This is an automated email from the ASF dual-hosted git repository.
oscerd pushed a commit to branch camel-4.14.x
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/camel-4.14.x by this push:
new 17f8fcb22569 CAMEL-23409: camel-sjms - Disable ObjectMessage by
default (#22970)
17f8fcb22569 is described below
commit 17f8fcb22569f4c459b9e53c1485bfc764dc0015
Author: Andrea Cosentino <[email protected]>
AuthorDate: Wed May 6 09:22:05 2026 +0200
CAMEL-23409: camel-sjms - Disable ObjectMessage by default (#22970)
For consistency with camel-jms (CAMEL-23373), disable creation and
reading of jakarta.jms.ObjectMessage by default in camel-sjms and
add a new objectMessageEnabled option (default false) on SjmsComponent
and SjmsEndpoint to opt back in. camel-sjms2 inherits the change via
Sjms2Endpoint extends SjmsEndpoint and Sjms2Component extends
SjmsComponent.
When disabled, JmsBinding refuses to:
- create an ObjectMessage from a Serializable body (auto-detected
jmsMessageType=Object or explicitly set)
- create an ObjectMessage for transferException
- extract the body of a received ObjectMessage
Both component- and endpoint-level options carry
security="insecure:serialization" so the Camel security policy sees
a uniform signal at both levels.
Tests: SjmsObjectMessageEnabledTest covers producer/consumer
default-disabled behavior, endpoint-level override, and
component-level override; JmsBindingObjectMessageEnabledTest
covers the transferException reply path. Documentation updated
in the 4.21 upgrade guide.
Closes #22945
Signed-off-by: Andrea Cosentino <[email protected]>
---
.../org/apache/camel/catalog/components/sjms.json | 22 ++--
.../org/apache/camel/catalog/components/sjms2.json | 22 ++--
.../component/sjms/SjmsComponentConfigurer.java | 6 +
.../component/sjms/SjmsEndpointConfigurer.java | 6 +
.../component/sjms/SjmsEndpointUriFactory.java | 3 +-
.../org/apache/camel/component/sjms/sjms.json | 22 ++--
.../apache/camel/component/sjms/SjmsComponent.java | 24 ++++
.../apache/camel/component/sjms/SjmsEndpoint.java | 25 +++-
.../camel/component/sjms/jms/JmsBinding.java | 36 ++++-
.../jms/JmsBindingObjectMessageEnabledTest.java | 47 +++++++
.../producer/SjmsObjectMessageEnabledTest.java | 145 +++++++++++++++++++++
.../component/sjms2/Sjms2EndpointUriFactory.java | 3 +-
.../org/apache/camel/component/sjms2/sjms2.json | 22 ++--
.../ROOT/pages/camel-4x-upgrade-guide-4_14.adoc | 28 ++++
.../dsl/Sjms2ComponentBuilderFactory.java | 25 ++++
.../component/dsl/SjmsComponentBuilderFactory.java | 25 ++++
.../endpoint/dsl/Sjms2EndpointBuilderFactory.java | 132 +++++++++++++++++++
.../endpoint/dsl/SjmsEndpointBuilderFactory.java | 132 +++++++++++++++++++
18 files changed, 681 insertions(+), 44 deletions(-)
diff --git
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/sjms.json
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/sjms.json
index bdc121af6194..58b7179c58d7 100644
---
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/sjms.json
+++
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/sjms.json
@@ -33,11 +33,12 @@
"exceptionListener": { "index": 6, "kind": "property", "displayName":
"Exception Listener", "group": "advanced", "label": "advanced", "required":
false, "type": "object", "javaType": "jakarta.jms.ExceptionListener",
"deprecated": false, "autowired": false, "secret": false, "description":
"Specifies the JMS Exception Listener that is to be notified of any underlying
JMS exceptions." },
"jmsKeyFormatStrategy": { "index": 7, "kind": "property", "displayName":
"Jms Key Format Strategy", "group": "advanced", "label": "advanced",
"required": false, "type": "object", "javaType":
"org.apache.camel.component.sjms.jms.JmsKeyFormatStrategy", "deprecated":
false, "autowired": false, "secret": false, "description": "Pluggable strategy
for encoding and decoding JMS keys so they can be compliant with the JMS
specification. Camel provides one implementation out of the box: defaul [...]
"messageCreatedStrategy": { "index": 8, "kind": "property", "displayName":
"Message Created Strategy", "group": "advanced", "label": "advanced",
"required": false, "type": "object", "javaType":
"org.apache.camel.component.sjms.jms.MessageCreatedStrategy", "deprecated":
false, "autowired": false, "secret": false, "description": "To use the given
MessageCreatedStrategy which are invoked when Camel creates new instances of
jakarta.jms.Message objects when Camel is sending a JMS message." },
- "recoveryInterval": { "index": 9, "kind": "property", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
- "replyToOnTimeoutMaxConcurrentConsumers": { "index": 10, "kind":
"property", "displayName": "Reply To On Timeout Max Concurrent Consumers",
"group": "advanced", "label": "advanced", "required": false, "type": "integer",
"javaType": "int", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": 1, "description": "Specifies the maximum number of concurrent
consumers for continue routing when timeout occurred when using request\/reply
over JMS." },
- "requestTimeoutCheckerInterval": { "index": 11, "kind": "property",
"displayName": "Request Timeout Checker Interval", "group": "advanced",
"label": "advanced", "required": false, "type": "duration", "javaType": "long",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"1000", "description": "Configures how often Camel should check for timed out
Exchanges when doing request\/reply over JMS. By default Camel checks once per
second. But if you must react faster [...]
- "headerFilterStrategy": { "index": 12, "kind": "property", "displayName":
"Header Filter Strategy", "group": "filter", "label": "filter", "required":
false, "type": "object", "javaType":
"org.apache.camel.spi.HeaderFilterStrategy", "deprecated": false, "autowired":
false, "secret": false, "description": "To use a custom
org.apache.camel.spi.HeaderFilterStrategy to filter header to and from Camel
message." },
- "deserializationFilter": { "index": 13, "kind": "property", "displayName":
"Deserialization Filter", "group": "security", "label": "advanced,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "description": "Sets
an ObjectInputFilter pattern (jdk.serialFilter syntax) applied as a
defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalua [...]
+ "objectMessageEnabled": { "index": 9, "kind": "property", "displayName":
"Object Message Enabled", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Whether to enable sending and receiving JMS ObjectMessage. By default this is
disabled because Java object serialization is a known source of security
vulnerabilities. Enable this option on [...]
+ "recoveryInterval": { "index": 10, "kind": "property", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
+ "replyToOnTimeoutMaxConcurrentConsumers": { "index": 11, "kind":
"property", "displayName": "Reply To On Timeout Max Concurrent Consumers",
"group": "advanced", "label": "advanced", "required": false, "type": "integer",
"javaType": "int", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": 1, "description": "Specifies the maximum number of concurrent
consumers for continue routing when timeout occurred when using request\/reply
over JMS." },
+ "requestTimeoutCheckerInterval": { "index": 12, "kind": "property",
"displayName": "Request Timeout Checker Interval", "group": "advanced",
"label": "advanced", "required": false, "type": "duration", "javaType": "long",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"1000", "description": "Configures how often Camel should check for timed out
Exchanges when doing request\/reply over JMS. By default Camel checks once per
second. But if you must react faster [...]
+ "headerFilterStrategy": { "index": 13, "kind": "property", "displayName":
"Header Filter Strategy", "group": "filter", "label": "filter", "required":
false, "type": "object", "javaType":
"org.apache.camel.spi.HeaderFilterStrategy", "deprecated": false, "autowired":
false, "secret": false, "description": "To use a custom
org.apache.camel.spi.HeaderFilterStrategy to filter header to and from Camel
message." },
+ "deserializationFilter": { "index": 14, "kind": "property", "displayName":
"Deserialization Filter", "group": "security", "label": "advanced,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "description": "Sets
an ObjectInputFilter pattern (jdk.serialFilter syntax) applied as a
defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalua [...]
},
"headers": {
"CamelJMSDestinationName": { "index": 0, "kind": "header", "displayName":
"", "group": "producer", "label": "producer", "required": false, "javaType":
"String", "deprecated": false, "deprecationNote": "", "autowired": false,
"secret": false, "description": "DestinationName is a JMS queue or topic name.
By default, the destinationName is interpreted as a queue name.",
"constantName":
"org.apache.camel.component.sjms.SjmsConstants#JMS_DESTINATION_NAME" },
@@ -89,10 +90,11 @@
"jmsMessageType": { "index": 40, "kind": "parameter", "displayName": "Jms
Message Type", "group": "advanced", "label": "advanced", "required": false,
"type": "enum", "javaType":
"org.apache.camel.component.sjms.jms.JmsMessageType", "enum": [ "Bytes", "Map",
"Object", "Stream", "Text" ], "deprecated": false, "autowired": false,
"secret": false, "description": "Allows you to force the use of a specific
jakarta.jms.Message implementation for sending JMS messages. Possible values
are: By [...]
"mapJmsMessage": { "index": 41, "kind": "parameter", "displayName": "Map
Jms Message", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": true, "description": "Specifies whether
Camel should auto map the received JMS message to a suited payload type, such
as jakarta.jms.TextMessage to a String etc. See section about how mapping works
below for more details." },
"messageCreatedStrategy": { "index": 42, "kind": "parameter",
"displayName": "Message Created Strategy", "group": "advanced", "label":
"advanced", "required": false, "type": "object", "javaType":
"org.apache.camel.component.sjms.jms.MessageCreatedStrategy", "deprecated":
false, "autowired": false, "secret": false, "description": "To use the given
MessageCreatedStrategy which are invoked when Camel creates new instances of
jakarta.jms.Message objects when Camel is sending a JMS message." },
- "recoveryInterval": { "index": 43, "kind": "parameter", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
- "synchronous": { "index": 44, "kind": "parameter", "displayName":
"Synchronous", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": false, "description": "Sets whether
synchronous processing should be strictly used" },
- "transferException": { "index": 45, "kind": "parameter", "displayName":
"Transfer Exception", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description": "If
enabled and you are using Request Reply messaging (InOut) and an Exchange
failed on the consumer side, then the caused Exception will be send back in
response as a jakarta.jms.ObjectMessage. [...]
