You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ta...@apache.org on 2020/07/15 18:38:07 UTC
[qpid-jms] branch master updated: QPIDJMS-510 Update
deserialization policy option naming
This is an automated email from the ASF dual-hosted git repository.
tabish pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-jms.git
The following commit(s) were added to refs/heads/master by this push:
new 0a80f48 QPIDJMS-510 Update deserialization policy option naming
0a80f48 is described below
commit 0a80f48481072247ece5376142552122ac6fb7c8
Author: Timothy Bish <ta...@gmail.com>
AuthorDate: Wed Jul 15 14:37:49 2020 -0400
QPIDJMS-510 Update deserialization policy option naming
Use allow / deny list option naming and deprecate the older values,
adding in some tests to ensure the older version continue to function
until fully removed at a later date.
---
.../policy/JmsDefaultDeserializationPolicy.java | 179 ++++++++++++++-------
.../apache/qpid/jms/JmsConnectionFactoryTest.java | 74 +++++++--
.../integration/ObjectMessageIntegrationTest.java | 30 ++--
.../JmsDefaultDeserializationPolicyTest.java | 152 ++++++++++++++---
qpid-jms-docs/Configuration.md | 6 +-
5 files changed, 327 insertions(+), 114 deletions(-)
diff --git a/qpid-jms-client/src/main/java/org/apache/qpid/jms/policy/JmsDefaultDeserializationPolicy.java b/qpid-jms-client/src/main/java/org/apache/qpid/jms/policy/JmsDefaultDeserializationPolicy.java
index 2bcbed4..86a60f6 100644
--- a/qpid-jms-client/src/main/java/org/apache/qpid/jms/policy/JmsDefaultDeserializationPolicy.java
+++ b/qpid-jms-client/src/main/java/org/apache/qpid/jms/policy/JmsDefaultDeserializationPolicy.java
@@ -24,43 +24,66 @@ import java.util.List;
import org.apache.qpid.jms.JmsDestination;
/**
- * Default implementation of the deserialization policy that can read white and black list of
+ * Default implementation of the deserialization policy that can read allow and deny lists of
* classes/packages from the environment, and be updated by the connection uri options.
*
- * The policy reads a default blackList string value (comma separated) from the system property
- * {@value #BLACKLIST_PROPERTY} which defaults to null which indicates an empty blacklist.
+ * The policy reads a default deny list string value (comma separated) from the system property
+ * {@value #DENYLIST_PROPERTY} which defaults to null which indicates an empty deny list.
*
- * The policy reads a default whitelist string value (comma separated) from the system property
- * {@value #WHITELIST_PROPERTY} which defaults to a {@value #CATCH_ALL_WILDCARD} which
- * indicates that all classes are whitelisted.
+ * The policy reads a default allow list string value (comma separated) from the system property
+ * {@value #ALLOWLIST_PROPERTY} which defaults to a {@value #CATCH_ALL_WILDCARD} which
+ * indicates that all classes are allowed.
*
- * The blacklist overrides the whitelist, entries that could match both are counted as blacklisted.
+ * The deny list overrides the allow list, entries that could match both are counted as denied.
*
- * If the policy should treat all classes as untrusted the blacklist should be set to
+ * If the policy should treat all classes as untrusted the deny list should be set to
* {@value #CATCH_ALL_WILDCARD}".
*/
public class JmsDefaultDeserializationPolicy implements JmsDeserializationPolicy {
/**
- * Value used to indicate that all classes should be white or black listed,
+ * Value used to indicate that all classes should be allowed or denied,
*/
public static final String CATCH_ALL_WILDCARD = "*";
- public static final String WHITELIST_PROPERTY = "org.apache.qpid.jms.deserialization.white_list";
- public static final String BLACKLIST_PROPERTY = "org.apache.qpid.jms.deserialization.black_list";
+ /**
+ * @deprecated new applications should use the ALLOWLIST_PROPERTY instead
+ */
+ @Deprecated
+ public static final String DEPRECATED_ALLOWLIST_PROPERTY = "org.apache.qpid.jms.deserialization.white_list";
+
+ /**
+ * @deprecated new applications should use the DENYLIST_PROPERTY instead
+ */
+ @Deprecated
+ public static final String DEPRECATED_DENYLIST_PROPERTY = "org.apache.qpid.jms.deserialization.black_list";
+
+ public static final String ALLOWLIST_PROPERTY = "org.apache.qpid.jms.deserialization.allow_list";
+ public static final String DENYLIST_PROPERTY = "org.apache.qpid.jms.deserialization.deny_list";
- private List<String> whiteList = new ArrayList<String>();
- private List<String> blackList = new ArrayList<String>();
+ private List<String> allowList = new ArrayList<String>();
+ private List<String> denyList = new ArrayList<String>();
/**
* Creates an instance of this policy with default configuration.
