spring-amqp Use JDK `ObjectInputFilter` instead of calling `AllowedListDeserializingMessageConverter::checkAllowedList` in `ConfigurableObjectInputStream::resolveClass`

Use JDK `ObjectInputFilter` instead of calling `AllowedListDeserializingMessageConverter::checkAllowedList` in `ConfigurableObjectInputStream::resolveClass`

Open quaff opened this issue 10 months ago • 2 comments

I think it's better to use standard API. see Java Serialization Filters

https://github.com/spring-projects/spring-amqp/blob/603e6c8c09838aff5a8dcf3f9e6e1ab1d3488cde/spring-amqp/src/main/java/org/springframework/amqp/support/converter/SimpleMessageConverter.java#L158-L162

https://github.com/spring-projects/spring-amqp/blob/603e6c8c09838aff5a8dcf3f9e6e1ab1d3488cde/spring-amqp/src/main/java/org/springframework/amqp/support/converter/SerializerMessageConverter.java#L167-L172

Apr 18 '24 14:04 quaff

spring-amqp spring-amqp copied to clipboard

Use JDK `ObjectInputFilter` instead of calling `AllowedListDeserializingMessageConverter::checkAllowedList` in `ConfigurableObjectInputStream::resolveClass`

spring-amqp
spring-amqp copied to clipboard