Repository: activemq Updated Branches: refs/heads/activemq-5.13.x 0715d09a9 -> 559477285 refs/heads/master 499e39e52 -> 40ecf22f0
AMQ-6166: Add option to configure trustAllPackages on Camel ActiveMQ component Project: http://git-wip-us.apache.org/repos/asf/activemq/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/40ecf22f Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/40ecf22f Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/40ecf22f Branch: refs/heads/master Commit: 40ecf22f0fdff6d3e5404a4a8724af25d0724d09 Parents: 499e39e Author: Claus Ibsen <[email protected]> Authored: Thu Feb 11 12:04:24 2016 +0100 Committer: Claus Ibsen <[email protected]> Committed: Thu Feb 11 12:04:24 2016 +0100 ---------------------------------------------------------------------- .../camel/component/ActiveMQComponent.java | 6 ++++++ .../camel/component/ActiveMQConfiguration.java | 20 ++++++++++++++++++++ 2 files changed, 26 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq/blob/40ecf22f/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQComponent.java ---------------------------------------------------------------------- diff --git a/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQComponent.java b/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQComponent.java index df38a00..39d4420 100644 --- a/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQComponent.java +++ b/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQComponent.java @@ -121,6 +121,12 @@ public class ActiveMQComponent extends JmsComponent implements EndpointCompleter } } + public void setTrustAllPackages(boolean trustAllPackages) { + if (getConfiguration() instanceof ActiveMQConfiguration) { + ((ActiveMQConfiguration)getConfiguration()).setTrustAllPackages(trustAllPackages); + } + } + public boolean isExposeAllQueues() { return exposeAllQueues; } http://git-wip-us.apache.org/repos/asf/activemq/blob/40ecf22f/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQConfiguration.java ---------------------------------------------------------------------- diff --git a/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQConfiguration.java b/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQConfiguration.java index 7eecac2..26d31a6 100644 --- a/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQConfiguration.java +++ b/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQConfiguration.java @@ -37,6 +37,7 @@ public class ActiveMQConfiguration extends JmsConfiguration { private boolean usePooledConnection = true; private String userName; private String password; + private boolean trustAllPackages; public ActiveMQConfiguration() { } @@ -109,6 +110,24 @@ public class ActiveMQConfiguration extends JmsConfiguration { this.usePooledConnection = usePooledConnection; } + public boolean isTrustAllPackages() { + return trustAllPackages; + } + + /** + * ObjectMessage objects depend on Java serialization of marshal/unmarshal object payload. + * This process is generally considered unsafe as malicious payload can exploit the host system. + * That's why starting with versions 5.12.2 and 5.13.0, ActiveMQ enforces users to explicitly whitelist packages + * that can be exchanged using ObjectMessages. + * <br/> + * This option can be set to <tt>true</tt> to trust all packages (eg whitelist is *). + * <p/> + * See more details at: http://activemq.apache.org/objectmessage.html + */ + public void setTrustAllPackages(boolean trustAllPackages) { + this.trustAllPackages = trustAllPackages; + } + /** * Factory method to create a default transaction manager if one is not specified */ @@ -126,6 +145,7 @@ public class ActiveMQConfiguration extends JmsConfiguration { @Override protected ConnectionFactory createConnectionFactory() { ActiveMQConnectionFactory answer = new ActiveMQConnectionFactory(); + answer.setTrustAllPackages(trustAllPackages); if (userName != null) { answer.setUserName(userName); }
