Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id B93B2200B48 for ; Mon, 18 Jul 2016 18:40:12 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id B7BF5160A6D; Mon, 18 Jul 2016 16:40:12 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 0A2B7160A65 for ; Mon, 18 Jul 2016 18:40:11 +0200 (CEST) Received: (qmail 88747 invoked by uid 500); 18 Jul 2016 16:40:11 -0000 Mailing-List: contact dev-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list dev@activemq.apache.org Received: (qmail 88735 invoked by uid 99); 18 Jul 2016 16:40:10 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Jul 2016 16:40:10 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id B98C7DFAF5; Mon, 18 Jul 2016 16:40:10 +0000 (UTC) From: mtaylor To: dev@activemq.apache.org Reply-To: dev@activemq.apache.org References: In-Reply-To: Subject: [GitHub] activemq-artemis pull request #632: ARTEMIS-604 - Message Serialization Impr... Content-Type: text/plain Message-Id: <20160718164010.B98C7DFAF5@git1-us-west.apache.org> Date: Mon, 18 Jul 2016 16:40:10 +0000 (UTC) archived-at: Mon, 18 Jul 2016 16:40:12 -0000 Github user mtaylor commented on a diff in the pull request: https://github.com/apache/activemq-artemis/pull/632#discussion_r71182493 --- Diff: artemis-core-client/src/main/java/org/apache/activemq/artemis/utils/ObjectInputStreamWithClassLoader.java --- @@ -25,23 +25,110 @@ import java.security.AccessController; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Iterator; +import java.util.List; public class ObjectInputStreamWithClassLoader extends ObjectInputStream { // Constants ------------------------------------------------------------------------------------ + /** + * Value used to indicate that all classes should be white or black listed, + */ + public static final String CATCH_ALL_WILDCARD = "*"; + + public static final String WHITELIST_PROPERTY = "org.apache.activemq.artemis.jms.deserialization.whitelist"; + public static final String BLACKLIST_PROPERTY = "org.apache.activemq.artemis.jms.deserialization.blacklist"; + // Attributes ----------------------------------------------------------------------------------- + private List whiteList = new ArrayList<>(); + private List blackList = new ArrayList<>(); + // Static --------------------------------------------------------------------------------------- // Constructors --------------------------------------------------------------------------------- public ObjectInputStreamWithClassLoader(final InputStream in) throws IOException { super(in); + String whiteList = System.getProperty(WHITELIST_PROPERTY, null); + setWhiteList(whiteList); + + String blackList = System.getProperty(BLACKLIST_PROPERTY, null); + setBlackList(blackList); } // Public --------------------------------------------------------------------------------------- + /** + * @return the whiteList configured on this policy instance. + */ + public String getWhiteList() { + Iterator entries = whiteList.iterator(); + StringBuilder builder = new StringBuilder(); + + while (entries.hasNext()) { + builder.append(entries.next()); + if (entries.hasNext()) { + builder.append(","); + } + } + return builder.toString(); + } + + /** + * @return the blackList configured on this policy instance. + */ + public String getBlackList() { + Iterator entries = blackList.iterator(); + StringBuilder builder = new StringBuilder(); + + while (entries.hasNext()) { + builder.append(entries.next()); + if (entries.hasNext()) { + builder.append(","); + } + } + + return builder.toString(); + } + + /** + * Replaces the currently configured whiteList with a comma separated + * string containing the new whiteList. Null or empty string denotes + * no whiteList entries, {@value #CATCH_ALL_WILDCARD} indicates that + * all classes are whiteListed. + * + * @param whiteList the whiteList that this policy is configured to recognize. + */ + public void setWhiteList(String whiteList) { + ArrayList list = new ArrayList<>(); + if (whiteList != null && !whiteList.isEmpty()) { + list.addAll(Arrays.asList(whiteList.split(","))); + } + + this.whiteList = list; + } + + /** + * Replaces the currently configured blackList with a comma separated + * string containing the new blackList. Null or empty string denotes + * no blacklist entries, {@value #CATCH_ALL_WILDCARD} indicates that + * all classes are blacklisted. + * + * @param blackList the blackList that this policy is configured to recognize. + */ + public void setBlackList(String blackList) { + ArrayList list = new ArrayList<>(); + if (blackList != null && !blackList.isEmpty()) { + list.addAll(Arrays.asList(blackList.split(","))); + } + + this.blackList = list; + } + --- End diff -- Same comment as above. You could move the list validation and parse into a separation method to avoid duplication. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastructure@apache.org or file a JIRA ticket with INFRA. ---