You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@geode.apache.org by GitBox <gi...@apache.org> on 2021/12/04 00:44:18 UTC
[GitHub] [geode] kirklund opened a new pull request #7167: GEODE-9578: Implement serialization.filter API
kirklund opened a new pull request #7167:
URL: https://github.com/apache/geode/pull/7167
Serialization filtering pull requests can be very large so it may be
better to submit this change separately to help with reviews.
This PR consists of just the one commit below on top of #7165 and #7166.
Please review only this commit:
[GEODE-9578: Implement serialization.filter API]()
Replace ObjectInputStreamFilterWrapper with a more flexible API in
geode-serialization.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [geode] kirklund commented on pull request #7167: GEODE-9758: Add new internal serialization filter API
Posted by GitBox <gi...@apache.org>.
kirklund commented on pull request #7167:
URL: https://github.com/apache/geode/pull/7167#issuecomment-988281270
GeodeRedisServerStartupDUnitTest failed with a BindException
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [geode] kirklund commented on a change in pull request #7167: GEODE-9758: Add new internal serialization filter API
Posted by GitBox <gi...@apache.org>.
kirklund commented on a change in pull request #7167:
URL: https://github.com/apache/geode/pull/7167#discussion_r766230267
##########
File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/impl/ReflectionObjectInputFilterApiFactory.java
##########
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.serialization.filter.impl;
+
+import static org.apache.commons.lang3.JavaVersion.JAVA_1_8;
+import static org.apache.commons.lang3.JavaVersion.JAVA_9;
+import static org.apache.commons.lang3.SystemUtils.isJavaVersionAtLeast;
+import static org.apache.geode.internal.serialization.filter.impl.ApiPackage.JAVA_IO;
+import static org.apache.geode.internal.serialization.filter.impl.ApiPackage.SUN_MISC;
+
+public class ReflectionObjectInputFilterApiFactory implements ObjectInputFilterApiFactory {
+
+ private static final String UNSUPPORTED_MESSAGE =
+ "ObjectInputFilter is not supported in JRE version";
+
+ @Override
+ public ObjectInputFilterApi createObjectInputFilterApi() {
+ try {
+ if (isJavaVersionAtLeast(JAVA_9)) {
+ return new Java9ReflectionObjectInputFilterApi(JAVA_IO);
+ }
+ if (isJavaVersionAtLeast(JAVA_1_8)) {
+ return new ReflectionObjectInputFilterApi(SUN_MISC);
+ }
+ } catch (ClassNotFoundException | NoSuchMethodException e) {
+ throw new UnsupportedOperationException(UNSUPPORTED_MESSAGE, e);
+ }
+ throw new UnsupportedOperationException(UNSUPPORTED_MESSAGE);
+ }
Review comment:
Here's the flow through that logic...
First, it checks if the Java version is 9 or greater. If so, it returns Java 9 version.
Next, it checks if the Java version is 8 or greater. If so, it returns Java 8 version.
If either of the above throws then UnsupportedOperationException is thrown wrapping the cause.
If neither of those if-conditions was true (ex: Java version is 7) then it falls through to the 2nd throw clause which is after the catch-block... and it throws UnsupportedOperationException without a cause.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [geode] nabarunnag commented on pull request #7167: GEODE-9758: Add new internal serialization filter API
Posted by GitBox <gi...@apache.org>.
nabarunnag commented on pull request #7167:
URL: https://github.com/apache/geode/pull/7167#issuecomment-988454471
IntelliJ is detecting that the encoding has changed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [geode] kirklund commented on pull request #7167: GEODE-9758: Add new internal serialization filter API
Posted by GitBox <gi...@apache.org>.
kirklund commented on pull request #7167:
URL: https://github.com/apache/geode/pull/7167#issuecomment-989022969
@nabarunnag weird... thanks for pointing that out! I'll fix it. I can't figure out how/why that would happen since I use IntelliJ on Mac.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [geode] kirklund commented on a change in pull request #7167: GEODE-9758: Add new internal serialization filter API
Posted by GitBox <gi...@apache.org>.