- "deserializationFilter": { "index": 46, "kind": "parameter",
"displayName": "Deserialization Filter", "group": "security", "label":
"advanced,security", "required": false, "type": "string", "javaType":
"java.lang.String", "deprecated": false, "autowired": false, "secret": false,
"description": "Sets an ObjectInputFilter pattern (jdk.serialFilter syntax)
applied as a defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalu [...]
- "transacted": { "index": 47, "kind": "parameter", "displayName":
"Transacted", "group": "transaction", "label": "transaction", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Specifies whether to use transacted mode" }
+ "objectMessageEnabled": { "index": 43, "kind": "parameter", "displayName":
"Object Message Enabled", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Whether to enable sending and receiving JMS ObjectMessage. By default this is
disabled because Java object serialization is a known source of security
vulnerabilities. Enable this option [...]
+ "recoveryInterval": { "index": 44, "kind": "parameter", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
+ "synchronous": { "index": 45, "kind": "parameter", "displayName":
"Synchronous", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": false, "description": "Sets whether
synchronous processing should be strictly used" },
+ "transferException": { "index": 46, "kind": "parameter", "displayName":
"Transfer Exception", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description": "If
enabled and you are using Request Reply messaging (InOut) and an Exchange
failed on the consumer side, then the caused Exception will be send back in
response as a jakarta.jms.ObjectMessage. [...]
+ "deserializationFilter": { "index": 47, "kind": "parameter",
"displayName": "Deserialization Filter", "group": "security", "label":
"advanced,security", "required": false, "type": "string", "javaType":
"java.lang.String", "deprecated": false, "autowired": false, "secret": false,
"description": "Sets an ObjectInputFilter pattern (jdk.serialFilter syntax)
applied as a defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalu [...]
+ "transacted": { "index": 48, "kind": "parameter", "displayName":
"Transacted", "group": "transaction", "label": "transaction", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Specifies whether to use transacted mode" }
}
}
diff --git
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/sjms2.json
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/sjms2.json
index aabcd17e3a4c..aae0f5012bb0 100644
---
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/sjms2.json
+++
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/sjms2.json
@@ -33,11 +33,12 @@
"exceptionListener": { "index": 6, "kind": "property", "displayName":
"Exception Listener", "group": "advanced", "label": "advanced", "required":
false, "type": "object", "javaType": "jakarta.jms.ExceptionListener",
"deprecated": false, "autowired": false, "secret": false, "description":
"Specifies the JMS Exception Listener that is to be notified of any underlying
JMS exceptions." },
"jmsKeyFormatStrategy": { "index": 7, "kind": "property", "displayName":
"Jms Key Format Strategy", "group": "advanced", "label": "advanced",
"required": false, "type": "object", "javaType":
"org.apache.camel.component.sjms.jms.JmsKeyFormatStrategy", "deprecated":
false, "autowired": false, "secret": false, "description": "Pluggable strategy
for encoding and decoding JMS keys so they can be compliant with the JMS
specification. Camel provides one implementation out of the box: defaul [...]
"messageCreatedStrategy": { "index": 8, "kind": "property", "displayName":
"Message Created Strategy", "group": "advanced", "label": "advanced",
"required": false, "type": "object", "javaType":
"org.apache.camel.component.sjms.jms.MessageCreatedStrategy", "deprecated":
false, "autowired": false, "secret": false, "description": "To use the given
MessageCreatedStrategy which are invoked when Camel creates new instances of
jakarta.jms.Message objects when Camel is sending a JMS message." },
- "recoveryInterval": { "index": 9, "kind": "property", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
- "replyToOnTimeoutMaxConcurrentConsumers": { "index": 10, "kind":
"property", "displayName": "Reply To On Timeout Max Concurrent Consumers",
"group": "advanced", "label": "advanced", "required": false, "type": "integer",
"javaType": "int", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": 1, "description": "Specifies the maximum number of concurrent
consumers for continue routing when timeout occurred when using request\/reply
over JMS." },
- "requestTimeoutCheckerInterval": { "index": 11, "kind": "property",
"displayName": "Request Timeout Checker Interval", "group": "advanced",
"label": "advanced", "required": false, "type": "duration", "javaType": "long",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"1000", "description": "Configures how often Camel should check for timed out
Exchanges when doing request\/reply over JMS. By default Camel checks once per
second. But if you must react faster [...]
- "headerFilterStrategy": { "index": 12, "kind": "property", "displayName":
"Header Filter Strategy", "group": "filter", "label": "filter", "required":
false, "type": "object", "javaType":
"org.apache.camel.spi.HeaderFilterStrategy", "deprecated": false, "autowired":
false, "secret": false, "description": "To use a custom
org.apache.camel.spi.HeaderFilterStrategy to filter header to and from Camel
message." },
- "deserializationFilter": { "index": 13, "kind": "property", "displayName":
"Deserialization Filter", "group": "security", "label": "advanced,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "description": "Sets
an ObjectInputFilter pattern (jdk.serialFilter syntax) applied as a
defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalua [...]
+ "objectMessageEnabled": { "index": 9, "kind": "property", "displayName":
"Object Message Enabled", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Whether to enable sending and receiving JMS ObjectMessage. By default this is
disabled because Java object serialization is a known source of security
vulnerabilities. Enable this option on [...]
+ "recoveryInterval": { "index": 10, "kind": "property", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
+ "replyToOnTimeoutMaxConcurrentConsumers": { "index": 11, "kind":
"property", "displayName": "Reply To On Timeout Max Concurrent Consumers",
"group": "advanced", "label": "advanced", "required": false, "type": "integer",
"javaType": "int", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": 1, "description": "Specifies the maximum number of concurrent
consumers for continue routing when timeout occurred when using request\/reply
over JMS." },
+ "requestTimeoutCheckerInterval": { "index": 12, "kind": "property",
"displayName": "Request Timeout Checker Interval", "group": "advanced",
"label": "advanced", "required": false, "type": "duration", "javaType": "long",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"1000", "description": "Configures how often Camel should check for timed out
Exchanges when doing request\/reply over JMS. By default Camel checks once per
second. But if you must react faster [...]
+ "headerFilterStrategy": { "index": 13, "kind": "property", "displayName":
"Header Filter Strategy", "group": "filter", "label": "filter", "required":
false, "type": "object", "javaType":
"org.apache.camel.spi.HeaderFilterStrategy", "deprecated": false, "autowired":
false, "secret": false, "description": "To use a custom
org.apache.camel.spi.HeaderFilterStrategy to filter header to and from Camel
message." },
+ "deserializationFilter": { "index": 14, "kind": "property", "displayName":
"Deserialization Filter", "group": "security", "label": "advanced,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "description": "Sets
an ObjectInputFilter pattern (jdk.serialFilter syntax) applied as a
defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalua [...]
},
"headers": {
"CamelJMSDestinationName": { "index": 0, "kind": "header", "displayName":
"", "group": "producer", "label": "producer", "required": false, "javaType":
"String", "deprecated": false, "deprecationNote": "", "autowired": false,
"secret": false, "description": "DestinationName is a JMS queue or topic name.
By default, the destinationName is interpreted as a queue name.",
"constantName":
"org.apache.camel.component.sjms.SjmsConstants#JMS_DESTINATION_NAME" },
@@ -92,10 +93,11 @@
"jmsMessageType": { "index": 43, "kind": "parameter", "displayName": "Jms
Message Type", "group": "advanced", "label": "advanced", "required": false,
"type": "enum", "javaType":
"org.apache.camel.component.sjms.jms.JmsMessageType", "enum": [ "Bytes", "Map",
"Object", "Stream", "Text" ], "deprecated": false, "autowired": false,
"secret": false, "description": "Allows you to force the use of a specific
jakarta.jms.Message implementation for sending JMS messages. Possible values
are: By [...]
"mapJmsMessage": { "index": 44, "kind": "parameter", "displayName": "Map
Jms Message", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": true, "description": "Specifies whether
Camel should auto map the received JMS message to a suited payload type, such
as jakarta.jms.TextMessage to a String etc. See section about how mapping works
below for more details." },
"messageCreatedStrategy": { "index": 45, "kind": "parameter",
"displayName": "Message Created Strategy", "group": "advanced", "label":
"advanced", "required": false, "type": "object", "javaType":
"org.apache.camel.component.sjms.jms.MessageCreatedStrategy", "deprecated":
false, "autowired": false, "secret": false, "description": "To use the given
MessageCreatedStrategy which are invoked when Camel creates new instances of
jakarta.jms.Message objects when Camel is sending a JMS message." },
- "recoveryInterval": { "index": 46, "kind": "parameter", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
- "synchronous": { "index": 47, "kind": "parameter", "displayName":
"Synchronous", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": false, "description": "Sets whether
synchronous processing should be strictly used" },
- "transferException": { "index": 48, "kind": "parameter", "displayName":
"Transfer Exception", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description": "If
enabled and you are using Request Reply messaging (InOut) and an Exchange
failed on the consumer side, then the caused Exception will be send back in
response as a jakarta.jms.ObjectMessage. [...]
- "deserializationFilter": { "index": 49, "kind": "parameter",
"displayName": "Deserialization Filter", "group": "security", "label":
"advanced,security", "required": false, "type": "string", "javaType":
"java.lang.String", "deprecated": false, "autowired": false, "secret": false,
"description": "Sets an ObjectInputFilter pattern (jdk.serialFilter syntax)
applied as a defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalu [...]
- "transacted": { "index": 50, "kind": "parameter", "displayName":
"Transacted", "group": "transaction", "label": "transaction", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Specifies whether to use transacted mode" }
+ "objectMessageEnabled": { "index": 46, "kind": "parameter", "displayName":
"Object Message Enabled", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Whether to enable sending and receiving JMS ObjectMessage. By default this is
disabled because Java object serialization is a known source of security
vulnerabilities. Enable this option [...]
+ "recoveryInterval": { "index": 47, "kind": "parameter", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
+ "synchronous": { "index": 48, "kind": "parameter", "displayName":
"Synchronous", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": false, "description": "Sets whether
synchronous processing should be strictly used" },
+ "transferException": { "index": 49, "kind": "parameter", "displayName":
"Transfer Exception", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description": "If
enabled and you are using Request Reply messaging (InOut) and an Exchange
failed on the consumer side, then the caused Exception will be send back in
response as a jakarta.jms.ObjectMessage. [...]
