jbertram commented on code in PR #5307: URL: https://github.com/apache/activemq-artemis/pull/5307#discussion_r1809674815
########## docs/user-manual/security.adoc: ########## @@ -1431,6 +1431,16 @@ comma separated values for allow list These properties, once specified, are eventually set on the corresponding internal factories. +=== Filtering using built-in JVM support + +Now that Apache ActiveMQ Artemis requires a minimum JVM version of 11, built-in Java serialization filtering mechanisms can be utilized. +Instead of providing an `allow list` or `deny list`, you can specify either a `serialFilter` or `serialFilterClassName`. + +* `serialFilter` - A pattern based filter that allows you to define allow/deny lists and constraints limiting graph complexity and size. https://docs.oracle.com/en/java/javase/17/core/serialization-filtering1.html#JSCOR-GUID-8296D8E8-2B93-4B9A-856E-0A65AF9B8C66[Filter Syntax] +* `serialFilterClassName` - For those who need a custom filtering solution, you can supply an implementation of https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/io/ObjectInputFilter.html[ObjectInputFilter] Review Comment: A simple example and a blurb to compare & contrast this approach against the existing approach would help users choose what's best for their use-case. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org For additional commands, e-mail: gitbox-h...@activemq.apache.org For further information, visit: https://activemq.apache.org/contact
