activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dejan Bosanac (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (AMQ-6077) Better configuration of restricted classes for clients
Date Mon, 14 Dec 2015 13:04:46 GMT

     [ https://issues.apache.org/jira/browse/AMQ-6077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dejan Bosanac resolved AMQ-6077.
--------------------------------
    Resolution: Fixed

I implemented ActiveMQConnectionFactory configuration that helps with this.

There are a two new methods:

- setTrustedPackages(List<String> packages) - that defines a list of packages that can
be used with ObjectMessages
- setTrustAllPackages() - that shortcuts the security check and makes all classes trusted.


Camel configuration example can be found at:

https://github.com/apache/activemq/blob/master/activemq-camel/src/test/resources/org/apache/activemq/camel/jms-object-message.xml
 

> Better configuration of restricted classes for clients
> ------------------------------------------------------
>
>                 Key: AMQ-6077
>                 URL: https://issues.apache.org/jira/browse/AMQ-6077
>             Project: ActiveMQ
>          Issue Type: Improvement
>    Affects Versions: 5.13.0
>            Reporter: Dejan Bosanac
>            Assignee: Dejan Bosanac
>             Fix For: 5.13.1
>
>
> [AMQ-6013] introduces the checks on the classes that are allowed to be serialized through
ObjectMessages. The original implementation was designed to protect the broker, so system
property configuration was the easiest solution.
> This change affect the clients that uses ObjectMessages.getObject() method. We need to
provide a better way of configuring this for clients. My initial idea is that we should provide
a configuration on ActiveMQConnectionFactory and ActiveMQComponent classes.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message