Scott Werner created ARTEMIS-4167:
-------------------------------------
Summary: Enhance deserialization filter beyond black/whitelist
functionality
Key: ARTEMIS-4167
URL: https://issues.apache.org/jira/browse/ARTEMIS-4167
Project: ActiveMQ Artemis
Issue Type: New Feature
Reporter: Scott Werner
Now that Artemis is Java 11+ compatible, there is now the ability to set an
ObjectInputFilter on an ObjectInputStream. There are also built in methods to
generate filters similar to the current syntax and offers many other features
out of the box. A global jvm property (jdk.serialFilter) can be set, but this
is quite restrictive. I suggest adding a new serial filter pattern and class
name of an ObjectInputFilter implementation, everywhere blacklist/whitelist
exist today. In time we can look into converting the existing black/whitelist
to the new format or just deprecating as the semantics are a bit different and
may not be able to make it 100% compatible.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
