| ... On the client side, you need to have this same mechanism as malicious code can be deserialized on ObjectMessage.getObject() call, compromising your application's environment. At this point the You can use the same configuration mechanism is the same as on the broker and configure trusted classes using system properties. However, this is usually not convenient in the client applications, so you'll need to set appropriate system properties. There is an ongoing work in
![]() JIRA |
| server |
ASF JIRA |
| serverId |
5aa69414-a9e9-3523-82ec-879b028fb15b |
| key |
AMQ-6077 |
|
to improve this and make it configurable using ActiveMQConnectionFactory and Camel ActiveMQComponent objects. This will be documented in this area when finished (targeted for 5.13.1 release). in 5.13.1 we introduced additional configuration mechanism using ActiveMQConnectionFactory . There are two additional methods defined:
- The
setTrustedPackages() method allows you to set the list of trusted packages you want to be to unserialize, like
![]() Code Block |
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616");
factory.setTrustedPackages(new ArrayList(Arrays.asList("org.apache.activemq.test,org.apache.camel.test")));
|
-
The setTrustAllPackages() allows you to turn off security check and trust all classes. It's useful for testing purposes.
![]() Code Block |
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("tcp://localhost:61616");
factory.setTrustAllPackages(true);
|
You can set the same properties in Camel context like
![]() Code Block |
<bean id="connectionFactory" class="org.apache.activemq.spring.ActiveMQConnectionFactory">
<property name="brokerURL" value="tcp://localhost:61616"/>
<property name="trustedPackages">
<list>
<value>org.apache.activemq.test</value>
<value>org.apache.camel.test</value>
</list>
</property>
</bean>
<bean id="jmsConfig" class="org.apache.camel.component.jms.JmsConfiguration">
<property name="connectionFactory" ref="connectionFactory"/>
</bean>
<bean id="activemq" class="org.apache.activemq.camel.component.ActiveMQComponent">
<property name="configuration" ref="jmsConfig"/>
</bean>
|
or
![]() Code Block |
<bean id="connectionFactory" class="org.apache.activemq.spring.ActiveMQConnectionFactory">
<property name="brokerURL" value="tcp://localhost:61616"/>
<property name="trustAllPackages" value="true"/>
</bean>
<bean id="jmsConfig" class="org.apache.camel.component.jms.JmsConfiguration">
<property name="connectionFactory" ref="connectionFactory"/>
</bean>
<bean id="activemq" class="org.apache.activemq.camel.component.ActiveMQComponent">
<property name="configuration" ref="jmsConfig"/>
</bean>
|
This configuration will override system properties if they are set. |
