activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r975703 - in /websites/production/activemq/content: cache/main.pageCache objectmessage.html
Date Wed, 16 Dec 2015 16:21:59 GMT
Author: buildbot
Date: Wed Dec 16 16:21:59 2015
New Revision: 975703

Log:
Production update by buildbot for activemq

Modified:
    websites/production/activemq/content/cache/main.pageCache
    websites/production/activemq/content/objectmessage.html

Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/activemq/content/objectmessage.html
==============================================================================
--- websites/production/activemq/content/objectmessage.html (original)
+++ websites/production/activemq/content/objectmessage.html Wed Dec 16 16:21:59 2015
@@ -85,34 +85,40 @@
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">-Dorg.apache.activemq.SERIALIZABLE_PACKAGES="java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper,com.mycompany.myapp"</pre>
 </div></div><p>will add <code>com.mycompany.myapp</code> package
to the list of trusted packages. Note that other packages listed here are enabled by default
as they are necessary for the regular broker work. In case you want to shortcut this mechanism,
you can allow all packages to be trusted by using <code>*</code> wildcard, like</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">-Dorg.apache.activemq.SERIALIZABLE_PACKAGES="*"</pre>
-</div></div><h3 id="ObjectMessage-Clients">Clients</h3><p>On
the client side, you need to have this same mechanism as malicious code can be deserialized
on <code>ObjectMessage.getObject()</code> call, compromising your application's
environment. At this point the configuration mechanism is the same as on the broker, so you'll
need to set appropriate system properties. There is an ongoing work in&#160;<style>
-    .jira-issue {
-        padding: 0 0 0 2px;
-        line-height: 20px;
-    }
-
-    .jira-issue img {
-        padding-right: 5px;
-    }
-    .jira-issue .aui-lozenge {
-        line-height: 18px;
-        vertical-align: top;
-    }
-
-    .jira-issue .icon {
-        background-position: left center;
-        background-repeat: no-repeat;
-        display: inline-block;
-        font-size: 0;
-        max-height: 16px;
-        text-align: left;
-        text-indent: -9999em;
-        vertical-align: text-bottom;
-    }
-</style>
-
-    <span class="jira-issue AMQ-6077"><a shape="rect" class="issue-link" href="https://issues.apache.org/jira/browse/AMQ-6077?src=confmacro">AMQ-6077</a></span>
-&#160;to improve this and make it configurable using <code>ActiveMQConnectionFactory</code>
and Camel <code>ActiveMQComponent</code> objects. This will be documented in this
area when finished (targeted for <strong>5.13.1</strong> release).</p></div>
+</div></div><h3 id="ObjectMessage-Clients">Clients</h3><p>On
the client side, you need to have this same mechanism as malicious code can be deserialized
on <code>ObjectMessage.getObject()</code> call, compromising your application's
environment. You can use the same configuration mechanism on the broker and configure trusted
classes using system properties. However, this is usually not convenient in the client applications,
so in <strong>5.13.1</strong> we introduced additional configuration mechanism
using <code>ActiveMQConnectionFactory</code>. There are two additional methods
defined:</p><ul><li>The <code>setTrustedPackages()</code> method
allows you to set the list of trusted packages you want to be to unserialize, like</li></ul><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">ActiveMQConnectionFactory
factory = new ActiveMQConnectionFactory("tcp://localhost:61616");
+factory.setTrustedPackages(new ArrayList(Arrays.asList("org.apache.activemq.test,org.apache.camel.test")));</pre>
+</div></div><ul><li>The&#160;<code>setTrustAllPackages()</code>
allows you to turn off security check and trust all classes. It's useful for testing purposes.</li></ul><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">ActiveMQConnectionFactory
factory = new ActiveMQConnectionFactory("tcp://localhost:61616");
+factory.setTrustAllPackages(true);</pre>
+</div></div><p>You can set the same properties in Camel context like:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">  
 &lt;bean id="connectionFactory" class="org.apache.activemq.spring.ActiveMQConnectionFactory"&gt;
+        &lt;property name="brokerURL" value="tcp://localhost:61616"/&gt;
+        &lt;property name="trustedPackages"&gt;
+            &lt;list&gt;
+				&lt;value&gt;org.apache.activemq.test&lt;/value&gt;
+                &lt;value&gt;org.apache.camel.test&lt;/value&gt;
+            &lt;/list&gt;
+        &lt;/property&gt;
+    &lt;/bean&gt;
+    &lt;bean id="jmsConfig" class="org.apache.camel.component.jms.JmsConfiguration"&gt;
+        &lt;property name="connectionFactory" ref="connectionFactory"/&gt;
+    &lt;/bean&gt;
+    &lt;bean id="activemq" class="org.apache.activemq.camel.component.ActiveMQComponent"&gt;
+        &lt;property name="configuration" ref="jmsConfig"/&gt;
+    &lt;/bean&gt;</pre>
+</div></div><p>or</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">  
 &lt;bean id="connectionFactory" class="org.apache.activemq.spring.ActiveMQConnectionFactory"&gt;
+        &lt;property name="brokerURL" value="tcp://localhost:61616"/&gt;
+		&lt;property name="trustAllPackages" value="true"/&gt;
+    &lt;/bean&gt;
+    &lt;bean id="jmsConfig" class="org.apache.camel.component.jms.JmsConfiguration"&gt;
+        &lt;property name="connectionFactory" ref="connectionFactory"/&gt;
+    &lt;/bean&gt;
+    &lt;bean id="activemq" class="org.apache.activemq.camel.component.ActiveMQComponent"&gt;
+        &lt;property name="configuration" ref="jmsConfig"/&gt;
+    &lt;/bean&gt;</pre>
+</div></div><p>This configuration will override system properties if they
are set.</p></div>
         </td>
         <td valign="top">
           <div class="navigation">



Mime
View raw message