*/
public JmsDefaultDeserializationPolicy() {
- String whitelist = System.getProperty(WHITELIST_PROPERTY, CATCH_ALL_WILDCARD);
- setWhiteList(whitelist);
- String blackList = System.getProperty(BLACKLIST_PROPERTY);
- setBlackList(blackList);
+ // TODO: Upon removal of deprecated constants replace with call to use the CATCH_ALL_WILDCARD as the default
+ // final String allowList = System.getProperty(ALLOWLIST_PROPERTY, CATCH_ALL_WILDCARD);
+
+ final String deprecatedAllowList = System.getProperty(DEPRECATED_ALLOWLIST_PROPERTY, CATCH_ALL_WILDCARD);
+ final String allowList = System.getProperty(ALLOWLIST_PROPERTY, deprecatedAllowList);
+
+ setAllowList(allowList);
+
+ // TODO: Upon removal of deprecated constants replace with call to use the no default value method
+ // final String denyList = System.getProperty(DENYLIST_PROPERTY);
+
+ final String deprecatedDenyList = System.getProperty(DEPRECATED_DENYLIST_PROPERTY);
+ final String denyList = System.getProperty(DENYLIST_PROPERTY, deprecatedDenyList);
+
+ setDenyList(denyList);
}
/**
@@ -68,8 +91,8 @@ public class JmsDefaultDeserializationPolicy implements JmsDeserializationPolicy
* The instance whose configuration should be copied from.
*/
public JmsDefaultDeserializationPolicy(JmsDefaultDeserializationPolicy source) {
- this.whiteList.addAll(source.whiteList);
- this.blackList.addAll(source.blackList);
+ this.allowList.addAll(source.allowList);
+ this.denyList.addAll(source.denyList);
}
@Override
@@ -89,18 +112,18 @@ public class JmsDefaultDeserializationPolicy implements JmsDeserializationPolicy
className = clazz.getName();
}
- for (String blackListEntry : blackList) {
- if (CATCH_ALL_WILDCARD.equals(blackListEntry)) {
+ for (String denyListEntry : denyList) {
+ if (CATCH_ALL_WILDCARD.equals(denyListEntry)) {
return false;
- } else if (isClassOrPackageMatch(className, blackListEntry)) {
+ } else if (isClassOrPackageMatch(className, denyListEntry)) {
return false;
}
}
- for (String whiteListEntry : whiteList) {
- if (CATCH_ALL_WILDCARD.equals(whiteListEntry)) {
+ for (String allowListEntry : allowList) {
+ if (CATCH_ALL_WILDCARD.equals(allowListEntry)) {
return true;
- } else if (isClassOrPackageMatch(className, whiteListEntry)) {
+ } else if (isClassOrPackageMatch(className, allowListEntry)) {
return true;
}
}
@@ -129,10 +152,20 @@ public class JmsDefaultDeserializationPolicy implements JmsDeserializationPolicy
}
/**
- * @return the whiteList configured on this policy instance.
+ * @return the allow list configured on this policy instance.
+ *
+ * @deprecated Use the replacement method {@link #getAllowList()}
*/
+ @Deprecated
public String getWhiteList() {
- Iterator<String> entries = whiteList.iterator();
+ return getAllowList();
+ }
+
+ /**
+ * @return the allow list configured on this policy instance.
+ */
+ public String getAllowList() {
+ Iterator<String> entries = allowList.iterator();
StringBuilder builder = new StringBuilder();
while (entries.hasNext()) {
@@ -146,10 +179,20 @@ public class JmsDefaultDeserializationPolicy implements JmsDeserializationPolicy
}
/**
- * @return the blackList configured on this policy instance.
+ * @return the deny list configured on this policy instance.
+ *
+ * @deprecated Use the replacement method {@link #getDenyList()}
*/
+ @Deprecated
public String getBlackList() {
- Iterator<String> entries = blackList.iterator();
+ return getDenyList();
+ }
+
+ /**
+ * @return the deny list configured on this policy instance.
+ */
+ public String getDenyList() {
+ Iterator<String> entries = denyList.iterator();
StringBuilder builder = new StringBuilder();
while (entries.hasNext()) {
@@ -163,47 +206,69 @@ public class JmsDefaultDeserializationPolicy implements JmsDeserializationPolicy
}
/**
- * Replaces the currently configured whiteList with a comma separated
- * string containing the new whiteList. Null or empty string denotes
- * no whiteList entries, {@value #CATCH_ALL_WILDCARD} indicates that
- * all classes are whiteListed.
+ * @param allowList
+ * the allow list that this policy is configured to recognize.
*
- * @param whiteList
- * the whiteList that this policy is configured to recognize.
