Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Not A Problem
-
0.48.0
-
None
-
None
Description
Documentation says:
jms.deserializationPolicy.whiteList A comma separated list of class/package names that should be allowed when deserializing the contents of a JMS ObjectMessage, unless overridden by the blackList. The names in this list are not pattern values, the exact class or package name must be configured, e.g "java.util.Map" or "java.util". Package matches include sub-packages. Default is to allow all. jms.deserializationPolicy.blackList A comma separated list of class/package names that should be rejected when deserializing the contents of a JMS ObjectMessage. The names in this list are not pattern values, the exact class or package name must be configured, e.g "java.util.Map" or "java.util". Package matches include sub-packages. Default is to prevent none.
But it seems these properties have no effect. Instead the properties that work are:
org.apache.qpid.jms.deserialization.white_list
org.apache.qpid.jms.deserialization.black_list
These properties are defined in JmsDefaultDeserializationPolicy.java: https://github.com/apache/qpid-jms/blob/0.48.0/qpid-jms-client/src/main/java/org/apache/qpid/jms/policy/JmsDefaultDeserializationPolicy.java#L49