Hi, I'm using ActiveMQ as my jms broker for a webapp. I am currently using the vm argument -Dorg.apache.activemq.SERIALIZABLE_PACKAGES="*" so that Spring integration can deserialize my object messages (http://activemq.apache.org/objectmessage.html). I know this is a security vulnerability and I'd like to use a white list, but I'm having issues getting it to work correctly. What I'd like to do is use wild cards to white list every spring integration class... something like this -Dorg.apache.activemq.SERIALIZABLE_PACKAGES="org.springframework.integration.*" but this doesn't seem to work. Do I have to list each package individually?
Thanks -- View this message in context: http://activemq.2283324.n4.nabble.com/Object-Message-Deserialization-Security-White-List-Wildcards-tp4707904.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