+ * @deprecated Use the replacement method {@link #setAllowList(String)}
*/
- public void setWhiteList(String whiteList) {
+ @Deprecated
+ public void setWhiteList(String allowList) {
+ setAllowList(allowList);
+ }
+
+ /**
+ * Replaces the currently configured allow list with a comma separated
+ * string containing the new allow list. Null or empty string denotes
+ * no allow list entries, {@value #CATCH_ALL_WILDCARD} indicates that
+ * all classes are allowed.
+ *
+ * @param allowList
+ * the allow list that this policy is configured to recognize.
+ */
+ public void setAllowList(String allowList) {
ArrayList<String> list = new ArrayList<String>();
- if (whiteList != null && !whiteList.isEmpty()) {
- list.addAll(Arrays.asList(whiteList.split(",")));
+ if (allowList != null && !allowList.isEmpty()) {
+ list.addAll(Arrays.asList(allowList.split(",")));
}
- this.whiteList = list;
+ this.allowList = list;
+ }
+
+ /**
+ * @param denyList
+ * the deny list that this policy is configured to recognize.
+ *
+ * @deprecated Use the replacement method {@link #setDenyList(String)}
+ */
+ @Deprecated
+ public void setBlackList(String denyList) {
+ setDenyList(denyList);
}
/**
- * Replaces the currently configured blackList with a comma separated
- * string containing the new blackList. Null or empty string denotes
- * no blacklist entries, {@value #CATCH_ALL_WILDCARD} indicates that
- * all classes are blacklisted.
+ * Replaces the currently configured deny list with a comma separated
+ * string containing the new deny list. Null or empty string denotes
+ * no deny list entries, {@value #CATCH_ALL_WILDCARD} indicates that
+ * all classes are denied.
*
- * @param blackList
- * the blackList that this policy is configured to recognize.
+ * @param denyList
+ * the deny list that this policy is configured to recognize.
*/
- public void setBlackList(String blackList) {
+ public void setDenyList(String denyList) {
ArrayList<String> list = new ArrayList<String>();
- if (blackList != null && !blackList.isEmpty()) {
- list.addAll(Arrays.asList(blackList.split(",")));
+ if (denyList != null && !denyList.isEmpty()) {
+ list.addAll(Arrays.asList(denyList.split(",")));
}
- this.blackList = list;
+ this.denyList = list;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
- result = prime * result + ((whiteList == null) ? 0 : whiteList.hashCode());
- result = prime * result + ((blackList == null) ? 0 : blackList.hashCode());
+ result = prime * result + ((allowList == null) ? 0 : allowList.hashCode());
+ result = prime * result + ((denyList == null) ? 0 : denyList.hashCode());
return result;
}
@@ -223,19 +288,19 @@ public class JmsDefaultDeserializationPolicy implements JmsDeserializationPolicy
JmsDefaultDeserializationPolicy other = (JmsDefaultDeserializationPolicy) obj;
- if (whiteList == null) {
- if (other.whiteList != null) {
+ if (allowList == null) {
+ if (other.allowList != null) {
return false;
}
- } else if (!whiteList.equals(other.whiteList)) {
+ } else if (!allowList.equals(other.allowList)) {
return false;
}
- if (blackList == null) {
- if (other.blackList != null) {
+ if (denyList == null) {
+ if (other.denyList != null) {
return false;
}
- } else if (!blackList.equals(other.blackList)) {
+ } else if (!denyList.equals(other.denyList)) {
return false;
}
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/JmsConnectionFactoryTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/JmsConnectionFactoryTest.java
index 1817956..78918e3 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/JmsConnectionFactoryTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/JmsConnectionFactoryTest.java
@@ -192,7 +192,7 @@ public class JmsConnectionFactoryTest extends QpidJmsTestCase {
JmsDefaultDeserializationPolicy deserializationPolicy =
(JmsDefaultDeserializationPolicy) factory.getDeserializationPolicy();
- assertFalse(deserializationPolicy.getWhiteList().equals(TRUSTED_PACKAGES));
+ assertFalse(deserializationPolicy.getAllowList().equals(TRUSTED_PACKAGES));
deserializationPolicy.setWhiteList(TRUSTED_PACKAGES);
@@ -203,7 +203,7 @@ public class JmsConnectionFactoryTest extends QpidJmsTestCase {
assertNotNull(deserializationPolicy);
assertNotSame(factory.getDeserializationPolicy(), deserializationPolicy);
- assertEquals(TRUSTED_PACKAGES, deserializationPolicy.getWhiteList());
+ assertEquals(TRUSTED_PACKAGES, deserializationPolicy.getAllowList());
}
@Test
@@ -591,25 +591,69 @@ public class JmsConnectionFactoryTest extends QpidJmsTestCase {
* configured with some new deserialization configuration via the URI.
*
* @throws Exception if an error occurs during the test.
