[
https://issues.apache.org/jira/browse/AMQ-6013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dejan Bosanac resolved AMQ-6013.
--------------------------------
Resolution: Fixed
The classes are restricted by default to the following packages
{code}java.lang
java.util
org.apache.activemq
org.fusesource.hawtbuf
com.thoughtworks.xstream.mapper{code}
which are needed for normal functioning of http and stomp packages. If you need
to send object messages via http, you need to add desired packages. You can do
that with by using {{org.apache.activemq.SERIALIZABLE_PACKAGES}} system
property. For example:
{code}-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=""java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper,com.mycompany.myapp"{code}
> Restrict classes that can be serialized in ObjectMessages
> ---------------------------------------------------------
>
> Key: AMQ-6013
> URL: https://issues.apache.org/jira/browse/AMQ-6013
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.12.0
> Reporter: Dejan Bosanac
> Assignee: Dejan Bosanac
> Fix For: 5.13.0
>
>
> At some points we do (de)serialization of JMS Object messages inside the
> broker (HTTP, Stomp, Web Console, ...). We need to restrict classes that can
> be serialized in this way.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