+ "deserializationFilter": { "index": 50, "kind": "parameter",
"displayName": "Deserialization Filter", "group": "security", "label":
"advanced,security", "required": false, "type": "string", "javaType":
"java.lang.String", "deprecated": false, "autowired": false, "secret": false,
"description": "Sets an ObjectInputFilter pattern (jdk.serialFilter syntax)
applied as a defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalu [...]
+ "transacted": { "index": 51, "kind": "parameter", "displayName":
"Transacted", "group": "transaction", "label": "transaction", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Specifies whether to use transacted mode" }
}
}
diff --git
a/components/camel-sjms/src/generated/java/org/apache/camel/component/sjms/SjmsComponentConfigurer.java
b/components/camel-sjms/src/generated/java/org/apache/camel/component/sjms/SjmsComponentConfigurer.java
index 4382bbe5613a..65891fb52154 100644
---
a/components/camel-sjms/src/generated/java/org/apache/camel/component/sjms/SjmsComponentConfigurer.java
+++
b/components/camel-sjms/src/generated/java/org/apache/camel/component/sjms/SjmsComponentConfigurer.java
@@ -45,6 +45,8 @@ public class SjmsComponentConfigurer extends
PropertyConfigurerSupport implement
case "lazyStartProducer":
target.setLazyStartProducer(property(camelContext, boolean.class, value));
return true;
case "messagecreatedstrategy":
case "messageCreatedStrategy":
target.setMessageCreatedStrategy(property(camelContext,
org.apache.camel.component.sjms.jms.MessageCreatedStrategy.class, value));
return true;
+ case "objectmessageenabled":
+ case "objectMessageEnabled":
target.setObjectMessageEnabled(property(camelContext, boolean.class, value));
return true;
case "recoveryinterval":
case "recoveryInterval":
target.setRecoveryInterval(property(camelContext, java.time.Duration.class,
value).toMillis()); return true;
case "replytoontimeoutmaxconcurrentconsumers":
@@ -85,6 +87,8 @@ public class SjmsComponentConfigurer extends
PropertyConfigurerSupport implement
case "lazyStartProducer": return boolean.class;
case "messagecreatedstrategy":
case "messageCreatedStrategy": return
org.apache.camel.component.sjms.jms.MessageCreatedStrategy.class;
+ case "objectmessageenabled":
+ case "objectMessageEnabled": return boolean.class;
case "recoveryinterval":
case "recoveryInterval": return long.class;
case "replytoontimeoutmaxconcurrentconsumers":
@@ -121,6 +125,8 @@ public class SjmsComponentConfigurer extends
PropertyConfigurerSupport implement
case "lazyStartProducer": return target.isLazyStartProducer();
case "messagecreatedstrategy":
case "messageCreatedStrategy": return
target.getMessageCreatedStrategy();
+ case "objectmessageenabled":
+ case "objectMessageEnabled": return target.isObjectMessageEnabled();
case "recoveryinterval":
case "recoveryInterval": return target.getRecoveryInterval();
case "replytoontimeoutmaxconcurrentconsumers":
diff --git
a/components/camel-sjms/src/generated/java/org/apache/camel/component/sjms/SjmsEndpointConfigurer.java
b/components/camel-sjms/src/generated/java/org/apache/camel/component/sjms/SjmsEndpointConfigurer.java
index 00514c0ea497..dd1de9b416c4 100644
---
a/components/camel-sjms/src/generated/java/org/apache/camel/component/sjms/SjmsEndpointConfigurer.java
+++
b/components/camel-sjms/src/generated/java/org/apache/camel/component/sjms/SjmsEndpointConfigurer.java
@@ -85,6 +85,8 @@ public class SjmsEndpointConfigurer extends
PropertyConfigurerSupport implements
case "messageCreatedStrategy":
target.setMessageCreatedStrategy(property(camelContext,
org.apache.camel.component.sjms.jms.MessageCreatedStrategy.class, value));
return true;
case "messageselector":
case "messageSelector":
target.setMessageSelector(property(camelContext, java.lang.String.class,
value)); return true;
+ case "objectmessageenabled":
+ case "objectMessageEnabled":
target.setObjectMessageEnabled(property(camelContext, boolean.class, value));
return true;
case "preservemessageqos":
case "preserveMessageQos":
target.setPreserveMessageQos(property(camelContext, boolean.class, value));
return true;
case "priority": target.setPriority(property(camelContext, int.class,
value)); return true;
@@ -181,6 +183,8 @@ public class SjmsEndpointConfigurer extends
PropertyConfigurerSupport implements
case "messageCreatedStrategy": return
org.apache.camel.component.sjms.jms.MessageCreatedStrategy.class;
case "messageselector":
case "messageSelector": return java.lang.String.class;
+ case "objectmessageenabled":
+ case "objectMessageEnabled": return boolean.class;
case "preservemessageqos":
case "preserveMessageQos": return boolean.class;
case "priority": return int.class;
@@ -278,6 +282,8 @@ public class SjmsEndpointConfigurer extends
PropertyConfigurerSupport implements
case "messageCreatedStrategy": return
target.getMessageCreatedStrategy();
case "messageselector":
case "messageSelector": return target.getMessageSelector();
+ case "objectmessageenabled":
+ case "objectMessageEnabled": return target.isObjectMessageEnabled();
case "preservemessageqos":
case "preserveMessageQos": return target.isPreserveMessageQos();
case "priority": return target.getPriority();
diff --git
a/components/camel-sjms/src/generated/java/org/apache/camel/component/sjms/SjmsEndpointUriFactory.java
b/components/camel-sjms/src/generated/java/org/apache/camel/component/sjms/SjmsEndpointUriFactory.java
index b20530efffbd..11069013910b 100644
---
a/components/camel-sjms/src/generated/java/org/apache/camel/component/sjms/SjmsEndpointUriFactory.java
+++
b/components/camel-sjms/src/generated/java/org/apache/camel/component/sjms/SjmsEndpointUriFactory.java
@@ -23,7 +23,7 @@ public class SjmsEndpointUriFactory extends
org.apache.camel.support.component.E
private static final Set<String> SECRET_PROPERTY_NAMES;
private static final Set<String> MULTI_VALUE_PREFIXES;
static {
- Set<String> props = new HashSet<>(48);
+ Set<String> props = new HashSet<>(49);
props.add("acknowledgementMode");
props.add("allowNullBody");
props.add("asyncConsumer");
@@ -57,6 +57,7 @@ public class SjmsEndpointUriFactory extends
org.apache.camel.support.component.E
props.add("mapJmsMessage");
props.add("messageCreatedStrategy");
props.add("messageSelector");
+ props.add("objectMessageEnabled");
props.add("preserveMessageQos");
props.add("priority");
props.add("recoveryInterval");
diff --git
a/components/camel-sjms/src/generated/resources/META-INF/org/apache/camel/component/sjms/sjms.json
b/components/camel-sjms/src/generated/resources/META-INF/org/apache/camel/component/sjms/sjms.json
index bdc121af6194..58b7179c58d7 100644
---
a/components/camel-sjms/src/generated/resources/META-INF/org/apache/camel/component/sjms/sjms.json
+++
b/components/camel-sjms/src/generated/resources/META-INF/org/apache/camel/component/sjms/sjms.json
@@ -33,11 +33,12 @@
"exceptionListener": { "index": 6, "kind": "property", "displayName":
"Exception Listener", "group": "advanced", "label": "advanced", "required":
false, "type": "object", "javaType": "jakarta.jms.ExceptionListener",
"deprecated": false, "autowired": false, "secret": false, "description":
"Specifies the JMS Exception Listener that is to be notified of any underlying
JMS exceptions." },
"jmsKeyFormatStrategy": { "index": 7, "kind": "property", "displayName":
"Jms Key Format Strategy", "group": "advanced", "label": "advanced",
"required": false, "type": "object", "javaType":
"org.apache.camel.component.sjms.jms.JmsKeyFormatStrategy", "deprecated":
false, "autowired": false, "secret": false, "description": "Pluggable strategy
for encoding and decoding JMS keys so they can be compliant with the JMS
specification. Camel provides one implementation out of the box: defaul [...]
"messageCreatedStrategy": { "index": 8, "kind": "property", "displayName":
"Message Created Strategy", "group": "advanced", "label": "advanced",
"required": false, "type": "object", "javaType":
"org.apache.camel.component.sjms.jms.MessageCreatedStrategy", "deprecated":
false, "autowired": false, "secret": false, "description": "To use the given
MessageCreatedStrategy which are invoked when Camel creates new instances of
jakarta.jms.Message objects when Camel is sending a JMS message." },
- "recoveryInterval": { "index": 9, "kind": "property", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
- "replyToOnTimeoutMaxConcurrentConsumers": { "index": 10, "kind":
"property", "displayName": "Reply To On Timeout Max Concurrent Consumers",
"group": "advanced", "label": "advanced", "required": false, "type": "integer",
"javaType": "int", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": 1, "description": "Specifies the maximum number of concurrent
consumers for continue routing when timeout occurred when using request\/reply
over JMS." },
- "requestTimeoutCheckerInterval": { "index": 11, "kind": "property",
"displayName": "Request Timeout Checker Interval", "group": "advanced",
"label": "advanced", "required": false, "type": "duration", "javaType": "long",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"1000", "description": "Configures how often Camel should check for timed out
Exchanges when doing request\/reply over JMS. By default Camel checks once per
second. But if you must react faster [...]
- "headerFilterStrategy": { "index": 12, "kind": "property", "displayName":
"Header Filter Strategy", "group": "filter", "label": "filter", "required":
false, "type": "object", "javaType":
"org.apache.camel.spi.HeaderFilterStrategy", "deprecated": false, "autowired":
false, "secret": false, "description": "To use a custom
org.apache.camel.spi.HeaderFilterStrategy to filter header to and from Camel
message." },
- "deserializationFilter": { "index": 13, "kind": "property", "displayName":
"Deserialization Filter", "group": "security", "label": "advanced,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "description": "Sets
an ObjectInputFilter pattern (jdk.serialFilter syntax) applied as a
defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalua [...]
+ "objectMessageEnabled": { "index": 9, "kind": "property", "displayName":
"Object Message Enabled", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Whether to enable sending and receiving JMS ObjectMessage. By default this is
disabled because Java object serialization is a known source of security
vulnerabilities. Enable this option on [...]
