AMQ-6166: Add option to configure trustAllPackages on Camel ActiveMQ component

This commit is contained in:
Claus Ibsen 2016-02-11 12:04:24 +01:00
parent 499e39e52c
commit 40ecf22f0f
2 changed files with 26 additions and 0 deletions

View File

@ -121,6 +121,12 @@ public class ActiveMQComponent extends JmsComponent implements EndpointCompleter
}
}
public void setTrustAllPackages(boolean trustAllPackages) {
if (getConfiguration() instanceof ActiveMQConfiguration) {
((ActiveMQConfiguration)getConfiguration()).setTrustAllPackages(trustAllPackages);
}
}
public boolean isExposeAllQueues() {
return exposeAllQueues;
}

View File

@ -37,6 +37,7 @@ public class ActiveMQConfiguration extends JmsConfiguration {
private boolean usePooledConnection = true;
private String userName;
private String password;
private boolean trustAllPackages;
public ActiveMQConfiguration() {
}
@ -109,6 +110,24 @@ public class ActiveMQConfiguration extends JmsConfiguration {
this.usePooledConnection = usePooledConnection;
}
public boolean isTrustAllPackages() {
return trustAllPackages;
}
/**
* ObjectMessage objects depend on Java serialization of marshal/unmarshal object payload.
* This process is generally considered unsafe as malicious payload can exploit the host system.
* That's why starting with versions 5.12.2 and 5.13.0, ActiveMQ enforces users to explicitly whitelist packages
* that can be exchanged using ObjectMessages.
* <br/>
* This option can be set to <tt>true</tt> to trust all packages (eg whitelist is *).
* <p/>
* See more details at: http://activemq.apache.org/objectmessage.html
*/
public void setTrustAllPackages(boolean trustAllPackages) {
this.trustAllPackages = trustAllPackages;
}
/**
* Factory method to create a default transaction manager if one is not specified
*/
@ -126,6 +145,7 @@ public class ActiveMQConfiguration extends JmsConfiguration {
@Override
protected ConnectionFactory createConnectionFactory() {
ActiveMQConnectionFactory answer = new ActiveMQConnectionFactory();
answer.setTrustAllPackages(trustAllPackages);
if (userName != null) {
answer.setUserName(userName);
}