kirklund commented on a change in pull request #7167:
URL: https://github.com/apache/geode/pull/7167#discussion_r764383466
##########
File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/SanctionedSerializables.java
##########
@@ -62,4 +75,22 @@
}
return result;
}
+
+ public static Set<String> loadSanctionedClassNames(
+ Iterable<SanctionedSerializablesService> services) {
+ Set<String> sanctionedClasses = new HashSet<>(650);
Review comment:
I'll add a constant in the next PR if that's ok...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [geode] jchen21 commented on a change in pull request #7167: GEODE-9758: Add new internal serialization filter API
Posted by GitBox <gi...@apache.org>.
jchen21 commented on a change in pull request #7167:
URL: https://github.com/apache/geode/pull/7167#discussion_r763321983
##########
File path: geode-core/src/main/java/org/apache/geode/internal/serialization/filter/DistributedSerializableObjectConfig.java
##########
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.serialization.filter;
+
+import static java.util.Objects.requireNonNull;
+import static org.apache.geode.distributed.ConfigurationProperties.SERIALIZABLE_OBJECT_FILTER;
+import static org.apache.geode.distributed.ConfigurationProperties.VALIDATE_SERIALIZABLE_OBJECTS;
+
+import java.util.Properties;
+
+public class DistributedSerializableObjectConfig implements SerializableObjectConfig {
+
+ private final Properties config;
+
+ public DistributedSerializableObjectConfig(Properties config) {
+ this.config = requireNonNull(config);
+ }
+
+ @Override
+ public boolean getValidateSerializableObjects() {
+ return "true".equalsIgnoreCase(config.getProperty(VALIDATE_SERIALIZABLE_OBJECTS));
+ }
+
+ @Override
+ public void setValidateSerializableObjects(boolean value) {
+ config.setProperty(VALIDATE_SERIALIZABLE_OBJECTS, Boolean.valueOf(value).toString());
+ }
+
+ @Override
+ public String getSerializableObjectFilter() {
Review comment:
Might also need a setter `setSerializableObjectFilter` at some point, when the user set `serializable-object-filter`.
##########
File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/SanctionedSerializables.java
##########
@@ -62,4 +75,22 @@
}
return result;
}
+
+ public static Set<String> loadSanctionedClassNames(
+ Iterable<SanctionedSerializablesService> services) {
+ Set<String> sanctionedClasses = new HashSet<>(650);
Review comment:
Want to define a constant for 650? Is 650 the current size of the known sanctioned classes?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [geode] kirklund commented on pull request #7167: GEODE-9758: Add new internal serialization filter API
Posted by GitBox <gi...@apache.org>.
kirklund commented on pull request #7167:
URL: https://github.com/apache/geode/pull/7167#issuecomment-993037968
I will resubmit all serialization filtering PRs as one big PR again. This has gotten out of hand.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [geode] Bill commented on a change in pull request #7167: GEODE-9758: Add new internal serialization filter API
Posted by GitBox <gi...@apache.org>.
Bill commented on a change in pull request #7167:
URL: https://github.com/apache/geode/pull/7167#discussion_r766237336
##########
File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/ConditionalGlobalSerialFilterConfigurationFactory.java
##########
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.serialization.filter;
+
+import org.apache.geode.internal.serialization.filter.impl.ConditionalGlobalSerialFilterConfiguration;
+import org.apache.geode.internal.serialization.filter.impl.EnableFiltering;
+
+public class ConditionalGlobalSerialFilterConfigurationFactory implements
Review comment:
the interface `GlobalSerialFilterConfigurationFactory` is also not referenced statically according to my IDE
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [geode] kirklund commented on pull request #7167: GEODE-9758: Add new internal serialization filter API
Posted by GitBox <gi...@apache.org>.
kirklund commented on pull request #7167:
URL: https://github.com/apache/geode/pull/7167#issuecomment-988448403
> Approved, I just was curious on why the encoding of few files were changed from UTF-8 to US-ASCII
@nabarunnag can you please point out which files changed encoding? Also, how did you notice that? Thanks!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [geode] Bill commented on a change in pull request #7167: GEODE-9758: Add new internal serialization filter API
Posted by GitBox <gi...@apache.org>.