+ "recoveryInterval": { "index": 10, "kind": "property", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
+ "replyToOnTimeoutMaxConcurrentConsumers": { "index": 11, "kind":
"property", "displayName": "Reply To On Timeout Max Concurrent Consumers",
"group": "advanced", "label": "advanced", "required": false, "type": "integer",
"javaType": "int", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": 1, "description": "Specifies the maximum number of concurrent
consumers for continue routing when timeout occurred when using request\/reply
over JMS." },
+ "requestTimeoutCheckerInterval": { "index": 12, "kind": "property",
"displayName": "Request Timeout Checker Interval", "group": "advanced",
"label": "advanced", "required": false, "type": "duration", "javaType": "long",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"1000", "description": "Configures how often Camel should check for timed out
Exchanges when doing request\/reply over JMS. By default Camel checks once per
second. But if you must react faster [...]
+ "headerFilterStrategy": { "index": 13, "kind": "property", "displayName":
"Header Filter Strategy", "group": "filter", "label": "filter", "required":
false, "type": "object", "javaType":
"org.apache.camel.spi.HeaderFilterStrategy", "deprecated": false, "autowired":
false, "secret": false, "description": "To use a custom
org.apache.camel.spi.HeaderFilterStrategy to filter header to and from Camel
message." },
+ "deserializationFilter": { "index": 14, "kind": "property", "displayName":
"Deserialization Filter", "group": "security", "label": "advanced,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "description": "Sets
an ObjectInputFilter pattern (jdk.serialFilter syntax) applied as a
defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalua [...]
},
"headers": {
"CamelJMSDestinationName": { "index": 0, "kind": "header", "displayName":
"", "group": "producer", "label": "producer", "required": false, "javaType":
"String", "deprecated": false, "deprecationNote": "", "autowired": false,
"secret": false, "description": "DestinationName is a JMS queue or topic name.
By default, the destinationName is interpreted as a queue name.",
"constantName":
"org.apache.camel.component.sjms.SjmsConstants#JMS_DESTINATION_NAME" },
@@ -89,10 +90,11 @@
"jmsMessageType": { "index": 40, "kind": "parameter", "displayName": "Jms
Message Type", "group": "advanced", "label": "advanced", "required": false,
"type": "enum", "javaType":
"org.apache.camel.component.sjms.jms.JmsMessageType", "enum": [ "Bytes", "Map",
"Object", "Stream", "Text" ], "deprecated": false, "autowired": false,
"secret": false, "description": "Allows you to force the use of a specific
jakarta.jms.Message implementation for sending JMS messages. Possible values
are: By [...]
"mapJmsMessage": { "index": 41, "kind": "parameter", "displayName": "Map
Jms Message", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": true, "description": "Specifies whether
Camel should auto map the received JMS message to a suited payload type, such
as jakarta.jms.TextMessage to a String etc. See section about how mapping works
below for more details." },
"messageCreatedStrategy": { "index": 42, "kind": "parameter",
"displayName": "Message Created Strategy", "group": "advanced", "label":
"advanced", "required": false, "type": "object", "javaType":
"org.apache.camel.component.sjms.jms.MessageCreatedStrategy", "deprecated":
false, "autowired": false, "secret": false, "description": "To use the given
MessageCreatedStrategy which are invoked when Camel creates new instances of
jakarta.jms.Message objects when Camel is sending a JMS message." },
- "recoveryInterval": { "index": 43, "kind": "parameter", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
- "synchronous": { "index": 44, "kind": "parameter", "displayName":
"Synchronous", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": false, "description": "Sets whether
synchronous processing should be strictly used" },
- "transferException": { "index": 45, "kind": "parameter", "displayName":
"Transfer Exception", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description": "If
enabled and you are using Request Reply messaging (InOut) and an Exchange
failed on the consumer side, then the caused Exception will be send back in
response as a jakarta.jms.ObjectMessage. [...]
- "deserializationFilter": { "index": 46, "kind": "parameter",
"displayName": "Deserialization Filter", "group": "security", "label":
"advanced,security", "required": false, "type": "string", "javaType":
"java.lang.String", "deprecated": false, "autowired": false, "secret": false,
"description": "Sets an ObjectInputFilter pattern (jdk.serialFilter syntax)
applied as a defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalu [...]
- "transacted": { "index": 47, "kind": "parameter", "displayName":
"Transacted", "group": "transaction", "label": "transaction", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Specifies whether to use transacted mode" }
+ "objectMessageEnabled": { "index": 43, "kind": "parameter", "displayName":
"Object Message Enabled", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Whether to enable sending and receiving JMS ObjectMessage. By default this is
disabled because Java object serialization is a known source of security
vulnerabilities. Enable this option [...]
+ "recoveryInterval": { "index": 44, "kind": "parameter", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
+ "synchronous": { "index": 45, "kind": "parameter", "displayName":
"Synchronous", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": false, "description": "Sets whether
synchronous processing should be strictly used" },
+ "transferException": { "index": 46, "kind": "parameter", "displayName":
"Transfer Exception", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description": "If
enabled and you are using Request Reply messaging (InOut) and an Exchange
failed on the consumer side, then the caused Exception will be send back in
response as a jakarta.jms.ObjectMessage. [...]
+ "deserializationFilter": { "index": 47, "kind": "parameter",
"displayName": "Deserialization Filter", "group": "security", "label":
"advanced,security", "required": false, "type": "string", "javaType":
"java.lang.String", "deprecated": false, "autowired": false, "secret": false,
"description": "Sets an ObjectInputFilter pattern (jdk.serialFilter syntax)
applied as a defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalu [...]
+ "transacted": { "index": 48, "kind": "parameter", "displayName":
"Transacted", "group": "transaction", "label": "transaction", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Specifies whether to use transacted mode" }
}
}
diff --git
a/components/camel-sjms/src/main/java/org/apache/camel/component/sjms/SjmsComponent.java
b/components/camel-sjms/src/main/java/org/apache/camel/component/sjms/SjmsComponent.java
index 7a515a37ddd1..331dafeec7e8 100644
---
a/components/camel-sjms/src/main/java/org/apache/camel/component/sjms/SjmsComponent.java
+++
b/components/camel-sjms/src/main/java/org/apache/camel/component/sjms/SjmsComponent.java
@@ -84,6 +84,14 @@ public class SjmsComponent extends
HeaderFilterStrategyComponent {
+ " a conservative default filter denying
java.net.** and otherwise allowing java.**, javax.**"
+ " and org.apache.camel.** is applied.")
private String deserializationFilter;
+ @Metadata(label = "advanced",
+ description = "Whether to enable sending and receiving JMS
ObjectMessage."
+ + " By default this is disabled because Java
object serialization is a known source of security"
+ + " vulnerabilities. Enable this option only if
you trust the source of the messages and need"
+ + " to send or receive Java serialized objects via
JMS. When disabled, Camel will refuse to"
+ + " create or read JMS ObjectMessage instances.
Options that rely on ObjectMessage internally"
+ + " (such as transferException) require this
option to be enabled.")
+ private boolean objectMessageEnabled;
public SjmsComponent() {
}
@@ -103,6 +111,7 @@ public class SjmsComponent extends
HeaderFilterStrategyComponent {
endpoint.setClientId(clientId);
endpoint.setExceptionListener(exceptionListener);
endpoint.setDeserializationFilter(deserializationFilter);
+ endpoint.setObjectMessageEnabled(objectMessageEnabled);
if (getHeaderFilterStrategy() != null) {
endpoint.setHeaderFilterStrategy(getHeaderFilterStrategy());
}
@@ -238,4 +247,19 @@ public class SjmsComponent extends
HeaderFilterStrategyComponent {
public void setDeserializationFilter(String deserializationFilter) {
this.deserializationFilter = deserializationFilter;
}
+
+ public boolean isObjectMessageEnabled() {
+ return objectMessageEnabled;
+ }
+
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By default
this is disabled because Java object
+ * serialization is a known source of security vulnerabilities. Enable
this option only if you trust the source of
+ * the messages and need to send or receive Java serialized objects via
JMS. When disabled, Camel will refuse to
+ * create or read JMS ObjectMessage instances. Options that rely on
ObjectMessage internally (such as
+ * transferException) require this option to be enabled.
+ */
+ public void setObjectMessageEnabled(boolean objectMessageEnabled) {
+ this.objectMessageEnabled = objectMessageEnabled;
+ }
}
diff --git
a/components/camel-sjms/src/main/java/org/apache/camel/component/sjms/SjmsEndpoint.java
b/components/camel-sjms/src/main/java/org/apache/camel/component/sjms/SjmsEndpoint.java
index e37d84968f19..5bfb3190f098 100644
---
a/components/camel-sjms/src/main/java/org/apache/camel/component/sjms/SjmsEndpoint.java
+++
b/components/camel-sjms/src/main/java/org/apache/camel/component/sjms/SjmsEndpoint.java
@@ -219,6 +219,14 @@ public class SjmsEndpoint extends DefaultEndpoint
+ " a conservative default filter denying
java.net.** and otherwise allowing java.**, javax.**"
+ " and org.apache.camel.** is applied.")
private String deserializationFilter;
+ @UriParam(label = "advanced",
+ description = "Whether to enable sending and receiving JMS
ObjectMessage."
+ + " By default this is disabled because Java
object serialization is a known source of security"
+ + " vulnerabilities. Enable this option only if
you trust the source of the messages and need"
+ + " to send or receive Java serialized objects via
JMS. When disabled, Camel will refuse to"
+ + " create or read JMS ObjectMessage instances.
Options that rely on ObjectMessage internally"
+ + " (such as transferException) require this
option to be enabled.")
+ private boolean objectMessageEnabled;
@UriParam(label = "advanced", enums = "Bytes,Map,Object,Stream,Text",
description = "Allows you to force the use of a specific
jakarta.jms.Message implementation for sending JMS messages."
+ " Possible values are: Bytes, Map, Object,
Stream, Text."
