20] at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.doUnmarshal(AbstractReflectionConverter.java:362) ~[xstream-1.4.20.jar!/:1.4.20] at com.thoughtworks.xstream.converters.reflection.AbstractReflectionConverter.unmarshal(AbstractReflectionConverter.java:277) ~[xstream-1.4.20.jar!/:1.4.20] at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:74) ~[xstream-1.4.20.jar!/:1.4.20] at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:68) ~[xstream-1.4.20.jar!/:1.4.20] at com.thoughtworks.xstream.core.TreeUnmarshaller.convertAnother(TreeUnmarshaller.java:52) ~[xstream-1.4.20.jar!/:1.4.20] at com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:136) ~[xstream-1.4.20.jar!/:1.4.20] at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32) ~[xstream-1.4.20.jar!/:1.4.20] at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1464) ~[xstream-1.4.20.jar!/:1.4.20] at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1441) ~[xstream-1.4.20.jar!/:1.4.20] at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1321) ~[xstream-1.4.20.jar!/:1.4.20] at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1312) ~[xstream-1.4.20.jar!/:1.4.20] at me.chanjar.weixin.open.util.xml.XStreamTransformer.fromXml(XStreamTransformer.java:29) ~[weixin-java-open-4.5.5.B.jar!/:na] at me.chanjar.weixin.open.bean.message.WxOpenXmlMessage.fromXml(WxOpenXmlMessage.java:131) ~[weixin-java-open-4.5.5.B.jar!/:na] at me.chanjar.weixin.open.bean.message.WxOpenXmlMessage.fromEncryptedXml(WxOpenXmlMessage.java:152) ~[weixin-java-open-4.5.5.B.jar!/:na]

问题是偶现的,大部分时候是可以解析成功的,偶尔报这个错,解析失败

1554833267 commented 4 months ago

补充参数,xml:

`

<Encrypt><![CDATA[TL4w7SAo7eFpBzeJjKGDKvX2C+8w8MvtMd71rem+VR2bkuNcVF5jD13+v6ouhClAFhkTwOqQ3W8MwFgI9AApUAOKB00904VoJZT7lSOJT+Xv4SzVA4SgQObtP76jyEZjTL7DtBR8WRCHlg0apNFXWN0EPVqqTnQZpN+QE0FIMJPuHHAQZHXrfPKcvmYXsbmA95tW7og432YAHbG23W7XHXQPdNrLIrdbKfg8bla737/sWck03jIJmOOy0toe3SIwcNPF32jO6dOwksqWT5RcQ7B1bIN/WBC/RLMubuSJdL1IKsMWJlaEGqUqt7t6H/AoEREaQOSpkYd11WdbfkPKK33HprXn5XX8UFynjWd/TBH9hiUPTwUM1pV359uoKobORwwlCDWGCt4ypQcgxNNjTykm2S7sarvRrZIDarg1p3/FjTUcgj8fLF4iVNBhvk2LWGDSxplENX5QrUCZOzRpH4f6SnqbFcg5BWJZsfSyq73nfBpAaPZ3NyaYNs9QosNUvSchNji2QACUUnHCxYdZm7Z/9DR44NKP+Qi45eJ63G8=]]></Encrypt>

`

Molzx commented 3 months ago

同样的问题,解决了嘛

LsluckyDay commented 3 months ago

解决了 jdk11缺陷问题

---- Replied Message ---- | From | @.> | | Date | 07/01/2024 10:01 | | To | Wechat-Group/WxJava @.> | | Cc | Subscribed @.***> | | Subject | Re: [Wechat-Group/WxJava] com.thoughtworks.xstream.security.ForbiddenClassException (Issue #3293) |

同样的问题,解决了嘛

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.***>

Molzx commented 3 months ago

解决了 jdk11缺陷问题 ---- Replied Message ---- | From | @.> | | Date | 07/01/2024 10:01 | | To | Wechat-Group/WxJava @.> | | Cc | Subscribed @.> | | Subject | Re: [Wechat-Group/WxJava] com.thoughtworks.xstream.security.ForbiddenClassException (Issue #3293) | 同样的问题,解决了嘛 — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.>

我这儿是jdk8。。。

stale[bot] commented 1 month ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.