asoldano commented on code in PR #2566:
URL: https://github.com/apache/cxf/pull/2566#discussion_r2315891132
##########
rt/transports/jms/src/main/java/org/apache/cxf/transport/jms/util/JndiHelper.java:
##########
@@ -18,21 +18,48 @@
*/
package org.apache.cxf.transport.jms.util;
+import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collections;
import java.util.List;
import java.util.Properties;
+import java.util.function.Predicate;
+import java.util.stream.Collectors;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NameNotFoundException;
import javax.naming.NamingException;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.common.util.SystemPropertyAction;
+
public class JndiHelper {
- private static final List<String> ALLOWED_PROTOCOLS = Arrays.asList(
- "vm://", "tcp://", "nio://", "ssl://", "http://";, "https://";, "ws://",
"wss://");
+ /**
+ * JVM/System property name holding allowed jms protocols.
+ */
+ private static final String CONFIGURED_JMS_PROTOCOLS = "jms.protocols";
+ /**
+ * JVM/System property name holding default allowed jms protocols.
+ */
+ private static final String DEFAULT_JMS_PROTOCOLS =
"vm,tcp,nio,ssl,http,https,ws,wss";
Review Comment:
The default protocol list in the new system property ("vm,tcp,...") omits
the :// suffix that was present in the original hardcoded list ("vm://",
"tcp://", ...). Perhaps it's not a major issue, but this would make the check
less strict/secure.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