@@ -474,7 +482,7 @@ public class SjmsEndpoint extends DefaultEndpoint
protected JmsBinding createBinding() {
return new JmsBinding(
isMapJmsMessage(), isAllowNullBody(),
getHeaderFilterStrategy(), getJmsKeyFormatStrategy(),
- getMessageCreatedStrategy(), getJmsMessageType(),
getDeserializationFilter());
+ getMessageCreatedStrategy(), getJmsMessageType(),
getDeserializationFilter(), isObjectMessageEnabled());
}
public void setBinding(JmsBinding binding) {
@@ -776,6 +784,21 @@ public class SjmsEndpoint extends DefaultEndpoint
this.deserializationFilter = deserializationFilter;
}
+ public boolean isObjectMessageEnabled() {
+ return objectMessageEnabled;
+ }
+
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By default
this is disabled because Java object
+ * serialization is a known source of security vulnerabilities. Enable
this option only if you trust the source of
+ * the messages and need to send or receive Java serialized objects via
JMS. When disabled, Camel will refuse to
+ * create or read JMS ObjectMessage instances. Options that rely on
ObjectMessage internally (such as
+ * transferException) require this option to be enabled.
+ */
+ public void setObjectMessageEnabled(boolean objectMessageEnabled) {
+ this.objectMessageEnabled = objectMessageEnabled;
+ }
+
public MessageCreatedStrategy getMessageCreatedStrategy() {
return messageCreatedStrategy;
}
diff --git
a/components/camel-sjms/src/main/java/org/apache/camel/component/sjms/jms/JmsBinding.java
b/components/camel-sjms/src/main/java/org/apache/camel/component/sjms/jms/JmsBinding.java
index 9760f2d7c1bd..7313160cda30 100644
---
a/components/camel-sjms/src/main/java/org/apache/camel/component/sjms/jms/JmsBinding.java
+++
b/components/camel-sjms/src/main/java/org/apache/camel/component/sjms/jms/JmsBinding.java
@@ -82,18 +82,27 @@ public class JmsBinding {
private final MessageCreatedStrategy messageCreatedStrategy;
private final JmsMessageType jmsMessageType;
private final ObjectInputFilter deserializationFilter;
+ private final boolean objectMessageEnabled;
public JmsBinding(boolean mapJmsMessage, boolean allowNullBody,
HeaderFilterStrategy headerFilterStrategy,
JmsKeyFormatStrategy jmsJmsKeyFormatStrategy,
MessageCreatedStrategy messageCreatedStrategy,
JmsMessageType jmsMessageType) {
this(mapJmsMessage, allowNullBody, headerFilterStrategy,
jmsJmsKeyFormatStrategy,
- messageCreatedStrategy, jmsMessageType, null);
+ messageCreatedStrategy, jmsMessageType, null, false);
}
public JmsBinding(boolean mapJmsMessage, boolean allowNullBody,
HeaderFilterStrategy headerFilterStrategy,
JmsKeyFormatStrategy jmsJmsKeyFormatStrategy,
MessageCreatedStrategy messageCreatedStrategy,
JmsMessageType jmsMessageType,
String deserializationFilterPattern) {
+ this(mapJmsMessage, allowNullBody, headerFilterStrategy,
jmsJmsKeyFormatStrategy,
+ messageCreatedStrategy, jmsMessageType,
deserializationFilterPattern, false);
+ }
+
+ public JmsBinding(boolean mapJmsMessage, boolean allowNullBody,
+ HeaderFilterStrategy headerFilterStrategy,
JmsKeyFormatStrategy jmsJmsKeyFormatStrategy,
+ MessageCreatedStrategy messageCreatedStrategy,
JmsMessageType jmsMessageType,
+ String deserializationFilterPattern, boolean
objectMessageEnabled) {
this.mapJmsMessage = mapJmsMessage;
this.allowNullBody = allowNullBody;
this.headerFilterStrategy = headerFilterStrategy;
@@ -101,6 +110,22 @@ public class JmsBinding {
this.messageCreatedStrategy = messageCreatedStrategy;
this.jmsMessageType = jmsMessageType;
this.deserializationFilter =
resolveDeserializationFilter(deserializationFilterPattern);
+ this.objectMessageEnabled = objectMessageEnabled;
+ }
+
+ /**
+ * Whether sending and receiving JMS {@link ObjectMessage} is enabled.
Disabled by default for security reasons.
+ * When disabled, the binding refuses to create or read JMS {@link
ObjectMessage} instances, and any feature that
+ * relies on {@link ObjectMessage} (such as {@code transferException}) is
also disabled.
+ */
+ protected boolean isObjectMessageEnabled() {
+ return objectMessageEnabled;
+ }
+
+ private static IllegalStateException objectMessageDisabled(String
operation) {
+ return new IllegalStateException(
+ "JMS ObjectMessage is disabled by default for security reasons
(" + operation + ")."
+ + " Set objectMessageEnabled=true on
the SJMS endpoint or component to enable it.");
}
private static ObjectInputFilter resolveDeserializationFilter(String
configuredPattern) {
@@ -188,6 +213,9 @@ public class JmsBinding {
}
if (message instanceof ObjectMessage) {
+ if (!isObjectMessageEnabled()) {
+ throw objectMessageDisabled("receiving ObjectMessage");
+ }
LOG.trace("Extracting body as a ObjectMessage from JMS
message: {}", message);
ObjectMessage objectMessage = (ObjectMessage) message;
Object payload = objectMessage.getObject();
@@ -454,6 +482,9 @@ public class JmsBinding {
}
protected Message createJmsMessage(Exception cause, Session session)
throws JMSException {
+ if (!isObjectMessageEnabled()) {
+ throw objectMessageDisabled("transferException reply");
+ }
LOG.trace("Using JmsMessageType: {}", JmsMessageType.Object);
Message answer = session.createObjectMessage(cause);
// ensure default delivery mode is used by default
@@ -566,6 +597,9 @@ public class JmsBinding {
return message;
}
case Object:
+ if (!isObjectMessageEnabled()) {
+ throw objectMessageDisabled("creating ObjectMessage");
+ }
ObjectMessage message = session.createObjectMessage();
if (body != null) {
try {
diff --git
a/components/camel-sjms/src/test/java/org/apache/camel/component/sjms/jms/JmsBindingObjectMessageEnabledTest.java
b/components/camel-sjms/src/test/java/org/apache/camel/component/sjms/jms/JmsBindingObjectMessageEnabledTest.java
new file mode 100644
index 000000000000..088903296d05
--- /dev/null
+++
b/components/camel-sjms/src/test/java/org/apache/camel/component/sjms/jms/JmsBindingObjectMessageEnabledTest.java
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.sjms.jms;
+
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+/**
+ * Unit-style tests for the {@code objectMessageEnabled} guards on {@link
JmsBinding}. Complements the broker-based
+ * {@code SjmsObjectMessageEnabledTest} by verifying each guard in isolation,
including the {@code transferException}
+ * reply path which is otherwise difficult to assert end-to-end (a broken
reply path manifests as a producer-side
+ * timeout, hiding the underlying guard message).
+ */
+public class JmsBindingObjectMessageEnabledTest {
+
+ private JmsBinding binding(boolean objectMessageEnabled) {
+ return new JmsBinding(true, true, null, null, null, null, null,
objectMessageEnabled);
+ }
+
+ @Test
+ public void testTransferExceptionReplyRefusedByDefault() {
+ // Direct invocation of the public makeJmsMessage(Exception, ...)
path. The guard fires before the Session is
+ // touched, so passing null is safe and isolates the assertion.
+ IllegalStateException ex = assertThrows(IllegalStateException.class,
+ () -> binding(false).makeJmsMessage(null, null, null, new
RuntimeException("boom")));
+ assertTrue(ex.getMessage().contains("transferException reply"),
+ "Expected transferException-specific operation in error
message, got: " + ex.getMessage());
+ assertTrue(ex.getMessage().contains("objectMessageEnabled=true"),
+ "Expected guidance to enable objectMessageEnabled=true, got: "
+ ex.getMessage());
+ }
+}
diff --git
a/components/camel-sjms/src/test/java/org/apache/camel/component/sjms/producer/SjmsObjectMessageEnabledTest.java
b/components/camel-sjms/src/test/java/org/apache/camel/component/sjms/producer/SjmsObjectMessageEnabledTest.java
new file mode 100644
index 000000000000..2c26c4eb0dca
--- /dev/null
+++
b/components/camel-sjms/src/test/java/org/apache/camel/component/sjms/producer/SjmsObjectMessageEnabledTest.java
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.sjms.producer;
+
+import jakarta.jms.Message;
+import jakarta.jms.MessageConsumer;
+import jakarta.jms.MessageProducer;
+import jakarta.jms.ObjectMessage;
+
+import org.apache.camel.CamelExecutionException;
+import org.apache.camel.Exchange;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.component.sjms.SjmsComponent;
+import org.apache.camel.component.sjms.support.JmsTestSupport;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+/**
+ * Verifies that JMS ObjectMessage support is disabled by default in
camel-sjms and can be enabled via the
+ * {@code objectMessageEnabled} option.