+ *
+ * @deprecated Remove this test when removing the deprecated configuration options
+ */
+ @Deprecated
+ @Test
+ public void testSerializeThenDeserializeMaintainsDeserializationPolicyDeprecated() throws Exception {
+ String allowListValue = "java.lang";
+ String allowListKey = "deserializationPolicy.whiteList";
+
+ String denyListValue = "java.lang.foo";
+ String denyListKey = "deserializationPolicy.blackList";
+
+ String uri = "amqp://localhost:1234?jms." + allowListKey + "=" + allowListValue + "&jms." + denyListKey + "=" + denyListValue;
+
+ JmsConnectionFactory cf = new JmsConnectionFactory(uri);
+ Map<String, String> props = cf.getProperties();
+
+ assertTrue("Props dont contain expected deserialization policy change", props.containsKey(allowListKey));
+ assertEquals("Unexpected value", allowListValue, props.get(allowListKey));
+
+ assertTrue("Props dont contain expected deserialization policy change", props.containsKey(denyListKey));
+ assertEquals("Unexpected value", denyListValue, props.get(denyListKey));
+
+ Object roundTripped = roundTripSerialize(cf);
+
+ assertNotNull("Null object returned", roundTripped);
+ assertEquals("Unexpected type", JmsConnectionFactory.class, roundTripped.getClass());
+
+ Map<String, String> props2 = ((JmsConnectionFactory)roundTripped).getProperties();
+ assertTrue("Props dont contain expected deserialization policy change", props2.containsKey(allowListKey));
+ assertEquals("Unexpected value", allowListValue, props2.get(allowListKey));
+
+ assertTrue("Props dont contain expected deserialization policy change", props2.containsKey(denyListKey));
+ assertEquals("Unexpected value", denyListValue, props2.get(denyListKey));
+
+ assertEquals("Properties were not equal", props, props2);
+ }
+
+ /**
+ * The deserialization policy is maintained in a child-object, which we extract the properties from
+ * when serializing the factory. Ensure this functions by doing a round trip on a factory
+ * configured with some new deserialization configuration via the URI.
+ *
+ * @throws Exception if an error occurs during the test.
*/
@Test
public void testSerializeThenDeserializeMaintainsDeserializationPolicy() throws Exception {
- String whiteListValue = "java.lang";
- String whitelistKey = "deserializationPolicy.whiteList";
+ String allowListValue = "java.lang";
+ String allowListKey = "deserializationPolicy.allowList";
- String blackListValue = "java.lang.foo";
- String blacklistKey = "deserializationPolicy.blackList";
+ String denyListValue = "java.lang.foo";
+ String denyListKey = "deserializationPolicy.denyList";
- String uri = "amqp://localhost:1234?jms." + whitelistKey + "=" + whiteListValue + "&jms." + blacklistKey + "=" + blackListValue;
+ String uri = "amqp://localhost:1234?jms." + allowListKey + "=" + allowListValue + "&jms." + denyListKey + "=" + denyListValue;
JmsConnectionFactory cf = new JmsConnectionFactory(uri);
Map<String, String> props = cf.getProperties();
- assertTrue("Props dont contain expected deserialization policy change", props.containsKey(whitelistKey));
- assertEquals("Unexpected value", whiteListValue, props.get(whitelistKey));
+ assertTrue("Props dont contain expected deserialization policy change", props.containsKey(allowListKey));
+ assertEquals("Unexpected value", allowListValue, props.get(allowListKey));
- assertTrue("Props dont contain expected deserialization policy change", props.containsKey(blacklistKey));
- assertEquals("Unexpected value", blackListValue, props.get(blacklistKey));
+ assertTrue("Props dont contain expected deserialization policy change", props.containsKey(denyListKey));
+ assertEquals("Unexpected value", denyListValue, props.get(denyListKey));
Object roundTripped = roundTripSerialize(cf);
@@ -617,11 +661,11 @@ public class JmsConnectionFactoryTest extends QpidJmsTestCase {
assertEquals("Unexpected type", JmsConnectionFactory.class, roundTripped.getClass());
Map<String, String> props2 = ((JmsConnectionFactory)roundTripped).getProperties();
- assertTrue("Props dont contain expected deserialization policy change", props2.containsKey(whitelistKey));
- assertEquals("Unexpected value", whiteListValue, props2.get(whitelistKey));
+ assertTrue("Props dont contain expected deserialization policy change", props2.containsKey(allowListKey));
+ assertEquals("Unexpected value", allowListValue, props2.get(allowListKey));
- assertTrue("Props dont contain expected deserialization policy change", props2.containsKey(blacklistKey));
- assertEquals("Unexpected value", blackListValue, props2.get(blacklistKey));
+ assertTrue("Props dont contain expected deserialization policy change", props2.containsKey(denyListKey));
