Software AG Products 10.5 | Administering Integration Server | Whitelist Filtering in Integration Server | Integration Server Blacklist Classes File
 
Integration Server Blacklist Classes File
Integration Server performs blacklist class filtering during object deserialization. Integration Server detects the presence of unsafe classes during object deserialization and throws a ClassNotFound exception, which prevents the class from being instantiated.
Software AG built a blacklist file that is distributed with Integration Server. The blacklist is located here: Integration Server_directory instances/instanceName/config/security/classlist.xml
You can customize the blacklist classes file.
Note:
It is possible for an Integration Server fix or a subsequent release of Integration Server to change the contents of the blacklist file classlist.xml. If this occurs, any customizations to the classes.xml file will be lost. You will need to re-add your changes to the updated file.
*To edit the Integration Server blacklist classes file
1. Using a text editor, open the following file:
Integration Server_directory instances/instanceName/config/security/classlist.xml
2. Add the following row to the classlist array: <value>custom_class_name</value>
3. Repeat the preceding step for each class that you want to add to the blacklist classes file.
4. Save your changes and close the file.
5. Restart Integration Server.