From 40ecf22f0fdff6d3e5404a4a8724af25d0724d09 Mon Sep 17 00:00:00 2001
From: Claus Ibsen <claus.ibsen@gmail.com>
Date: Thu, 11 Feb 2016 12:04:24 +0100
Subject: [PATCH] AMQ-6166: Add option to configure trustAllPackages on Camel
 ActiveMQ component

---
 .../camel/component/ActiveMQComponent.java    |  6 ++++++
 .../component/ActiveMQConfiguration.java      | 20 +++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQComponent.java b/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQComponent.java
index df38a00168..39d442050b 100644
--- a/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQComponent.java
+++ b/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQComponent.java
@@ -121,6 +121,12 @@ public class ActiveMQComponent extends JmsComponent implements EndpointCompleter
         }
     }
 
+    public void setTrustAllPackages(boolean trustAllPackages) {
+        if (getConfiguration() instanceof ActiveMQConfiguration) {
+            ((ActiveMQConfiguration)getConfiguration()).setTrustAllPackages(trustAllPackages);
+        }
+    }
+
     public boolean isExposeAllQueues() {
         return exposeAllQueues;
     }
diff --git a/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQConfiguration.java b/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQConfiguration.java
index 7eecac21dd..26d31a6e16 100644
--- a/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQConfiguration.java
+++ b/activemq-camel/src/main/java/org/apache/activemq/camel/component/ActiveMQConfiguration.java
@@ -37,6 +37,7 @@ public class ActiveMQConfiguration extends JmsConfiguration {
     private boolean usePooledConnection = true;
     private String userName;
     private String password;
+    private boolean trustAllPackages;
 
     public ActiveMQConfiguration() {
     }
@@ -109,6 +110,24 @@ public class ActiveMQConfiguration extends JmsConfiguration {
         this.usePooledConnection = usePooledConnection;
     }
 
+    public boolean isTrustAllPackages() {
+        return trustAllPackages;
+    }
+
+    /**
+     * ObjectMessage objects depend on Java serialization of marshal/unmarshal object payload.
+     * This process is generally considered unsafe as malicious payload can exploit the host system.
+     * That's why starting with versions 5.12.2 and 5.13.0, ActiveMQ enforces users to explicitly whitelist packages
+     * that can be exchanged using ObjectMessages.
+     * <br/>
+     * This option can be set to <tt>true</tt> to trust all packages (eg whitelist is *).
+     * <p/>
+     * See more details at: http://activemq.apache.org/objectmessage.html
+     */
+    public void setTrustAllPackages(boolean trustAllPackages) {
+        this.trustAllPackages = trustAllPackages;
+    }
+
     /**
      * Factory method to create a default transaction manager if one is not specified
      */
@@ -126,6 +145,7 @@ public class ActiveMQConfiguration extends JmsConfiguration {
     @Override
     protected ConnectionFactory createConnectionFactory() {
         ActiveMQConnectionFactory answer = new ActiveMQConnectionFactory();
+        answer.setTrustAllPackages(trustAllPackages);
         if (userName != null) {
             answer.setUserName(userName);
         }