+ assertEquals("Unexpected value", denyListValue, props2.get(denyListKey));
assertEquals("Properties were not equal", props, props2);
}
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/ObjectMessageIntegrationTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/ObjectMessageIntegrationTest.java
index 467f4da..6da62e9 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/ObjectMessageIntegrationTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/integration/ObjectMessageIntegrationTest.java
@@ -311,7 +311,7 @@ public class ObjectMessageIntegrationTest extends QpidJmsTestCase {
@Test(timeout = 20000)
public void testReceiveBlockedSerializedContentFailsOnGetObject() throws Exception {
- // We arent allowing the test class
+ // We aren't allowing the test class
doTestReceiveSerializedContentPolicyTest("java.lang,java.util", null, false);
}
@@ -323,43 +323,43 @@ public class ObjectMessageIntegrationTest extends QpidJmsTestCase {
@Test(timeout = 20000)
public void testReceiveBlockSomeSerializedContentFailsOnGetObject() throws Exception {
- // We arent allowing the UUID
+ // We aren't allowing the UUID
doTestReceiveSerializedContentPolicyTest("org.apache.qpid.jms", null, false);
}
@Test(timeout = 20000)
public void testReceiveWithWrongUnblockedSerializedContentFailsOnGetObject() throws Exception {
- // We arent allowing the UUID a different way
+ // We aren't allowing the UUID a different way
doTestReceiveSerializedContentPolicyTest("java.lang,org.apache.qpid.jms", null, false);
}
@Test(timeout = 20000)
- public void testReceiveWithFullyWhitelistedSerializedContentSucceeds() throws Exception {
+ public void testReceiveWithFullyAllowedSerializedContentSucceeds() throws Exception {
// We are allowing everything needed
doTestReceiveSerializedContentPolicyTest("java.lang,java.util,org.apache.qpid.jms", null, true);
}
@Test(timeout = 20000)
- public void testReceiveWithFullyWhitelistedSerializedContentFailsDueToBlackList() throws Exception {
- // We are whitelisting everything needed, but then the blacklist is overriding to block some
+ public void testReceiveWithFullyAllowedSerializedContentFailsDueToDenyList() throws Exception {
+ // We are allowing everything needed, but then the deny list is overriding to block some
doTestReceiveSerializedContentPolicyTest("java.lang,java.util,org.apache.qpid.jms", "java.util", false);
}
- private void doTestReceiveSerializedContentPolicyTest(String whiteList, String blackList, boolean succeed) throws Exception {
+ private void doTestReceiveSerializedContentPolicyTest(String allowList, String denyList, boolean succeed) throws Exception {
try (TestAmqpPeer testPeer = new TestAmqpPeer();) {
String options = null;
- if(whiteList != null) {
- options = "?jms.deserializationPolicy.whiteList=" + whiteList;
+ if (allowList != null) {
+ options = "?jms.deserializationPolicy.allowList=" + allowList;
}
- if(blackList != null) {
- if(options == null) {
+ if (denyList != null) {
+ if (options == null) {
options = "?";
} else {
options += "&";
}
- options +="jms.deserializationPolicy.blackList=" + blackList;
+ options +="jms.deserializationPolicy.denyList=" + denyList;
}
Connection connection = testFixture.establishConnecton(testPeer, options);
@@ -402,17 +402,17 @@ public class ObjectMessageIntegrationTest extends QpidJmsTestCase {
Object received = null;
try {
received = objectMessage.getObject();
- if(!succeed) {
+ if (!succeed) {
fail("Should not be able to read blocked content");
}
} catch (JMSException jmsEx) {
LOG.debug("Caught: ", jmsEx);
- if(succeed) {
+ if (succeed) {
fail("Should have been able to read blocked content");
}
}
- if(succeed) {
+ if (succeed) {
assertEquals("Content not as expected", expectedContent, received);
}
diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/policy/JmsDefaultDeserializationPolicyTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/policy/JmsDefaultDeserializationPolicyTest.java
index 5f103e4..dbc2b47 100644
--- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/policy/JmsDefaultDeserializationPolicyTest.java
+++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/policy/JmsDefaultDeserializationPolicyTest.java
@@ -55,7 +55,7 @@ public class JmsDefaultDeserializationPolicyTest {
assertTrue(policy.isTrustedType(destination, Object.class));
// Only types in lang
- policy.setWhiteList("java.lang");
+ policy.setAllowList("java.lang");
assertTrue(policy.isTrustedType(destination, null));
assertFalse(policy.isTrustedType(destination, UUID.class));
@@ -66,39 +66,39 @@ public class JmsDefaultDeserializationPolicyTest {
// Entry must be complete package name prefix to match
// i.e while "java.n" is a prefix of "java.net", this
// wont match the socket class below.