Bill commented on a change in pull request #7167:
URL: https://github.com/apache/geode/pull/7167#discussion_r766236635
##########
File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/impl/ReflectionObjectInputFilterApiFactory.java
##########
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.serialization.filter.impl;
+
+import static org.apache.commons.lang3.JavaVersion.JAVA_1_8;
+import static org.apache.commons.lang3.JavaVersion.JAVA_9;
+import static org.apache.commons.lang3.SystemUtils.isJavaVersionAtLeast;
+import static org.apache.geode.internal.serialization.filter.impl.ApiPackage.JAVA_IO;
+import static org.apache.geode.internal.serialization.filter.impl.ApiPackage.SUN_MISC;
+
+public class ReflectionObjectInputFilterApiFactory implements ObjectInputFilterApiFactory {
+
+ private static final String UNSUPPORTED_MESSAGE =
+ "ObjectInputFilter is not supported in JRE version";
+
+ @Override
+ public ObjectInputFilterApi createObjectInputFilterApi() {
+ try {
+ if (isJavaVersionAtLeast(JAVA_9)) {
+ return new Java9ReflectionObjectInputFilterApi(JAVA_IO);
+ }
+ if (isJavaVersionAtLeast(JAVA_1_8)) {
+ return new ReflectionObjectInputFilterApi(SUN_MISC);
+ }
+ } catch (ClassNotFoundException | NoSuchMethodException e) {
+ throw new UnsupportedOperationException(UNSUPPORTED_MESSAGE, e);
+ }
+ throw new UnsupportedOperationException(UNSUPPORTED_MESSAGE);
+ }
Review comment:
thanks Kirk I missed that throw
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [geode] Bill commented on a change in pull request #7167: GEODE-9758: Add new internal serialization filter API
Posted by GitBox <gi...@apache.org>.
Bill commented on a change in pull request #7167:
URL: https://github.com/apache/geode/pull/7167#discussion_r766237336
##########
File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/ConditionalGlobalSerialFilterConfigurationFactory.java
##########
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.serialization.filter;
+
+import org.apache.geode.internal.serialization.filter.impl.ConditionalGlobalSerialFilterConfiguration;
+import org.apache.geode.internal.serialization.filter.impl.EnableFiltering;
+
+public class ConditionalGlobalSerialFilterConfigurationFactory implements
Review comment:
the interface `GlobalSerialFilterConfigurationFactory` is also not referenced statically (anywhere but in this class) according to my IDE
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [geode] Bill commented on a change in pull request #7167: GEODE-9758: Add new internal serialization filter API
Posted by GitBox <gi...@apache.org>.
Bill commented on a change in pull request #7167:
URL: https://github.com/apache/geode/pull/7167#discussion_r766216187
##########
File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/impl/ReflectionObjectInputFilterApiFactory.java
##########
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.serialization.filter.impl;
+
+import static org.apache.commons.lang3.JavaVersion.JAVA_1_8;
+import static org.apache.commons.lang3.JavaVersion.JAVA_9;
+import static org.apache.commons.lang3.SystemUtils.isJavaVersionAtLeast;
+import static org.apache.geode.internal.serialization.filter.impl.ApiPackage.JAVA_IO;
+import static org.apache.geode.internal.serialization.filter.impl.ApiPackage.SUN_MISC;
+
+public class ReflectionObjectInputFilterApiFactory implements ObjectInputFilterApiFactory {
+
+ private static final String UNSUPPORTED_MESSAGE =
+ "ObjectInputFilter is not supported in JRE version";
+
+ @Override
+ public ObjectInputFilterApi createObjectInputFilterApi() {
+ try {
+ if (isJavaVersionAtLeast(JAVA_9)) {
+ return new Java9ReflectionObjectInputFilterApi(JAVA_IO);
+ }
+ if (isJavaVersionAtLeast(JAVA_1_8)) {
+ return new ReflectionObjectInputFilterApi(SUN_MISC);
+ }
+ } catch (ClassNotFoundException | NoSuchMethodException e) {
+ throw new UnsupportedOperationException(UNSUPPORTED_MESSAGE, e);
+ }
+ throw new UnsupportedOperationException(UNSUPPORTED_MESSAGE);
+ }
Review comment:
I don't understand how this doesn't generate a compiler error. Can the compiler prove that the Java version will always be at least 1.8?
