You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Dejan Bosanac (JIRA)" <ji...@apache.org> on 2015/10/16 15:55:05 UTC

[jira] [Comment Edited] (AMQ-6013) Restrict classes that can be serialized in ObjectMessages

    [ https://issues.apache.org/jira/browse/AMQ-6013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14960741#comment-14960741 ] 

Dejan Bosanac edited comment on AMQ-6013 at 10/16/15 1:54 PM:
--------------------------------------------------------------

The classes are restricted by default to the following packages

{code}java.lang
java.util
org.apache.activemq
org.fusesource.hawtbuf
com.thoughtworks.xstream.mapper{code}

which are needed for normal functioning of http and stomp packages. If you need to send object messages via http, you need to add desired packages. You can do that with by using {{org.apache.activemq.SERIALIZABLE_PACKAGES}} system property. For example:

{code}-Dorg.apache.activemq.SERIALIZABLE_PACKAGES="java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper,com.mycompany.myapp"{code}


was (Author: dejanb):
The classes are restricted by default to the following packages

{code}java.lang
java.util
org.apache.activemq
org.fusesource.hawtbuf
com.thoughtworks.xstream.mapper{code}

which are needed for normal functioning of http and stomp packages. If you need to send object messages via http, you need to add desired packages. You can do that with by using {{org.apache.activemq.SERIALIZABLE_PACKAGES}} system property. For example:

{code}-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=""java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper,com.mycompany.myapp"{code}

> Restrict classes that can be serialized in ObjectMessages
> ---------------------------------------------------------
>
>                 Key: AMQ-6013
>                 URL: https://issues.apache.org/jira/browse/AMQ-6013
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.12.0
>            Reporter: Dejan Bosanac
>            Assignee: Dejan Bosanac
>             Fix For: 5.13.0
>
>
> At some points we do (de)serialization of JMS Object messages inside the broker (HTTP, Stomp, Web Console, ...). We need to restrict classes that can be serialized in this way.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)