- policy.setWhiteList("java.n");
+ policy.setAllowList("java.n");
assertFalse(policy.isTrustedType(destination, UUID.class));
assertFalse(policy.isTrustedType(destination, String.class));
assertFalse(policy.isTrustedType(destination, java.net.Socket.class));
// add a non-core package
- policy.setWhiteList("java.lang,org.apache.qpid.jms");
+ policy.setAllowList("java.lang,org.apache.qpid.jms");
assertFalse(policy.isTrustedType(destination, UUID.class));
assertTrue(policy.isTrustedType(destination, String.class));
assertTrue(policy.isTrustedType(destination, getClass()));
// Try with a class-specific entry
- policy.setWhiteList("java.lang.Integer");
+ policy.setAllowList("java.lang.Integer");
assertTrue(policy.isTrustedType(destination, Integer.class));
assertFalse(policy.isTrustedType(destination, Boolean.class));
- // Verify blacklist overrides whitelist
- policy.setWhiteList("java.lang.Integer");
- policy.setBlackList("java.lang.Integer");
+ // Verify deny list overrides allow list
+ policy.setAllowList("java.lang.Integer");
+ policy.setDenyList("java.lang.Integer");
assertFalse(policy.isTrustedType(destination, Integer.class));
- // Verify blacklist entry prefix overrides whitelist
- policy.setWhiteList("java.lang.Integer");
- policy.setBlackList("java.lang");
+ // Verify deny list entry prefix overrides allow list
+ policy.setAllowList("java.lang.Integer");
+ policy.setDenyList("java.lang");
assertFalse(policy.isTrustedType(destination, Integer.class));
- // Verify blacklist catch-all overrides whitelist
- policy.setWhiteList("java.lang.Integer");
- policy.setBlackList("*");
+ // Verify deny list catch-all overrides allow list
+ policy.setAllowList("java.lang.Integer");
+ policy.setDenyList("*");
assertFalse(policy.isTrustedType(destination, Integer.class));
}
@@ -112,27 +112,28 @@ public class JmsDefaultDeserializationPolicyTest {
assertEquals(policy1.hashCode(), policy2.hashCode());
assertEquals(policy2.hashCode(), policy1.hashCode());
- ((JmsDefaultDeserializationPolicy) policy1).setWhiteList("java.util");
+ ((JmsDefaultDeserializationPolicy) policy1).setAllowList("java.util");
assertFalse(policy1.hashCode() == policy2.hashCode());
assertFalse(policy2.hashCode() == policy1.hashCode());
- ((JmsDefaultDeserializationPolicy) policy2).setWhiteList("java.util");
+ ((JmsDefaultDeserializationPolicy) policy2).setAllowList("java.util");
assertTrue(policy1.hashCode() == policy2.hashCode());
assertTrue(policy2.hashCode() == policy1.hashCode());
- ((JmsDefaultDeserializationPolicy) policy1).setBlackList("java.util");
+ ((JmsDefaultDeserializationPolicy) policy1).setDenyList("java.util");
assertFalse(policy1.hashCode() == policy2.hashCode());
assertFalse(policy2.hashCode() == policy1.hashCode());
- ((JmsDefaultDeserializationPolicy) policy2).setBlackList("java.util");
+ ((JmsDefaultDeserializationPolicy) policy2).setDenyList("java.util");
assertTrue(policy1.hashCode() == policy2.hashCode());
assertTrue(policy2.hashCode() == policy1.hashCode());
}
+ @SuppressWarnings("unlikely-arg-type")
@Test
public void testEqualsObject() {
JmsDefaultDeserializationPolicy policy1 = new JmsDefaultDeserializationPolicy();
@@ -142,7 +143,7 @@ public class JmsDefaultDeserializationPolicyTest {
assertTrue(policy1.equals(policy2));
assertTrue(policy2.equals(policy1));
- policy1.setWhiteList("java.util");
+ policy1.setAllowList("java.util");
assertFalse(policy1.equals(policy2));
assertFalse(policy2.equals(policy1));
@@ -151,21 +152,22 @@ public class JmsDefaultDeserializationPolicyTest {
assertFalse(policy1.equals(""));
assertFalse(policy1.equals(this));
- policy2.setWhiteList("java.util");
+ policy2.setAllowList("java.util");
assertTrue(policy1.equals(policy2));
- policy1.setBlackList("java.util");
+ policy1.setDenyList("java.util");
assertFalse(policy1.equals(policy2));
assertFalse(policy2.equals(policy1));
- policy2.setBlackList("java.util");
+ policy2.setDenyList("java.util");
assertTrue(policy1.equals(policy2));
assertTrue(policy2.equals(policy1));
}
+ @Deprecated
@Test
- public void testJmsDefaultDeserializationPolicy() {
+ public void testJmsDefaultDeserializationPolicyDeprecated() {
JmsDefaultDeserializationPolicy policy = new JmsDefaultDeserializationPolicy();
assertFalse(policy.getWhiteList().isEmpty());
