Specifying a Filter Factory in a System or Security Property
You can set a filter factory that applies to only one application and to only
a single invocation of Java by specifying it in the jdk.serialFilterFactory
system property in the command line:
java -Djdk.serialFilterFactory=FilterFactoryClassName
YourApplication
The value of jdk.serialFilterFactory
is the class name of
the filter factory to be set before the first deserialization. The class must be public
and accessible to the application class loader (which the method java.lang.ClassLoader.getSystemClassLoader()
returns).
You can set a JVM-wide filter factory that affects every application run
with a Java runtime from $JAVA_HOME
by specifying it in a Security
Property. Note that a system property supersedes a Security Property value. Edit the
file $JAVA_HOME/conf/security/java.security
and specify the filter
factory's class name in the jdk.serialFilterFactory
Security
Property.