+ */
+public class SjmsObjectMessageEnabledTest extends JmsTestSupport {
+
+ private static final String DISABLED_QUEUE =
"test.SjmsObjectMessageEnabledTest.disabled";
+ private static final String ENABLED_QUEUE =
"test.SjmsObjectMessageEnabledTest.enabled";
+ private static final String CONSUMER_QUEUE =
"test.SjmsObjectMessageEnabledTest.consumer";
+
+ @Override
+ protected boolean useJmx() {
+ return false;
+ }
+
+ @Test
+ public void testProducerRefusesSerializableBodyByDefault() {
+ CamelExecutionException ex =
assertThrows(CamelExecutionException.class,
+ () -> template.sendBody("sjms:queue:" + DISABLED_QUEUE +
"?jmsMessageType=Object",
+ new MyOrder("beer", 10)));
+ Throwable cause = rootCause(ex);
+ assertTrue(cause.getMessage().contains("objectMessageEnabled=true"),
+ "Expected guidance to enable objectMessageEnabled=true, got: "
+ cause.getMessage());
+ }
+
+ @Test
+ public void testProducerAcceptsSerializableBodyWhenEnabled() throws
Exception {
+ // when objectMessageEnabled=true, sending a Serializable body via
Object message type should succeed
+ template.sendBody("sjms:queue:" + ENABLED_QUEUE +
"?jmsMessageType=Object&objectMessageEnabled=true",
+ new MyOrder("beer", 10));
+ // verify it was actually sent as an ObjectMessage
+ MessageConsumer mc = createQueueConsumer(ENABLED_QUEUE);
+ Message message = mc.receive(5000);
+ assertNotNull(message, "Should have received the message");
+ assertTrue(message instanceof ObjectMessage, "Expected ObjectMessage
but got: " + message.getClass().getName());
+ mc.close();
+ }
+
+ @Test
+ public void testConsumerRefusesObjectMessageByDefault() throws Exception {
+ // Send an ObjectMessage directly to the queue (bypassing Camel) using
the underlying JMS session
+ MessageProducer producer =
getSession().createProducer(getSession().createQueue(CONSUMER_QUEUE));
+ ObjectMessage objectMessage = getSession().createObjectMessage();
+ objectMessage.setObject(new MyOrder("beer", 5));
+ producer.send(objectMessage);
+ producer.close();
+
+ // Reading the body via Camel should fail because
objectMessageEnabled=false (default)
+ Exchange exchange = consumer.receive("sjms:queue:" + CONSUMER_QUEUE,
5000);
+ assertNotNull(exchange, "Should have received the exchange wrapper");
+ IllegalStateException ex = assertThrows(IllegalStateException.class,
+ () -> exchange.getIn().getBody());
+ assertTrue(ex.getMessage().contains("objectMessageEnabled=true"),
+ "Expected guidance to enable objectMessageEnabled=true, got: "
+ ex.getMessage());
+ }
+
+ @Test
+ public void testComponentLevelObjectMessageEnabled() throws Exception {
+ SjmsComponent custom = new SjmsComponent();
+ custom.setConnectionFactory(connectionFactory);
+ custom.setObjectMessageEnabled(true);
+ context.addComponent("sjmsObjectEnabled", custom);
+
+ String queue = "test.SjmsObjectMessageEnabledTest.componentLevel";
+ template.sendBody("sjmsObjectEnabled:queue:" + queue +
"?jmsMessageType=Object",
+ new MyOrder("beer", 7));
+ MessageConsumer mc = createQueueConsumer(queue);
+ Message message = mc.receive(5000);
+ assertNotNull(message, "Should have received the message");
+ assertTrue(message instanceof ObjectMessage, "Expected ObjectMessage
but got: " + message.getClass().getName());
+ mc.close();
+ }
+
+ @Override
+ protected RouteBuilder createRouteBuilder() {
+ // No routes: this test uses the producer template and the consumer
template directly
+ return new RouteBuilder() {
+ @Override
+ public void configure() {
+ // intentionally empty
+ }
+ };
+ }
+
+ private static Throwable rootCause(Throwable t) {
+ Throwable cause = t;
+ while (cause.getCause() != null && cause.getCause() != cause) {
+ cause = cause.getCause();
+ }
+ return cause;
+ }
+
+ public static class MyOrder implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+ private final String item;
+ private final int quantity;
+
+ public MyOrder(String item, int quantity) {
+ this.item = item;
+ this.quantity = quantity;
+ }
+
+ public String getItem() {
+ return item;
+ }
+
+ public int getQuantity() {
+ return quantity;
+ }
+ }
+}
diff --git
a/components/camel-sjms2/src/generated/java/org/apache/camel/component/sjms2/Sjms2EndpointUriFactory.java
b/components/camel-sjms2/src/generated/java/org/apache/camel/component/sjms2/Sjms2EndpointUriFactory.java
index 64a52097b2c7..9c7b57f80b76 100644
---
a/components/camel-sjms2/src/generated/java/org/apache/camel/component/sjms2/Sjms2EndpointUriFactory.java
+++
b/components/camel-sjms2/src/generated/java/org/apache/camel/component/sjms2/Sjms2EndpointUriFactory.java
@@ -23,7 +23,7 @@ public class Sjms2EndpointUriFactory extends
org.apache.camel.support.component.
private static final Set<String> SECRET_PROPERTY_NAMES;
private static final Set<String> MULTI_VALUE_PREFIXES;
static {
- Set<String> props = new HashSet<>(51);
+ Set<String> props = new HashSet<>(52);
props.add("acknowledgementMode");
props.add("allowNullBody");
props.add("asyncConsumer");
@@ -58,6 +58,7 @@ public class Sjms2EndpointUriFactory extends
org.apache.camel.support.component.
props.add("mapJmsMessage");
props.add("messageCreatedStrategy");
props.add("messageSelector");
+ props.add("objectMessageEnabled");
props.add("preserveMessageQos");
props.add("priority");
props.add("recoveryInterval");
diff --git
a/components/camel-sjms2/src/generated/resources/META-INF/org/apache/camel/component/sjms2/sjms2.json
b/components/camel-sjms2/src/generated/resources/META-INF/org/apache/camel/component/sjms2/sjms2.json
index aabcd17e3a4c..aae0f5012bb0 100644
---
a/components/camel-sjms2/src/generated/resources/META-INF/org/apache/camel/component/sjms2/sjms2.json
+++
b/components/camel-sjms2/src/generated/resources/META-INF/org/apache/camel/component/sjms2/sjms2.json
@@ -33,11 +33,12 @@
"exceptionListener": { "index": 6, "kind": "property", "displayName":
"Exception Listener", "group": "advanced", "label": "advanced", "required":
false, "type": "object", "javaType": "jakarta.jms.ExceptionListener",
"deprecated": false, "autowired": false, "secret": false, "description":
"Specifies the JMS Exception Listener that is to be notified of any underlying
JMS exceptions." },
"jmsKeyFormatStrategy": { "index": 7, "kind": "property", "displayName":
"Jms Key Format Strategy", "group": "advanced", "label": "advanced",
"required": false, "type": "object", "javaType":
"org.apache.camel.component.sjms.jms.JmsKeyFormatStrategy", "deprecated":
false, "autowired": false, "secret": false, "description": "Pluggable strategy
for encoding and decoding JMS keys so they can be compliant with the JMS
specification. Camel provides one implementation out of the box: defaul [...]
"messageCreatedStrategy": { "index": 8, "kind": "property", "displayName":
"Message Created Strategy", "group": "advanced", "label": "advanced",
"required": false, "type": "object", "javaType":
"org.apache.camel.component.sjms.jms.MessageCreatedStrategy", "deprecated":
false, "autowired": false, "secret": false, "description": "To use the given
MessageCreatedStrategy which are invoked when Camel creates new instances of
jakarta.jms.Message objects when Camel is sending a JMS message." },
- "recoveryInterval": { "index": 9, "kind": "property", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
- "replyToOnTimeoutMaxConcurrentConsumers": { "index": 10, "kind":
"property", "displayName": "Reply To On Timeout Max Concurrent Consumers",
"group": "advanced", "label": "advanced", "required": false, "type": "integer",
"javaType": "int", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": 1, "description": "Specifies the maximum number of concurrent
consumers for continue routing when timeout occurred when using request\/reply
over JMS." },
- "requestTimeoutCheckerInterval": { "index": 11, "kind": "property",
"displayName": "Request Timeout Checker Interval", "group": "advanced",
"label": "advanced", "required": false, "type": "duration", "javaType": "long",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"1000", "description": "Configures how often Camel should check for timed out
Exchanges when doing request\/reply over JMS. By default Camel checks once per
second. But if you must react faster [...]
- "headerFilterStrategy": { "index": 12, "kind": "property", "displayName":
"Header Filter Strategy", "group": "filter", "label": "filter", "required":
false, "type": "object", "javaType":
"org.apache.camel.spi.HeaderFilterStrategy", "deprecated": false, "autowired":
false, "secret": false, "description": "To use a custom
org.apache.camel.spi.HeaderFilterStrategy to filter header to and from Camel
message." },
- "deserializationFilter": { "index": 13, "kind": "property", "displayName":
"Deserialization Filter", "group": "security", "label": "advanced,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "description": "Sets
an ObjectInputFilter pattern (jdk.serialFilter syntax) applied as a
defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalua [...]
+ "objectMessageEnabled": { "index": 9, "kind": "property", "displayName":
"Object Message Enabled", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Whether to enable sending and receiving JMS ObjectMessage. By default this is
disabled because Java object serialization is a known source of security
vulnerabilities. Enable this option on [...]
+ "recoveryInterval": { "index": 10, "kind": "property", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
+ "replyToOnTimeoutMaxConcurrentConsumers": { "index": 11, "kind":
"property", "displayName": "Reply To On Timeout Max Concurrent Consumers",
"group": "advanced", "label": "advanced", "required": false, "type": "integer",
"javaType": "int", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": 1, "description": "Specifies the maximum number of concurrent
consumers for continue routing when timeout occurred when using request\/reply
over JMS." },
+ "requestTimeoutCheckerInterval": { "index": 12, "kind": "property",
"displayName": "Request Timeout Checker Interval", "group": "advanced",
"label": "advanced", "required": false, "type": "duration", "javaType": "long",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"1000", "description": "Configures how often Camel should check for timed out
Exchanges when doing request\/reply over JMS. By default Camel checks once per
second. But if you must react faster [...]
+ "headerFilterStrategy": { "index": 13, "kind": "property", "displayName":
"Header Filter Strategy", "group": "filter", "label": "filter", "required":
false, "type": "object", "javaType":
"org.apache.camel.spi.HeaderFilterStrategy", "deprecated": false, "autowired":
false, "secret": false, "description": "To use a custom
org.apache.camel.spi.HeaderFilterStrategy to filter header to and from Camel
message." },
+ "deserializationFilter": { "index": 14, "kind": "property", "displayName":
"Deserialization Filter", "group": "security", "label": "advanced,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "description": "Sets
an ObjectInputFilter pattern (jdk.serialFilter syntax) applied as a
defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalua [...]
},
"headers": {
"CamelJMSDestinationName": { "index": 0, "kind": "header", "displayName":
"", "group": "producer", "label": "producer", "required": false, "javaType":
"String", "deprecated": false, "deprecationNote": "", "autowired": false,
"secret": false, "description": "DestinationName is a JMS queue or topic name.
By default, the destinationName is interpreted as a queue name.",
"constantName":
"org.apache.camel.component.sjms.SjmsConstants#JMS_DESTINATION_NAME" },
@@ -92,10 +93,11 @@
"jmsMessageType": { "index": 43, "kind": "parameter", "displayName": "Jms
Message Type", "group": "advanced", "label": "advanced", "required": false,
"type": "enum", "javaType":
"org.apache.camel.component.sjms.jms.JmsMessageType", "enum": [ "Bytes", "Map",
"Object", "Stream", "Text" ], "deprecated": false, "autowired": false,
"secret": false, "description": "Allows you to force the use of a specific
jakarta.jms.Message implementation for sending JMS messages. Possible values
are: By [...]
