[
https://issues.apache.org/jira/browse/AMQ-6077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dejan Bosanac resolved AMQ-6077.
--------------------------------
Resolution: Fixed
I implemented ActiveMQConnectionFactory configuration that helps with this.
There are a two new methods:
- setTrustedPackages(List<String> packages) - that defines a list of packages
that can be used with ObjectMessages
- setTrustAllPackages() - that shortcuts the security check and makes all
classes trusted.
Camel configuration example can be found at:
https://github.com/apache/activemq/blob/master/activemq-camel/src/test/resources/org/apache/activemq/camel/jms-object-message.xml
> Better configuration of restricted classes for clients
> ------------------------------------------------------
>
> Key: AMQ-6077
> URL: https://issues.apache.org/jira/browse/AMQ-6077
> Project: ActiveMQ
> Issue Type: Improvement
> Affects Versions: 5.13.0
> Reporter: Dejan Bosanac
> Assignee: Dejan Bosanac
> Fix For: 5.13.1
>
>
> [AMQ-6013] introduces the checks on the classes that are allowed to be
> serialized through ObjectMessages. The original implementation was designed
> to protect the broker, so system property configuration was the easiest
> solution.
> This change affect the clients that uses ObjectMessages.getObject() method.
> We need to provide a better way of configuring this for clients. My initial
> idea is that we should provide a configuration on ActiveMQConnectionFactory
> and ActiveMQComponent classes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