@@ -173,7 +175,16 @@ public class JmsDefaultDeserializationPolicyTest {
}
@Test
- public void testJmsDefaultDeserializationPolicyCopyCtor() {
+ public void testJmsDefaultDeserializationPolicy() {
+ JmsDefaultDeserializationPolicy policy = new JmsDefaultDeserializationPolicy();
+
+ assertFalse(policy.getAllowList().isEmpty());
+ assertTrue(policy.getDenyList().isEmpty());
+ }
+
+ @Deprecated
+ @Test
+ public void testJmsDefaultDeserializationPolicyCopyCtorDeprecated() {
JmsDefaultDeserializationPolicy policy = new JmsDefaultDeserializationPolicy();
policy.setWhiteList("a.b.c");
@@ -186,7 +197,21 @@ public class JmsDefaultDeserializationPolicyTest {
}
@Test
- public void testJmsDefaultDeserializationPolicyCopy() {
+ public void testJmsDefaultDeserializationPolicyCopyCtor() {
+ JmsDefaultDeserializationPolicy policy = new JmsDefaultDeserializationPolicy();
+
+ policy.setAllowList("a.b.c");
+ policy.setDenyList("d.e.f");
+
+ JmsDefaultDeserializationPolicy copy = new JmsDefaultDeserializationPolicy(policy);
+
+ assertEquals("a.b.c", copy.getAllowList());
+ assertEquals("d.e.f", copy.getDenyList());
+ }
+
+ @Deprecated
+ @Test
+ public void testJmsDefaultDeserializationPolicyCopyDeprecated() {
JmsDefaultDeserializationPolicy policy = new JmsDefaultDeserializationPolicy();
policy.setWhiteList("a.b.c");
@@ -199,6 +224,20 @@ public class JmsDefaultDeserializationPolicyTest {
}
@Test
+ public void testJmsDefaultDeserializationPolicyCopy() {
+ JmsDefaultDeserializationPolicy policy = new JmsDefaultDeserializationPolicy();
+
+ policy.setAllowList("a.b.c");
+ policy.setDenyList("d.e.f");
+
+ JmsDefaultDeserializationPolicy copy = (JmsDefaultDeserializationPolicy) policy.copy();
+
+ assertEquals("a.b.c", copy.getAllowList());
+ assertEquals("d.e.f", copy.getDenyList());
+ }
+
+ @Deprecated
+ @Test
public void testSetWhiteList() {
JmsDefaultDeserializationPolicy policy = new JmsDefaultDeserializationPolicy();
assertNotNull(policy.getWhiteList());
@@ -206,21 +245,54 @@ public class JmsDefaultDeserializationPolicyTest {
policy.setWhiteList(null);
assertNotNull(policy.getWhiteList());
assertTrue(policy.getWhiteList().isEmpty());
+ assertNotNull(policy.getAllowList());
+ assertTrue(policy.getAllowList().isEmpty());
policy.setWhiteList("");
assertNotNull(policy.getWhiteList());
assertTrue(policy.getWhiteList().isEmpty());
+ assertNotNull(policy.getAllowList());
+ assertTrue(policy.getAllowList().isEmpty());
policy.setWhiteList("*");
assertNotNull(policy.getWhiteList());
assertFalse(policy.getWhiteList().isEmpty());
+ assertNotNull(policy.getAllowList());
+ assertFalse(policy.getAllowList().isEmpty());
policy.setWhiteList("a,b,c");
assertNotNull(policy.getWhiteList());
+ assertNotNull(policy.getAllowList());
assertFalse(policy.getWhiteList().isEmpty());
+ assertFalse(policy.getAllowList().isEmpty());
assertEquals("a,b,c", policy.getWhiteList());
+ assertEquals("a,b,c", policy.getAllowList());
+ }
+
+ @Test
+ public void testSetAllowList() {
+ JmsDefaultDeserializationPolicy policy = new JmsDefaultDeserializationPolicy();
+ assertNotNull(policy.getAllowList());
+
+ policy.setAllowList(null);
+ assertNotNull(policy.getAllowList());
+ assertTrue(policy.getAllowList().isEmpty());
+
+ policy.setAllowList("");
+ assertNotNull(policy.getAllowList());
+ assertTrue(policy.getAllowList().isEmpty());
+
+ policy.setAllowList("*");
+ assertNotNull(policy.getAllowList());
+ assertFalse(policy.getAllowList().isEmpty());
+
+ policy.setAllowList("a,b,c");
+ assertNotNull(policy.getAllowList());
+ assertFalse(policy.getAllowList().isEmpty());
+ assertEquals("a,b,c", policy.getAllowList());
}
+ @Deprecated
@Test
public void testSetBlackList() {
JmsDefaultDeserializationPolicy policy = new JmsDefaultDeserializationPolicy();
@@ -229,19 +301,51 @@ public class JmsDefaultDeserializationPolicyTest {
policy.setBlackList(null);
assertNotNull(policy.getBlackList());
assertTrue(policy.getBlackList().isEmpty());
+ assertNotNull(policy.getDenyList());
+ assertTrue(policy.getDenyList().isEmpty());
policy.setBlackList("");
assertNotNull(policy.getBlackList());
assertTrue(policy.getBlackList().isEmpty());
+ assertNotNull(policy.getDenyList());
+ assertTrue(policy.getDenyList().isEmpty());
policy.setBlackList("*");
assertNotNull(policy.getBlackList());