##########
File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/ConditionalGlobalSerialFilterConfigurationFactory.java
##########
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.serialization.filter;
+
+import org.apache.geode.internal.serialization.filter.impl.ConditionalGlobalSerialFilterConfiguration;
+import org.apache.geode.internal.serialization.filter.impl.EnableFiltering;
+
+public class ConditionalGlobalSerialFilterConfigurationFactory implements
Review comment:
This class is never referenced statically. Is it referenced dynamically? If not, I think it should be removed.
##########
File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/DelegatingObjectInputFilterFactory.java
##########
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.serialization.filter;
+
+import static java.util.Objects.requireNonNull;
+
+import java.util.Set;
+
+import org.apache.geode.internal.serialization.filter.impl.DelegatingObjectInputFilter;
+import org.apache.geode.internal.serialization.filter.impl.ObjectInputFilterApi;
+import org.apache.geode.internal.serialization.filter.impl.ObjectInputFilterApiFactory;
+import org.apache.geode.internal.serialization.filter.impl.ReflectionObjectInputFilterApiFactory;
+
+public class DelegatingObjectInputFilterFactory implements ObjectInputFilterFactory {
+
+ private final Runnable precondition;
+ private final ObjectInputFilterApiFactory apiFactory;
+
+ public DelegatingObjectInputFilterFactory(Runnable precondition) {
+ this(new ReflectionObjectInputFilterApiFactory(), precondition);
+ }
+
+ private DelegatingObjectInputFilterFactory(ObjectInputFilterApiFactory apiFactory,
+ Runnable precondition) {
+ this.apiFactory = requireNonNull(apiFactory, "apiFactory is required");
+ this.precondition = requireNonNull(precondition, "precondition is required");
+ }
+
+ @Override
+ public ObjectInputFilter create(SerializableObjectConfig config, Set<String> sanctionedClasses) {
+ if (config.getValidateSerializableObjects()) {
+ precondition.run();
Review comment:
`DelegatingObjectInputFilterFactory` is a class that takes parameters in a constructor, assigns them to fields, and then provides a `create()` method. Yet product and test code always constructs an instance and then immediately calls the `create()` method, then the constructed instance is eligible for garbage collection.
Inasmuch as the factory is never retained, and since the constructor call is always followed by the create call, it seems to me this could be a single function. No class, no constructor, no fields, are needed. If polymorphism is needed (which currently does not seem to be the case), a functional interface could be defined:
```java
ObjectInputFilter create(SerializableObjectConfig config, Set<String> sanctionedClasses, ObjectInputFilterApiFactory apiFactory, Runnable precondition)
```
There could be a single concrete implementation of that interface in the product.
In that case I also think `precondition` looks a little fishy, but perhaps it is important it's called inside the `if`.
Am I missing something here? Is there some reason why all this structure is needed?
