How to Filter Incoming Serialization Data in JBoss EAP 8 / 7.4
Issue
- How to Filter Incoming Serialization Data in JBoss EAP 8.x ?
- How to Filter Incoming Serialization Data in JBoss EAP 7.4
- We want to configure Java serialization filtering (https://docs.oracle.com/en/java/javase/11/core/serialization-filtering1.html) for an enterprise application. Clients connect to stateless session beans via the JBoss EJB client API, with the 'remote+http' protocol.
- Where can we find documentation on JBoss serialization filtering?
- How can serialization filtering for session beans be configured? I.e. can we allow/deny classes beyond the default configuration?
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.