"mapJmsMessage": { "index": 44, "kind": "parameter", "displayName": "Map
Jms Message", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": true, "description": "Specifies whether
Camel should auto map the received JMS message to a suited payload type, such
as jakarta.jms.TextMessage to a String etc. See section about how mapping works
below for more details." },
"messageCreatedStrategy": { "index": 45, "kind": "parameter",
"displayName": "Message Created Strategy", "group": "advanced", "label":
"advanced", "required": false, "type": "object", "javaType":
"org.apache.camel.component.sjms.jms.MessageCreatedStrategy", "deprecated":
false, "autowired": false, "secret": false, "description": "To use the given
MessageCreatedStrategy which are invoked when Camel creates new instances of
jakarta.jms.Message objects when Camel is sending a JMS message." },
- "recoveryInterval": { "index": 46, "kind": "parameter", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
- "synchronous": { "index": 47, "kind": "parameter", "displayName":
"Synchronous", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": false, "description": "Sets whether
synchronous processing should be strictly used" },
- "transferException": { "index": 48, "kind": "parameter", "displayName":
"Transfer Exception", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description": "If
enabled and you are using Request Reply messaging (InOut) and an Exchange
failed on the consumer side, then the caused Exception will be send back in
response as a jakarta.jms.ObjectMessage. [...]
- "deserializationFilter": { "index": 49, "kind": "parameter",
"displayName": "Deserialization Filter", "group": "security", "label":
"advanced,security", "required": false, "type": "string", "javaType":
"java.lang.String", "deprecated": false, "autowired": false, "secret": false,
"description": "Sets an ObjectInputFilter pattern (jdk.serialFilter syntax)
applied as a defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalu [...]
- "transacted": { "index": 50, "kind": "parameter", "displayName":
"Transacted", "group": "transaction", "label": "transaction", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Specifies whether to use transacted mode" }
+ "objectMessageEnabled": { "index": 46, "kind": "parameter", "displayName":
"Object Message Enabled", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Whether to enable sending and receiving JMS ObjectMessage. By default this is
disabled because Java object serialization is a known source of security
vulnerabilities. Enable this option [...]
+ "recoveryInterval": { "index": 47, "kind": "parameter", "displayName":
"Recovery Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "duration", "javaType": "long", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "5000", "description":
"Specifies the interval between recovery attempts, i.e. when a connection is
being refreshed, in milliseconds. The default is 5000 ms, that is, 5 seconds."
},
+ "synchronous": { "index": 48, "kind": "parameter", "displayName":
"Synchronous", "group": "advanced", "label": "advanced", "required": false,
"type": "boolean", "javaType": "boolean", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": false, "description": "Sets whether
synchronous processing should be strictly used" },
+ "transferException": { "index": 49, "kind": "parameter", "displayName":
"Transfer Exception", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description": "If
enabled and you are using Request Reply messaging (InOut) and an Exchange
failed on the consumer side, then the caused Exception will be send back in
response as a jakarta.jms.ObjectMessage. [...]
+ "deserializationFilter": { "index": 50, "kind": "parameter",
"displayName": "Deserialization Filter", "group": "security", "label":
"advanced,security", "required": false, "type": "string", "javaType":
"java.lang.String", "deprecated": false, "autowired": false, "secret": false,
"description": "Sets an ObjectInputFilter pattern (jdk.serialFilter syntax)
applied as a defense-in-depth check on the class of the body returned by
jakarta.jms.ObjectMessage.getObject(). The pattern is evalu [...]
+ "transacted": { "index": 51, "kind": "parameter", "displayName":
"Transacted", "group": "transaction", "label": "transaction", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Specifies whether to use transacted mode" }
}
}
diff --git
a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
index 574f3535b023..1cba1991bdb8 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
@@ -34,6 +34,34 @@ Or, on a single endpoint:
jms:queue:foo?objectMessageEnabled=true
----
+=== camel-sjms / camel-sjms2
+
+The same default applies to `camel-sjms` (and `camel-sjms2`, which inherits
from it): JMS `ObjectMessage`
+support is now disabled by default and gated by a new `objectMessageEnabled`
option (default `false`)
+on `SjmsComponent` / `SjmsEndpoint`.
+
+This affects the same endpoint/component options as `camel-jms`:
+
+* `jmsMessageType=Object` (or sending a `Serializable` body that is
auto-detected as `Object`)
+* `transferException=true`
+* receiving a JMS `ObjectMessage` produced by an external sender
+
+To restore the previous behavior, enable the option at the component or
endpoint level:
+
+[source,properties]
+----
+camel.component.sjms.objectMessageEnabled=true
+camel.component.sjms2.objectMessageEnabled=true
+----
+
+Or, on a single endpoint:
+
+[source,text]
+----
+sjms:queue:foo?objectMessageEnabled=true
+sjms2:queue:foo?objectMessageEnabled=true
+----
+
=== camel-hazelcast
Hazelcast instances created and managed by Camel (when no user-supplied
diff --git
a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/Sjms2ComponentBuilderFactory.java
b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/Sjms2ComponentBuilderFactory.java
index ab910f1d4e52..c80d38fb1b84 100644
---
a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/Sjms2ComponentBuilderFactory.java
+++
b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/Sjms2ComponentBuilderFactory.java
@@ -238,6 +238,30 @@ public interface Sjms2ComponentBuilderFactory {
}
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By
default
+ * this is disabled because Java object serialization is a known source
+ * of security vulnerabilities. Enable this option only if you trust
the
+ * source of the messages and need to send or receive Java serialized
+ * objects via JMS. When disabled, Camel will refuse to create or read
+ * JMS ObjectMessage instances. Options that rely on ObjectMessage
+ * internally (such as transferException) require this option to be
+ * enabled.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: advanced
+ *
+ * @param objectMessageEnabled the value to set
+ * @return the dsl builder
+ */
+ default Sjms2ComponentBuilder objectMessageEnabled(boolean
objectMessageEnabled) {
+ doSetProperty("objectMessageEnabled", objectMessageEnabled);
+ return this;
+ }
+
+
/**
* Specifies the interval between recovery attempts, i.e. when a
* connection is being refreshed, in milliseconds. The default is 5000
@@ -361,6 +385,7 @@ public interface Sjms2ComponentBuilderFactory {
case "exceptionListener": ((Sjms2Component)
component).setExceptionListener((jakarta.jms.ExceptionListener) value); return
true;
case "jmsKeyFormatStrategy": ((Sjms2Component)
component).setJmsKeyFormatStrategy((org.apache.camel.component.sjms.jms.JmsKeyFormatStrategy)
value); return true;
case "messageCreatedStrategy": ((Sjms2Component)
component).setMessageCreatedStrategy((org.apache.camel.component.sjms.jms.MessageCreatedStrategy)
value); return true;
+ case "objectMessageEnabled": ((Sjms2Component)
component).setObjectMessageEnabled((boolean) value); return true;
case "recoveryInterval": ((Sjms2Component)
component).setRecoveryInterval((long) value); return true;
case "replyToOnTimeoutMaxConcurrentConsumers": ((Sjms2Component)
component).setReplyToOnTimeoutMaxConcurrentConsumers((int) value); return true;
case "requestTimeoutCheckerInterval": ((Sjms2Component)
component).setRequestTimeoutCheckerInterval((long) value); return true;
diff --git
a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/SjmsComponentBuilderFactory.java
b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/SjmsComponentBuilderFactory.java
index b95272b6202d..e4557b669388 100644
---
a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/SjmsComponentBuilderFactory.java
+++
b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/SjmsComponentBuilderFactory.java
@@ -238,6 +238,30 @@ public interface SjmsComponentBuilderFactory {
}
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By
default
+ * this is disabled because Java object serialization is a known source
+ * of security vulnerabilities. Enable this option only if you trust
the
+ * source of the messages and need to send or receive Java serialized
+ * objects via JMS. When disabled, Camel will refuse to create or read
+ * JMS ObjectMessage instances. Options that rely on ObjectMessage
+ * internally (such as transferException) require this option to be
+ * enabled.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: advanced
+ *
+ * @param objectMessageEnabled the value to set
+ * @return the dsl builder
+ */
+ default SjmsComponentBuilder objectMessageEnabled(boolean
objectMessageEnabled) {
+ doSetProperty("objectMessageEnabled", objectMessageEnabled);
+ return this;
+ }
+
+
/**
* Specifies the interval between recovery attempts, i.e. when a
* connection is being refreshed, in milliseconds. The default is 5000
@@ -361,6 +385,7 @@ public interface SjmsComponentBuilderFactory {
case "exceptionListener": ((SjmsComponent)
component).setExceptionListener((jakarta.jms.ExceptionListener) value); return
true;
case "jmsKeyFormatStrategy": ((SjmsComponent)
component).setJmsKeyFormatStrategy((org.apache.camel.component.sjms.jms.JmsKeyFormatStrategy)
value); return true;
case "messageCreatedStrategy": ((SjmsComponent)
component).setMessageCreatedStrategy((org.apache.camel.component.sjms.jms.MessageCreatedStrategy)
value); return true;
+ case "objectMessageEnabled": ((SjmsComponent)
component).setObjectMessageEnabled((boolean) value); return true;
case "recoveryInterval": ((SjmsComponent)
component).setRecoveryInterval((long) value); return true;
case "replyToOnTimeoutMaxConcurrentConsumers": ((SjmsComponent)
component).setReplyToOnTimeoutMaxConcurrentConsumers((int) value); return true;
case "requestTimeoutCheckerInterval": ((SjmsComponent)
component).setRequestTimeoutCheckerInterval((long) value); return true;
diff --git
a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/Sjms2EndpointBuilderFactory.java
b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/Sjms2EndpointBuilderFactory.java
index fc74efe43723..23626f8b133e 100644
---
a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/Sjms2EndpointBuilderFactory.java
+++
b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/Sjms2EndpointBuilderFactory.java
@@ -1091,6 +1091,50 @@ public interface Sjms2EndpointBuilderFactory {
doSetProperty("messageCreatedStrategy", messageCreatedStrategy);
return this;
}
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By
default
+ * this is disabled because Java object serialization is a known source
+ * of security vulnerabilities. Enable this option only if you trust
the
+ * source of the messages and need to send or receive Java serialized
+ * objects via JMS. When disabled, Camel will refuse to create or read
+ * JMS ObjectMessage instances. Options that rely on ObjectMessage
