Allowing Custom Classes in the Database

EJBCA is very strict when it comes to deserialization of objects from the database, and these are checked against an allow list. In order to use custom classes which may be saved to the database (such as extensions, etc), do the following:

1. In cesecore.properties, uncomment and edit the following line:
   

   #custom.class.whitelist=org.widget.Bar,org.widget.Foo

2. As properties, set each canonical class name which is to be accepted for deserialization, separated by a comma.