assertFalse(policy.getBlackList().isEmpty());
+ assertNotNull(policy.getDenyList());
+ assertFalse(policy.getDenyList().isEmpty());
policy.setBlackList("a,b,c");
assertNotNull(policy.getBlackList());
assertFalse(policy.getBlackList().isEmpty());
assertEquals("a,b,c", policy.getBlackList());
+ assertNotNull(policy.getDenyList());
+ assertFalse(policy.getDenyList().isEmpty());
+ assertEquals("a,b,c", policy.getDenyList());
+ }
+
+ @Test
+ public void testSetDenyList() {
+ JmsDefaultDeserializationPolicy policy = new JmsDefaultDeserializationPolicy();
+ assertNotNull(policy.getDenyList());
+
+ policy.setDenyList(null);
+ assertNotNull(policy.getDenyList());
+ assertTrue(policy.getDenyList().isEmpty());
+
+ policy.setDenyList("");
+ assertNotNull(policy.getDenyList());
+ assertTrue(policy.getDenyList().isEmpty());
+
+ policy.setDenyList("*");
+ assertNotNull(policy.getDenyList());
+ assertFalse(policy.getDenyList().isEmpty());
+
+ policy.setDenyList("a,b,c");
+ assertNotNull(policy.getDenyList());
+ assertFalse(policy.getDenyList().isEmpty());
+ assertEquals("a,b,c", policy.getDenyList());
}
@Test
diff --git a/qpid-jms-docs/Configuration.md b/qpid-jms-docs/Configuration.md
index 923ebea..3cc6830 100644
--- a/qpid-jms-docs/Configuration.md
+++ b/qpid-jms-docs/Configuration.md
@@ -134,10 +134,10 @@ The Presettle Policy controls when a producer or consumer instance will be confi
+ **jms.presettlePolicy.presettleTopicConsumers** when true any consumer that is receiving from a Topic or Temporary Topic destination will operate in presettled mode, defaults to false.
+ **jms.presettlePolicy.presettleQueueConsumers** when true any consumer that is receiving from a Queue or Temporary Queue destination will operate in presettled mode, defaults to false.
-The Deserialization Policy provides a means of controlling which types are trusted to be deserialized from the object stream while retrieving the body from an incoming JMS ObjectMessage composed of serialized Java Object content. By default all types are trusted during attempt to deserialize the body. The default Deserialization Policy object provides URI options that allow specifying a whitelist and a blacklist of Java class or package names.
+The Deserialization Policy provides a means of controlling which types are trusted to be deserialized from the object stream while retrieving the body from an incoming JMS ObjectMessage composed of serialized Java Object content. By default all types are trusted during attempt to deserialize the body. The default Deserialization Policy object provides URI options that allow specifying a allow list and a deny list of Java class or package names.
-**jms.deserializationPolicy.whiteList** A comma separated list of class/package names that should be allowed when deserializing the contents of a JMS ObjectMessage, unless overridden by the blackList. The names in this list are not pattern values, the exact class or package name must be configured, e.g "java.util.Map" or "java.util". Package matches include sub-packages. Default is to allow all.
-**jms.deserializationPolicy.blackList** A comma separated list of class/package names that should be rejected when deserializing the contents of a JMS ObjectMessage. The names in this list are not pattern values, the exact class or package name must be configured, e.g "java.util.Map" or "java.util". Package matches include sub-packages. Default is to prevent none.
+**jms.deserializationPolicy.allowList** A comma separated list of class/package names that should be allowed when deserializing the contents of a JMS ObjectMessage, unless overridden by the deny list. The names in this list are not pattern values, the exact class or package name must be configured, e.g "java.util.Map" or "java.util". Package matches include sub-packages. Default is to allow all.
+**jms.deserializationPolicy.denyList** A comma separated list of class/package names that should be rejected when deserializing the contents of a JMS ObjectMessage. The names in this list are not pattern values, the exact class or package name must be configured, e.g "java.util.Map" or "java.util". Package matches include sub-packages. Default is to prevent none.
### TCP Transport Configuration options
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org