Specifying a Filter Factory in a System or Security Property

You can set a filter factory that applies to only one application and to only a single invocation of Java by specifying it in the jdk.serialFilterFactory system property in the command line:

java -Djdk.serialFilterFactory=FilterFactoryClassName YourApplication

The value of jdk.serialFilterFactory is the class name of the filter factory to be set before the first deserialization. The class must be public and accessible to the application class loader (which the method java.lang.ClassLoader.getSystemClassLoader() returns).

You can set a JVM-wide filter factory that affects every application run with a Java runtime from $JAVA_HOME by specifying it in a Security Property. Note that a system property supersedes a Security Property value. Edit the file $JAVA_HOME/conf/security/java.security and specify the filter factory's class name in the jdk.serialFilterFactory Security Property.