[jira] [Comment Edited] (AMQ-6013) Restrict classes that can be serialized in ObjectMessages

Fri, 16 Oct 2015 06:55:34 -0700 

    [ 
https://issues.apache.org/jira/browse/AMQ-6013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14960741#comment-14960741
 ] 

Dejan Bosanac edited comment on AMQ-6013 at 10/16/15 1:54 PM:
--------------------------------------------------------------

The classes are restricted by default to the following packages

{code}java.lang
java.util
org.apache.activemq
org.fusesource.hawtbuf
com.thoughtworks.xstream.mapper{code}

which are needed for normal functioning of http and stomp packages. If you need 
to send object messages via http, you need to add desired packages. You can do 
that with by using {{org.apache.activemq.SERIALIZABLE_PACKAGES}} system 
property. For example:

{code}-Dorg.apache.activemq.SERIALIZABLE_PACKAGES="java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper,com.mycompany.myapp"{code}


was (Author: dejanb):
The classes are restricted by default to the following packages

{code}java.lang
java.util
org.apache.activemq
org.fusesource.hawtbuf
com.thoughtworks.xstream.mapper{code}

which are needed for normal functioning of http and stomp packages. If you need 
to send object messages via http, you need to add desired packages. You can do 
that with by using {{org.apache.activemq.SERIALIZABLE_PACKAGES}} system 
property. For example:

{code}-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=""java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper,com.mycompany.myapp"{code}

> Restrict classes that can be serialized in ObjectMessages
> ---------------------------------------------------------
>
>                 Key: AMQ-6013
>                 URL: https://issues.apache.org/jira/browse/AMQ-6013
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.12.0
>            Reporter: Dejan Bosanac
>            Assignee: Dejan Bosanac
>             Fix For: 5.13.0
>
>
> At some points we do (de)serialization of JMS Object messages inside the 
> broker (HTTP, Stomp, Web Console, ...). We need to restrict classes that can 
> be serialized in this way.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to