[ 
https://issues.apache.org/jira/browse/QPIDJMS-495?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17066664#comment-17066664
 ] 

Timothy A. Bish edited comment on QPIDJMS-495 at 3/25/20, 1:13 PM:
-------------------------------------------------------------------

The values referenced in the code you've pointed to are names for settings 
these values via System properties which is different from the documented URI 
options you've also referenced.  The expected route for most folks is the URI 
options as that will not cause all clients on a given system to be configured 
with the same set of white and or black list options.  The System property 
values are there in the default deserialization policy but are not the expected 
route for most folks to use for configuration. 

 

An 
[example|https://github.com/apache/qpid-jms/blob/master/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/ObjectMessageIntegrationTest.java#L336]
 of using URI configuration can be found in the test suite.


was (Author: tabish121):
The values referenced in the code you've pointed to are names for settings 
these values via System properties which is different from the documented URI 
options you've also referenced.  The expected route for most folks is the URI 
options as that will not cause all clients on a given system to be configured 
with the same set of white and or black list options.  The System property 
values are there in the default deserialization policy but are not the expected 
route for most folks to use for configuration. 

> whiteList/blackList properties have no effect
> ---------------------------------------------
>
>                 Key: QPIDJMS-495
>                 URL: https://issues.apache.org/jira/browse/QPIDJMS-495
>             Project: Qpid JMS
>          Issue Type: Bug
>          Components: qpid-jms-client
>    Affects Versions: 0.48.0
>            Reporter: Miko Nieminen
>            Priority: Major
>
> Documentation says:
> *jms.deserializationPolicy.whiteList* A comma separated list of class/package 
> names that should be allowed when deserializing the contents of a JMS 
> ObjectMessage, unless overridden by the blackList. The names in this list are 
> not pattern values, the exact class or package name must be configured, e.g 
> "java.util.Map" or "java.util". Package matches include sub-packages. Default 
> is to allow all. *jms.deserializationPolicy.blackList* A comma separated list 
> of class/package names that should be rejected when deserializing the 
> contents of a JMS ObjectMessage. The names in this list are not pattern 
> values, the exact class or package name must be configured, e.g 
> "java.util.Map" or "java.util". Package matches include sub-packages. Default 
> is to prevent none.
> But it seems these properties have no effect. Instead the properties that 
> work are:
> {{org.apache.qpid.jms.deserialization.white_list}}
> {{org.apache.qpid.jms.deserialization.black_list}}
> These properties are defined in JmsDefaultDeserializationPolicy.java: 
> https://github.com/apache/qpid-jms/blob/0.48.0/qpid-jms-client/src/main/java/org/apache/qpid/jms/policy/JmsDefaultDeserializationPolicy.java#L49



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to