[jira] [Commented] (GEODE-9486) Serialized classes in geode-serializable fail to deserialize when validate-serializable-objects is enabled

Fri, 24 Sep 2021 12:36:09 -0700 


    [ 
https://issues.apache.org/jira/browse/GEODE-9486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17419946#comment-17419946
 ] 

ASF subversion and git services commented on GEODE-9486:
--------------------------------------------------------

Commit ba81c3670d85dbb4451030e2c4acb11ca8aef9da in geode's branch 
refs/heads/support/1.14 from Kirk Lund
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=ba81c36 ]

GEODE-9486: Fix validate-serializable-objects (#6823)

Rename DistributedSystemService to SanctionedSerializablesService and
remove unused init(DistributedSystem).

Move SanctionedSerializablesService to geode-serialization.

Implement SanctionedSerializablesService in both geode-core and
geode-management to remove special case for each in
InternalDataSerializer.

Fix sanctioned serializables support in geode-management and
geode-apis-compatible-with-redis.

Add sanctioned serializables support to geode-serialization and
geode-pulse.

Add sanctioned serializables support to geode-junit and geode-dunit
to simplify writing tests for validate-serializable-objects and prevent
having to list out DUnit Rules and other test framework classes when
validate-serializable-objects is enabled.

Use ExecutorServiceRule and reformat json strings in
RestRegionAPIIntegrationTest.

Reorganize QueryCommandDUnitTestBase.

Use InvalidClassException instead of Exception in
ObjectInputStreamFilterWrapper fatal log message.

Improve assertion messages in ResourceUtils.

Move loadSanctionedSerializablesServices and loadClassNames to
new SanctionedSerializables in geode-serialization.

Exclude Pulse GemFireAuthentication from sanctioned serializables.

Add SerializationTest Category to all AnalyzeSerializables integration
tests.

Tidy up SANCTIONED_SERIALIZABLES_DEPENDENCIES_PATTERN.

Convert to AssertJ and use BeforeClass in
InternalDataSerializerSerializationAcceptlistTest.

Note: If Git or GitHub is showing invalid file renames in the diffs, you
may need to pull the branch locally and configure diff.renameLimit to
something lower than the default value of 50.

(cherry picked from commit acbd0ff3c37a5e1fe3018d3f7288df385159ac4c)


> Serialized classes in geode-serializable fail to deserialize when 
> validate-serializable-objects is enabled
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: GEODE-9486
>                 URL: https://issues.apache.org/jira/browse/GEODE-9486
>             Project: Geode
>          Issue Type: Bug
>          Components: serialization
>    Affects Versions: 1.12.0, 1.13.0, 1.14.0
>            Reporter: Kirk Lund
>            Assignee: Kirk Lund
>            Priority: Major
>              Labels: GeodeOperationAPI, pull-request-available
>
> Serialized classes in geode-serializable fail to deserialize when 
> {{validate-serializable-objects}} is enabled. This bug was caught by 
> {{SessionsAndCrashesDUnitTest}} in geode-apis-compatible-with-redis 
> (GEODE-9485):
> {noformat}
> [fatal 2021/08/04 13:50:57.548 UTC <GeodeRedisServer-Command-1> tid=114] 
> Serialization filter is rejecting class 
> org.apache.geode.internal.serialization.DSFIDNotFoundException
>     java.lang.Exception: 
>       at 
> org.apache.geode.internal.ObjectInputStreamFilterWrapper.lambda$createSerializationFilter$0(ObjectInputStreamFilterWrapper.java:234)
>       at com.sun.proxy.$Proxy26.checkInput(Unknown Source)
>       at 
> java.base/java.io.ObjectInputStream.filterCheck(ObjectInputStream.java:1336)
>       at 
> java.base/java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2005)
>       at 
> java.base/java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1862)
>       at 
> java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2169)
>       at 
> java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1679)
> {noformat}
> Any module with a class that may be serialized must implement 
> {{DistributedSystemService}} to provide the list of sanctioned serializables 
> as defined in {{sanctionedDataSerializables.txt}} and a concrete test 
> subclassing {{AnalyzeSerializablesJUnitTestBase}}.
> {{org.apache.geode.internal.serialization.DSFIDNotFoundException}} is in 
> geode-serialization which cannot depend on geode-core which owns 
> {{DistributedSystemService}}. Even if we remove the unused {{void 
> init(InternalDistributedSystem internalDistributedSystem)}} and move it to 
> geode-serialization, {{SerializationDistributedSystemService}} would need to 
> implement {{getSerializationAcceptlist()}} as:
> {noformat}
>   @Override
>   public Collection<String> getSerializationAcceptlist() throws IOException {
>     URL sanctionedSerializables = 
> ClassPathLoader.getLatest().getResource(getClass(),
>         "sanctioned-geode-gfsh-serializables.txt");
>     return InternalDataSerializer.loadClassNames(sanctionedSerializables);
>   }
> {noformat}
> ... which uses {{ClassPathLoader}} and {{InternalDataSerializer}} which live 
> in geode-core.
> This requires moving the classes {{ClassPathLoader}} and 
> {{InternalDataSerializer}} that need to be used within 
> {{getSerializationAcceptlist()}}. 
> {{ClassPathLoader}}  depends on geode deployment:
> {noformat}
> import org.apache.geode.internal.deployment.DeploymentServiceFactory;
> import org.apache.geode.internal.deployment.JarDeploymentService;
> {noformat}
> {{InternalDataSerializer}} gets even more complicated with many dependencies.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to