activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mhemple <mhem...@gmail.com>
Subject Object Message Deserialization Security White List Wildcards
Date Sun, 21 Feb 2016 01:23:28 GMT
Hi,

I'm using ActiveMQ as my jms broker for a webapp.  I am currently using the
vm argument -Dorg.apache.activemq.SERIALIZABLE_PACKAGES="*" so that Spring
integration can deserialize my object messages
(http://activemq.apache.org/objectmessage.html).  I know this is a security
vulnerability and I'd like to use a white list, but I'm having issues
getting it to work correctly.  What I'd like to do is use wild cards to
white list every spring integration class... something like this
-Dorg.apache.activemq.SERIALIZABLE_PACKAGES="org.springframework.integration.*"
but this doesn't seem to work.  Do I have to list each package individually?

Thanks



--
View this message in context: http://activemq.2283324.n4.nabble.com/Object-Message-Deserialization-Security-White-List-Wildcards-tp4707904.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
View raw message