Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Configuring the deserialization filter

Updated on July 1, 2021

In Pega Platform, a global filter checks a list of blocked classes that are not allowed to be deserialized. You can add classes to the global deserialization filter to increase the security of your application by preventing unauthorized access.

  1. In the header of Dev Studio, click ConfigureSystemSettingsDeserialization Blacklist.
  2. To add a class to the list of blocked classes, click Add gadget class to blacklist, and enter a class name.
    Pega Platform does not deserialize classes that match this class name or pattern. Repeat this step to add multiple class names or patterns. You can use wildcards to specify a pattern for the class names to block.

    WildcardFunction
    <package name>.**Match any class in the package and all subpackages.
    <package name>.*Match any class in the package.
    <partial name>*Match anything that starts with <partial name>.
  3. Click Save.
  • Previous topic Allowing a website as an exception to a content security policy directive
  • Next topic Java deserialization

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us