[ https://issues.apache.org/jira/browse/GEODE-9486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17419946#comment-17419946 ]
ASF subversion and git services commented on GEODE-9486: -------------------------------------------------------- Commit ba81c3670d85dbb4451030e2c4acb11ca8aef9da in geode's branch refs/heads/support/1.14 from Kirk Lund [ https://gitbox.apache.org/repos/asf?p=geode.git;h=ba81c36 ] GEODE-9486: Fix validate-serializable-objects (#6823) Rename DistributedSystemService to SanctionedSerializablesService and remove unused init(DistributedSystem). Move SanctionedSerializablesService to geode-serialization. Implement SanctionedSerializablesService in both geode-core and geode-management to remove special case for each in InternalDataSerializer. Fix sanctioned serializables support in geode-management and geode-apis-compatible-with-redis. Add sanctioned serializables support to geode-serialization and geode-pulse. Add sanctioned serializables support to geode-junit and geode-dunit to simplify writing tests for validate-serializable-objects and prevent having to list out DUnit Rules and other test framework classes when validate-serializable-objects is enabled. Use ExecutorServiceRule and reformat json strings in RestRegionAPIIntegrationTest. Reorganize QueryCommandDUnitTestBase. Use InvalidClassException instead of Exception in ObjectInputStreamFilterWrapper fatal log message. Improve assertion messages in ResourceUtils. Move loadSanctionedSerializablesServices and loadClassNames to new SanctionedSerializables in geode-serialization. Exclude Pulse GemFireAuthentication from sanctioned serializables. Add SerializationTest Category to all AnalyzeSerializables integration tests. Tidy up SANCTIONED_SERIALIZABLES_DEPENDENCIES_PATTERN. Convert to AssertJ and use BeforeClass in InternalDataSerializerSerializationAcceptlistTest. Note: If Git or GitHub is showing invalid file renames in the diffs, you may need to pull the branch locally and configure diff.renameLimit to something lower than the default value of 50. (cherry picked from commit acbd0ff3c37a5e1fe3018d3f7288df385159ac4c) > Serialized classes in geode-serializable fail to deserialize when > validate-serializable-objects is enabled > ---------------------------------------------------------------------------------------------------------- > > Key: GEODE-9486 > URL: https://issues.apache.org/jira/browse/GEODE-9486 > Project: Geode > Issue Type: Bug > Components: serialization > Affects Versions: 1.12.0, 1.13.0, 1.14.0 > Reporter: Kirk Lund > Assignee: Kirk Lund > Priority: Major > Labels: GeodeOperationAPI, pull-request-available > > Serialized classes in geode-serializable fail to deserialize when > {{validate-serializable-objects}} is enabled. This bug was caught by > {{SessionsAndCrashesDUnitTest}} in geode-apis-compatible-with-redis > (GEODE-9485): > {noformat} > [fatal 2021/08/04 13:50:57.548 UTC <GeodeRedisServer-Command-1> tid=114] > Serialization filter is rejecting class > org.apache.geode.internal.serialization.DSFIDNotFoundException > java.lang.Exception: > at > org.apache.geode.internal.ObjectInputStreamFilterWrapper.lambda$createSerializationFilter$0(ObjectInputStreamFilterWrapper.java:234) > at com.sun.proxy.$Proxy26.checkInput(Unknown Source) > at > java.base/java.io.ObjectInputStream.filterCheck(ObjectInputStream.java:1336) > at > java.base/java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2005) > at > java.base/java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1862) > at > java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2169) > at > java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1679) > {noformat} > Any module with a class that may be serialized must implement > {{DistributedSystemService}} to provide the list of sanctioned serializables > as defined in {{sanctionedDataSerializables.txt}} and a concrete test > subclassing {{AnalyzeSerializablesJUnitTestBase}}. > {{org.apache.geode.internal.serialization.DSFIDNotFoundException}} is in > geode-serialization which cannot depend on geode-core which owns > {{DistributedSystemService}}. Even if we remove the unused {{void > init(InternalDistributedSystem internalDistributedSystem)}} and move it to > geode-serialization, {{SerializationDistributedSystemService}} would need to > implement {{getSerializationAcceptlist()}} as: > {noformat} > @Override > public Collection<String> getSerializationAcceptlist() throws IOException { > URL sanctionedSerializables = > ClassPathLoader.getLatest().getResource(getClass(), > "sanctioned-geode-gfsh-serializables.txt"); > return InternalDataSerializer.loadClassNames(sanctionedSerializables); > } > {noformat} > ... which uses {{ClassPathLoader}} and {{InternalDataSerializer}} which live > in geode-core. > This requires moving the classes {{ClassPathLoader}} and > {{InternalDataSerializer}} that need to be used within > {{getSerializationAcceptlist()}}. > {{ClassPathLoader}} depends on geode deployment: > {noformat} > import org.apache.geode.internal.deployment.DeploymentServiceFactory; > import org.apache.geode.internal.deployment.JarDeploymentService; > {noformat} > {{InternalDataSerializer}} gets even more complicated with many dependencies. -- This message was sent by Atlassian Jira (v8.3.4#803005)