Package org.apache.qpid.jms.policy

Class JmsDefaultDeserializationPolicy

  • All Implemented Interfaces:
    JmsDeserializationPolicy
    public class JmsDefaultDeserializationPolicy
extends java.lang.Object
implements JmsDeserializationPolicy
    Default implementation of the deserialization policy that can read allow and deny lists of classes/packages from the environment, and be updated by the connection uri options. The policy reads a default deny list string value (comma separated) from the system property "org.apache.qpid.jms.deserialization.deny_list" which defaults to null which indicates an empty deny list. The policy reads a default allow list string value (comma separated) from the system property "org.apache.qpid.jms.deserialization.allow_list" which defaults to a "*" which indicates that all classes are allowed. The deny list overrides the allow list, entries that could match both are counted as denied. If the policy should treat all classes as untrusted the deny list should be set to "*"".

    • Field Detail

      • CATCH_ALL_WILDCARD

        public static final java.lang.String CATCH_ALL_WILDCARD
        Value used to indicate that all classes should be allowed or denied,
        See Also:
        Constant Field Values

      • DEPRECATED_ALLOWLIST_PROPERTY

        @Deprecated
public static final java.lang.String DEPRECATED_ALLOWLIST_PROPERTY
        Deprecated.
        new applications should use the ALLOWLIST_PROPERTY instead
        See Also:
        Constant Field Values

      • DEPRECATED_DENYLIST_PROPERTY

        @Deprecated
public static final java.lang.String DEPRECATED_DENYLIST_PROPERTY
        Deprecated.
        new applications should use the DENYLIST_PROPERTY instead
        See Also:
        Constant Field Values

      • ALLOWLIST_PROPERTY

        public static final java.lang.String ALLOWLIST_PROPERTY
        See Also:
        Constant Field Values

      • DENYLIST_PROPERTY

        public static final java.lang.String DENYLIST_PROPERTY
        See Also:
        Constant Field Values

    • Constructor Detail

      • JmsDefaultDeserializationPolicy

        public JmsDefaultDeserializationPolicy()
        Creates an instance of this policy with default configuration.

      • JmsDefaultDeserializationPolicy

        public JmsDefaultDeserializationPolicy​(JmsDefaultDeserializationPolicy source)
        Parameters:
        source - The instance whose configuration should be copied from.

    • Method Detail

      • isTrustedType

        public boolean isTrustedType​(JmsDestination destination,
                             java.lang.Class<?> clazz)
        Description copied from interface: JmsDeserializationPolicy
        Returns whether the given class is a trusted type and can be deserialized by the client when calls to ObjectMessage.getObject() are made.
        Specified by:
        isTrustedType in interface JmsDeserializationPolicy
        Parameters:
        destination - the Destination for the message containing the type to be deserialized.
        clazz - the Type of the object that is about to be read.
        Returns:
        true if the type is trusted or false if not.

      • getWhiteList

        @Deprecated
public java.lang.String getWhiteList()
        Deprecated.
        Use the replacement method getAllowList()
        Returns:
        the allow list configured on this policy instance.

      • getAllowList

        public java.lang.String getAllowList()
        Returns:
        the allow list configured on this policy instance.

      • getBlackList

        @Deprecated
public java.lang.String getBlackList()
        Deprecated.
        Use the replacement method getDenyList()
        Returns:
        the deny list configured on this policy instance.

      • getDenyList

        public java.lang.String getDenyList()
        Returns:
        the deny list configured on this policy instance.

      • setWhiteList

        @Deprecated
public void setWhiteList​(java.lang.String allowList)
        Deprecated.
        Use the replacement method setAllowList(String)
        Parameters:
        allowList - the allow list that this policy is configured to recognize.

      • setAllowList

        public void setAllowList​(java.lang.String allowList)
        Replaces the currently configured allow list with a comma separated string containing the new allow list. Null or empty string denotes no allow list entries, "*" indicates that all classes are allowed.
        Parameters:
        allowList - the allow list that this policy is configured to recognize.

      • setBlackList

        @Deprecated
public void setBlackList​(java.lang.String denyList)
        Deprecated.
        Use the replacement method setDenyList(String)
        Parameters:
        denyList - the deny list that this policy is configured to recognize.

      • setDenyList

        public void setDenyList​(java.lang.String denyList)
        Replaces the currently configured deny list with a comma separated string containing the new deny list. Null or empty string denotes no deny list entries, "*" indicates that all classes are denied.
        Parameters:
        denyList - the deny list that this policy is configured to recognize.

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class java.lang.Object

      • equals

        public boolean equals​(java.lang.Object obj)
        Overrides:
        equals in class java.lang.Object