Package org.apache.qpid.jms.policy

Class JmsDefaultDeserializationPolicy

  • All Implemented Interfaces:
    JmsDeserializationPolicy
    public class JmsDefaultDeserializationPolicy
extends Object
implements JmsDeserializationPolicy
    Default implementation of the deserialization policy that can read allow and deny lists of classes/packages from the environment, and be updated by the connection uri options. The policy reads a default deny list string value (comma separated) from the system property "org.apache.qpid.jms.deserialization.deny_list" which defaults to null which indicates an empty deny list. The policy reads a default allow list string value (comma separated) from the system property "org.apache.qpid.jms.deserialization.allow_list" which defaults to a "*" which indicates that all classes are allowed. The deny list overrides the allow list, entries that could match both are counted as denied. If the policy should treat all classes as untrusted the deny list should be set to "*"".

    • Constructor Detail

      • JmsDefaultDeserializationPolicy

        public JmsDefaultDeserializationPolicy()
        Creates an instance of this policy with default configuration.

      • JmsDefaultDeserializationPolicy

        public JmsDefaultDeserializationPolicy​(JmsDefaultDeserializationPolicy source)
        Parameters:
        source - The instance whose configuration should be copied from.

    • Method Detail

      • isTrustedType

        public boolean isTrustedType​(JmsDestination destination,
                             Class<?> clazz)
        Description copied from interface: JmsDeserializationPolicy
        Returns whether the given class is a trusted type and can be deserialized by the client when calls to ObjectMessage.getObject() are made.
        Specified by:
        isTrustedType in interface JmsDeserializationPolicy
        Parameters:
        destination - the Destination for the message containing the type to be deserialized.
        clazz - the Type of the object that is about to be read.
        Returns:
        true if the type is trusted or false if not.

      • getWhiteList

        @Deprecated
public String getWhiteList()
        Deprecated.
        Use the replacement method getAllowList()
        Returns:
        the allow list configured on this policy instance.

      • getAllowList

        public String getAllowList()
        Returns:
        the allow list configured on this policy instance.

      • getBlackList

        @Deprecated
public String getBlackList()
        Deprecated.
        Use the replacement method getDenyList()
        Returns:
        the deny list configured on this policy instance.

      • getDenyList

        public String getDenyList()
        Returns:
        the deny list configured on this policy instance.

      • setWhiteList

        @Deprecated
public void setWhiteList​(String allowList)
        Deprecated.
        Use the replacement method setAllowList(String)
        Parameters:
        allowList - the allow list that this policy is configured to recognize.

      • setAllowList

        public void setAllowList​(String allowList)
        Replaces the currently configured allow list with a comma separated string containing the new allow list. Null or empty string denotes no allow list entries, "*" indicates that all classes are allowed.
        Parameters:
        allowList - the allow list that this policy is configured to recognize.

      • setBlackList

        @Deprecated
public void setBlackList​(String denyList)
        Deprecated.
        Use the replacement method setDenyList(String)
        Parameters:
        denyList - the deny list that this policy is configured to recognize.

      • setDenyList

        public void setDenyList​(String denyList)
        Replaces the currently configured deny list with a comma separated string containing the new deny list. Null or empty string denotes no deny list entries, "*" indicates that all classes are denied.
        Parameters:
        denyList - the deny list that this policy is configured to recognize.

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object