You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Kirk Lund (Jira)" <ji...@apache.org> on 2021/09/08 16:40:00 UTC
[jira] [Updated] (GEODE-9486) Serialized classes in
geode-serializable fail to deserialize when validate-serializable-objects
is enabled
[ https://issues.apache.org/jira/browse/GEODE-9486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kirk Lund updated GEODE-9486:
-----------------------------
Affects Version/s: 1.12.0
1.13.0
1.14.0
> Serialized classes in geode-serializable fail to deserialize when validate-serializable-objects is enabled
> ----------------------------------------------------------------------------------------------------------
>
> Key: GEODE-9486
> URL: https://issues.apache.org/jira/browse/GEODE-9486
> Project: Geode
> Issue Type: Bug
> Components: serialization
> Affects Versions: 1.12.0, 1.13.0, 1.14.0
> Reporter: Kirk Lund
> Assignee: Kirk Lund
> Priority: Major
> Labels: GeodeOperationAPI, pull-request-available
>
> Serialized classes in geode-serializable fail to deserialize when {{validate-serializable-objects}} is enabled. This bug was caught by {{SessionsAndCrashesDUnitTest}} in geode-apis-compatible-with-redis (GEODE-9485):
> {noformat}
> [fatal 2021/08/04 13:50:57.548 UTC <GeodeRedisServer-Command-1> tid=114] Serialization filter is rejecting class org.apache.geode.internal.serialization.DSFIDNotFoundException
> java.lang.Exception:
> at org.apache.geode.internal.ObjectInputStreamFilterWrapper.lambda$createSerializationFilter$0(ObjectInputStreamFilterWrapper.java:234)
> at com.sun.proxy.$Proxy26.checkInput(Unknown Source)
> at java.base/java.io.ObjectInputStream.filterCheck(ObjectInputStream.java:1336)
> at java.base/java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2005)
> at java.base/java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1862)
> at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2169)
> at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1679)
> {noformat}
> Any module with a class that may be serialized must implement {{DistributedSystemService}} to provide the list of sanctioned serializables as defined in {{sanctionedDataSerializables.txt}} and a concrete test subclassing {{AnalyzeSerializablesJUnitTestBase}}.
> {{org.apache.geode.internal.serialization.DSFIDNotFoundException}} is in geode-serialization which cannot depend on geode-core which owns {{DistributedSystemService}}. Even if we remove the unused {{void init(InternalDistributedSystem internalDistributedSystem)}} and move it to geode-serialization, {{SerializationDistributedSystemService}} would need to implement {{getSerializationAcceptlist()}} as:
> {noformat}
> @Override
> public Collection<String> getSerializationAcceptlist() throws IOException {
> URL sanctionedSerializables = ClassPathLoader.getLatest().getResource(getClass(),
> "sanctioned-geode-gfsh-serializables.txt");
> return InternalDataSerializer.loadClassNames(sanctionedSerializables);
> }
> {noformat}
> ... which uses {{ClassPathLoader}} and {{InternalDataSerializer}} which live in geode-core.
> This requires moving the classes {{ClassPathLoader}} and {{InternalDataSerializer}} that need to be used within {{getSerializationAcceptlist()}}.
> {{ClassPathLoader}} depends on geode deployment:
> {noformat}
> import org.apache.geode.internal.deployment.DeploymentServiceFactory;
> import org.apache.geode.internal.deployment.JarDeploymentService;
> {noformat}
> {{InternalDataSerializer}} gets even more complicated with many dependencies.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)