+ * internally (such as transferException) require this option to be
+ * enabled.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: advanced
+ *
+ * @param objectMessageEnabled the value to set
+ * @return the dsl builder
+ */
+ default AdvancedSjms2EndpointConsumerBuilder
objectMessageEnabled(boolean objectMessageEnabled) {
+ doSetProperty("objectMessageEnabled", objectMessageEnabled);
+ return this;
+ }
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By
default
+ * this is disabled because Java object serialization is a known source
+ * of security vulnerabilities. Enable this option only if you trust
the
+ * source of the messages and need to send or receive Java serialized
+ * objects via JMS. When disabled, Camel will refuse to create or read
+ * JMS ObjectMessage instances. Options that rely on ObjectMessage
+ * internally (such as transferException) require this option to be
+ * enabled.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: advanced
+ *
+ * @param objectMessageEnabled the value to set
+ * @return the dsl builder
+ */
+ default AdvancedSjms2EndpointConsumerBuilder
objectMessageEnabled(String objectMessageEnabled) {
+ doSetProperty("objectMessageEnabled", objectMessageEnabled);
+ return this;
+ }
/**
* Specifies the interval between recovery attempts, i.e. when a
* connection is being refreshed, in milliseconds. The default is 5000
@@ -2281,6 +2325,50 @@ public interface Sjms2EndpointBuilderFactory {
doSetProperty("messageCreatedStrategy", messageCreatedStrategy);
return this;
}
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By
default
+ * this is disabled because Java object serialization is a known source
+ * of security vulnerabilities. Enable this option only if you trust
the
+ * source of the messages and need to send or receive Java serialized
+ * objects via JMS. When disabled, Camel will refuse to create or read
+ * JMS ObjectMessage instances. Options that rely on ObjectMessage
+ * internally (such as transferException) require this option to be
+ * enabled.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: advanced
+ *
+ * @param objectMessageEnabled the value to set
+ * @return the dsl builder
+ */
+ default AdvancedSjms2EndpointProducerBuilder
objectMessageEnabled(boolean objectMessageEnabled) {
+ doSetProperty("objectMessageEnabled", objectMessageEnabled);
+ return this;
+ }
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By
default
+ * this is disabled because Java object serialization is a known source
+ * of security vulnerabilities. Enable this option only if you trust
the
+ * source of the messages and need to send or receive Java serialized
+ * objects via JMS. When disabled, Camel will refuse to create or read
+ * JMS ObjectMessage instances. Options that rely on ObjectMessage
+ * internally (such as transferException) require this option to be
+ * enabled.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: advanced
+ *
+ * @param objectMessageEnabled the value to set
+ * @return the dsl builder
+ */
+ default AdvancedSjms2EndpointProducerBuilder
objectMessageEnabled(String objectMessageEnabled) {
+ doSetProperty("objectMessageEnabled", objectMessageEnabled);
+ return this;
+ }
/**
* Specifies the interval between recovery attempts, i.e. when a
* connection is being refreshed, in milliseconds. The default is 5000
@@ -3006,6 +3094,50 @@ public interface Sjms2EndpointBuilderFactory {
doSetProperty("messageCreatedStrategy", messageCreatedStrategy);
return this;
}
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By
default
+ * this is disabled because Java object serialization is a known source
+ * of security vulnerabilities. Enable this option only if you trust
the
+ * source of the messages and need to send or receive Java serialized
+ * objects via JMS. When disabled, Camel will refuse to create or read
+ * JMS ObjectMessage instances. Options that rely on ObjectMessage
+ * internally (such as transferException) require this option to be
+ * enabled.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: advanced
+ *
+ * @param objectMessageEnabled the value to set
+ * @return the dsl builder
+ */
+ default AdvancedSjms2EndpointBuilder objectMessageEnabled(boolean
objectMessageEnabled) {
+ doSetProperty("objectMessageEnabled", objectMessageEnabled);
+ return this;
+ }
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By
default
+ * this is disabled because Java object serialization is a known source
+ * of security vulnerabilities. Enable this option only if you trust
the
+ * source of the messages and need to send or receive Java serialized
+ * objects via JMS. When disabled, Camel will refuse to create or read
+ * JMS ObjectMessage instances. Options that rely on ObjectMessage
+ * internally (such as transferException) require this option to be
+ * enabled.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: advanced
+ *
+ * @param objectMessageEnabled the value to set
+ * @return the dsl builder
+ */
+ default AdvancedSjms2EndpointBuilder objectMessageEnabled(String
objectMessageEnabled) {
+ doSetProperty("objectMessageEnabled", objectMessageEnabled);
+ return this;
+ }
/**
* Specifies the interval between recovery attempts, i.e. when a
* connection is being refreshed, in milliseconds. The default is 5000
diff --git
a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/SjmsEndpointBuilderFactory.java
b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/SjmsEndpointBuilderFactory.java
index 5742c64fc03a..89d06f0069b4 100644
---
a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/SjmsEndpointBuilderFactory.java
+++
b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/SjmsEndpointBuilderFactory.java
@@ -1016,6 +1016,50 @@ public interface SjmsEndpointBuilderFactory {
doSetProperty("messageCreatedStrategy", messageCreatedStrategy);
return this;
}
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By
default
+ * this is disabled because Java object serialization is a known source
+ * of security vulnerabilities. Enable this option only if you trust
the
+ * source of the messages and need to send or receive Java serialized
+ * objects via JMS. When disabled, Camel will refuse to create or read
+ * JMS ObjectMessage instances. Options that rely on ObjectMessage
+ * internally (such as transferException) require this option to be
+ * enabled.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: advanced
+ *
+ * @param objectMessageEnabled the value to set
+ * @return the dsl builder
+ */
+ default AdvancedSjmsEndpointConsumerBuilder
objectMessageEnabled(boolean objectMessageEnabled) {
+ doSetProperty("objectMessageEnabled", objectMessageEnabled);
+ return this;
+ }
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By
default
+ * this is disabled because Java object serialization is a known source
+ * of security vulnerabilities. Enable this option only if you trust
the
+ * source of the messages and need to send or receive Java serialized
+ * objects via JMS. When disabled, Camel will refuse to create or read
+ * JMS ObjectMessage instances. Options that rely on ObjectMessage
+ * internally (such as transferException) require this option to be
+ * enabled.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: advanced
+ *
+ * @param objectMessageEnabled the value to set
+ * @return the dsl builder
+ */
+ default AdvancedSjmsEndpointConsumerBuilder
objectMessageEnabled(String objectMessageEnabled) {
+ doSetProperty("objectMessageEnabled", objectMessageEnabled);
+ return this;
+ }
/**
* Specifies the interval between recovery attempts, i.e. when a
* connection is being refreshed, in milliseconds. The default is 5000
@@ -2206,6 +2250,50 @@ public interface SjmsEndpointBuilderFactory {
doSetProperty("messageCreatedStrategy", messageCreatedStrategy);
return this;
}
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By
default
+ * this is disabled because Java object serialization is a known source
+ * of security vulnerabilities. Enable this option only if you trust
the
+ * source of the messages and need to send or receive Java serialized
+ * objects via JMS. When disabled, Camel will refuse to create or read
+ * JMS ObjectMessage instances. Options that rely on ObjectMessage
+ * internally (such as transferException) require this option to be
+ * enabled.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: advanced
+ *
+ * @param objectMessageEnabled the value to set
+ * @return the dsl builder
+ */
+ default AdvancedSjmsEndpointProducerBuilder
objectMessageEnabled(boolean objectMessageEnabled) {
+ doSetProperty("objectMessageEnabled", objectMessageEnabled);
+ return this;
+ }
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By
default
+ * this is disabled because Java object serialization is a known source
+ * of security vulnerabilities. Enable this option only if you trust
the
+ * source of the messages and need to send or receive Java serialized
+ * objects via JMS. When disabled, Camel will refuse to create or read
+ * JMS ObjectMessage instances. Options that rely on ObjectMessage
+ * internally (such as transferException) require this option to be
+ * enabled.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: advanced
+ *
+ * @param objectMessageEnabled the value to set
+ * @return the dsl builder
+ */
+ default AdvancedSjmsEndpointProducerBuilder
objectMessageEnabled(String objectMessageEnabled) {
+ doSetProperty("objectMessageEnabled", objectMessageEnabled);
+ return this;
+ }
/**
* Specifies the interval between recovery attempts, i.e. when a
* connection is being refreshed, in milliseconds. The default is 5000
@@ -2931,6 +3019,50 @@ public interface SjmsEndpointBuilderFactory {
doSetProperty("messageCreatedStrategy", messageCreatedStrategy);
return this;
}
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By
default
+ * this is disabled because Java object serialization is a known source
+ * of security vulnerabilities. Enable this option only if you trust
the
+ * source of the messages and need to send or receive Java serialized
+ * objects via JMS. When disabled, Camel will refuse to create or read
+ * JMS ObjectMessage instances. Options that rely on ObjectMessage
+ * internally (such as transferException) require this option to be
+ * enabled.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: advanced
+ *
+ * @param objectMessageEnabled the value to set
+ * @return the dsl builder
+ */
+ default AdvancedSjmsEndpointBuilder objectMessageEnabled(boolean
objectMessageEnabled) {
+ doSetProperty("objectMessageEnabled", objectMessageEnabled);
+ return this;
+ }
+ /**
+ * Whether to enable sending and receiving JMS ObjectMessage. By
default
+ * this is disabled because Java object serialization is a known source
+ * of security vulnerabilities. Enable this option only if you trust
the
+ * source of the messages and need to send or receive Java serialized
+ * objects via JMS. When disabled, Camel will refuse to create or read
+ * JMS ObjectMessage instances. Options that rely on ObjectMessage
+ * internally (such as transferException) require this option to be
+ * enabled.
+ *
+ * The option will be converted to a <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: advanced
+ *
+ * @param objectMessageEnabled the value to set
+ * @return the dsl builder
+ */
+ default AdvancedSjmsEndpointBuilder objectMessageEnabled(String
objectMessageEnabled) {
+ doSetProperty("objectMessageEnabled", objectMessageEnabled);
+ return this;
+ }
/**
* Specifies the interval between recovery attempts, i.e. when a
* connection is being refreshed, in milliseconds. The default is 5000