##########
File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/ConditionalGlobalSerialFilterConfigurationFactory.java
##########
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.serialization.filter;
+
+import org.apache.geode.internal.serialization.filter.impl.ConditionalGlobalSerialFilterConfiguration;
+import org.apache.geode.internal.serialization.filter.impl.EnableFiltering;
+
+public class ConditionalGlobalSerialFilterConfigurationFactory implements
+ GlobalSerialFilterConfigurationFactory {
+
+ private final EnableFiltering enableFiltering;
+
+ public ConditionalGlobalSerialFilterConfigurationFactory() {
+ this(() -> false);
+ }
+
+ /**
+ * Example:
+ * {@code
+ * () -> isJavaVersionAtLeast(JAVA_1_8) &&
+ * isJavaVersionAtMost(JAVA_1_8) &&
+ * isBlank(System.getProperty("jdk.serialFilter"))
+ * }
+ */
Review comment:
I don't understand this code example, given that the only invocation of this constructor is on line 26 (and does not look anything like the code example).
##########
File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/SerializableObjectConfig.java
##########
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.serialization.filter;
+
+public interface SerializableObjectConfig {
+
+ default String getFilterPatternIfEnabled() {
+ return getValidateSerializableObjects() ? getSerializableObjectFilter() : null;
+ }
+
+ boolean getValidateSerializableObjects();
Review comment:
Need javadoc on this method and all the others, and the class itself please.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [geode] Bill commented on a change in pull request #7167: GEODE-9758: Add new internal serialization filter API
Posted by GitBox <gi...@apache.org>.
Bill commented on a change in pull request #7167:
URL: https://github.com/apache/geode/pull/7167#discussion_r766236635
##########
File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/impl/ReflectionObjectInputFilterApiFactory.java
##########
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.serialization.filter.impl;
+
+import static org.apache.commons.lang3.JavaVersion.JAVA_1_8;
+import static org.apache.commons.lang3.JavaVersion.JAVA_9;
+import static org.apache.commons.lang3.SystemUtils.isJavaVersionAtLeast;
+import static org.apache.geode.internal.serialization.filter.impl.ApiPackage.JAVA_IO;
+import static org.apache.geode.internal.serialization.filter.impl.ApiPackage.SUN_MISC;
+
+public class ReflectionObjectInputFilterApiFactory implements ObjectInputFilterApiFactory {
+
+ private static final String UNSUPPORTED_MESSAGE =
+ "ObjectInputFilter is not supported in JRE version";
+
+ @Override
+ public ObjectInputFilterApi createObjectInputFilterApi() {
+ try {
+ if (isJavaVersionAtLeast(JAVA_9)) {
+ return new Java9ReflectionObjectInputFilterApi(JAVA_IO);
+ }
+ if (isJavaVersionAtLeast(JAVA_1_8)) {
+ return new ReflectionObjectInputFilterApi(SUN_MISC);
+ }
+ } catch (ClassNotFoundException | NoSuchMethodException e) {
+ throw new UnsupportedOperationException(UNSUPPORTED_MESSAGE, e);
+ }
+ throw new UnsupportedOperationException(UNSUPPORTED_MESSAGE);
+ }
Review comment:
thanks Kirk
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [geode] kirklund closed pull request #7167: GEODE-9758: Add new internal serialization filter API
Posted by GitBox <gi...@apache.org>.
kirklund closed pull request #7167:
URL: https://github.com/apache/geode/pull/7167
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [geode] kirklund commented on a change in pull request #7167: GEODE-9758: Add new internal serialization filter API
Posted by GitBox <gi...@apache.org>.
kirklund commented on a change in pull request #7167:
URL: https://github.com/apache/geode/pull/7167#discussion_r764381649
##########
File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/SanctionedSerializables.java
##########
@@ -62,4 +75,22 @@
}
return result;
}
+
+ public static Set<String> loadSanctionedClassNames(
+ Iterable<SanctionedSerializablesService> services) {
+ Set<String> sanctionedClasses = new HashSet<>(650);
Review comment:
Yeah, it was originally being initialized to 200 in size. There are almost 650 sanctioned classes in Geode now, so this is a better initial size.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@geode.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org