Skip to content

Add remote file filtering for XBeanBrokerFactory#1950

Merged
cshannon merged 2 commits intoapache:mainfrom
cshannon:restrict-remote-files
Apr 21, 2026
Merged

Add remote file filtering for XBeanBrokerFactory#1950
cshannon merged 2 commits intoapache:mainfrom
cshannon:restrict-remote-files

Conversation

@cshannon
Copy link
Copy Markdown
Contributor

@cshannon cshannon commented Apr 21, 2026

This expands on the previous work in #1910 to add treat remote files as a separate protocol category that can be controlled independently of regular files when loading resources. By default remote files will be disabled.

Follow on to #1910

@cshannon
Add remote file filtering for XBeanBrokerFactory
160c38a 
This expands on the previous work in apache#1910 to add treat remote files as
a separate protocol category that can be controlled independently of
regular files when loading resources. By default remote files will be
disabled.

Follow on to apache#1910
@cshannon cshannon requested review from jbonofre and mattrpav April 21, 2026 00:22
jbonofre
jbonofre previously approved these changes Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jbonofre jbonofre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks good. I just have a doubt about isQualifiedRemoteFile() test.

Comment thread activemq-spring/src/main/java/org/apache/activemq/spring/Utils.java
}

private static boolean isQualifiedRemoteFile(String uri) {
return uri.startsWith(FILE_PROTOCOL + "://") || uri.startsWith(FILE_PROTOCOL + ":\\\\");
Copy link
Copy Markdown
Member

@jbonofre jbonofre Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess file:/// match here, meaning it's local but not remove. Should we not check the /// to be sure we are actually local?

Suggested change
return uri.startsWith(FILE_PROTOCOL + "://") || uri.startsWith(FILE_PROTOCOL + ":\\\\");
return (uri.startsWith(FILE_PROTOCOL + "://") && !uri.startsWith(FILE_PROTOCOL + ":///"))
|| uri.startsWith(FILE_PROTOCOL + ":\\\\");

Copy link
Copy Markdown
Contributor Author

@cshannon cshannon Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is a good point but I think the safest thing here is to just only allow using the single slash or relative path. No one needs to use file:/// they can just use file:/ and that will simplify things and prevent any bugs.

We can make a note of that when this is released and we write some documentation.

Copy link
Copy Markdown
Member

@jbonofre jbonofre Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that works for me. Thanks!

mattrpav
mattrpav approved these changes Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mattrpav mattrpav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cshannon cshannon merged commit 87f1880 into apache:main Apr 21, 2026
10 checks passed
@github-project-automation github-project-automation Bot moved this from Backlog to Done in Apache ActiveMQ v6.3.0 Apr 21, 2026
@cshannon cshannon deleted the restrict-remote-files branch April 21, 2026 14:51
jbonofre pushed a commit that referenced this pull request Apr 21, 2026
@cshannon
Add remote file filtering for XBeanBrokerFactory (#1950) (#1955)
854ef64 
This expands on the previous work in #1910 to add treat remote files as
a separate protocol category that can be controlled independently of
regular files when loading resources. By default remote files will be
disabled.

Follow on to #1910

(cherry picked from commit 87f1880)
jbonofre pushed a commit that referenced this pull request Apr 21, 2026
@cshannon
Add remote file filtering for XBeanBrokerFactory (#1950) (#1954)
881ce9d 
This expands on the previous work in #1910 to add treat remote files as
a separate protocol category that can be controlled independently of
regular files when loading resources. By default remote files will be
disabled.

Follow on to #1910

(cherry picked from commit 87f1880)
jgallimore added a commit to tomitribe/activemq that referenced this pull request Apr 24, 2026
@jgallimore
Add remote file filtering for XBeanBrokerFactory (apache#1950) (apach…
253370c 
…e#1955)

Cherry-picked from 5.19.x: 854ef64
jgallimore added a commit to tomitribe/activemq that referenced this pull request Apr 24, 2026
@jgallimore
Add remote file filtering for XBeanBrokerFactory (apache#1950) (apach…
af4af30 
…e#1955)

Cherry-picked from 5.19.x: 854ef64
jgallimore added a commit to tomitribe/activemq that referenced this pull request Apr 24, 2026
@jgallimore
Add remote file filtering for XBeanBrokerFactory (apache#1950) (apach…
bd3468c 
…e#1954)

Cherry-picked from 6.2.x: 881ce9d
jgallimore added a commit to tomitribe/activemq that referenced this pull request Apr 24, 2026
@jgallimore
Add remote file filtering for XBeanBrokerFactory (apache#1950) (apach…
ee08ef0 
…e#1954)

Cherry-picked from 6.2.x: 881ce9d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jbonofre jbonofre jbonofre left review comments

@mattrpav mattrpav mattrpav approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Apache ActiveMQ v6.3.0
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cshannon @jbonofre @mattrpav