Andrea Cosentino created CAMEL-23815:
----------------------------------------
Summary: camel-support: provide a shared ObjectInputFilter
deserialization-filter resolver to deduplicate it across the HTTP/JMS/Netty
components
Key: CAMEL-23815
URL: https://issues.apache.org/jira/browse/CAMEL-23815
Project: Camel
Issue Type: Improvement
Reporter: Andrea Cosentino
Assignee: Andrea Cosentino
Fix For: 4.22.0
The Java-deserialization {{ObjectInputFilter}} logic -- the
{{DEFAULT_DESERIALIZATION_FILTER}} constant and the
{{resolveDeserializationFilter()}} resolution (configured pattern -> JVM-wide
{{jdk.serialFilter}} -> conservative default) -- is now duplicated across
several components:
* camel-http-common: {{HttpHelper}} (added in CAMEL-23769)
* camel-netty-http: {{NettyHttpHelper}}
* camel-netty: {{NettyConverter}}
* camel-vertx-http: {{VertxHttpHelper}}
* camel-jms: {{JmsBinding}}
This proposes extracting the shared constant and resolver into a small utility
in *camel-support* so the components can reuse it instead of each carrying a
copy.
It would also be the right place to unify the default pattern: the HTTP/Netty
variants include the JEP-290 graph-shape limits
({{maxdepth=20;maxrefs=10000;maxbytes=10485760}}) while camel-jms omits them. A
single shared default -- or a documented, deliberate per-transport choice --
would remove that inconsistency.
Follow-up to CAMEL-23769 (PR apache/camel#24196), per review suggestions from
davsclaus and gnodet.
_AI-assisted ticket created by Claude Code on behalf of Andrea Cosentino._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
