You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@dubbo.apache.org by al...@apache.org on 2023/05/07 23:12:20 UTC
[dubbo-samples] branch master updated: Update serialization config (#838)
This is an automated email from the ASF dual-hosted git repository.
albumenj pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/dubbo-samples.git
The following commit(s) were added to refs/heads/master by this push:
new a12de07a Update serialization config (#838)
a12de07a is described below
commit a12de07a36b51b85dbd469cab4e11c4d0f9a7090
Author: Albumen Kevin <jh...@gmail.com>
AuthorDate: Mon May 8 07:12:12 2023 +0800
Update serialization config (#838)
* Add child pojo to allow list
* Set check level
---
.../src/main/resources/security/serialize.allowlist | 19 +++++++++++++++++++
.../src/test/java/org/apache/dubbo/test/CheckIT.java | 11 ++++++-----
.../test/java/org/apache/dubbo/test/CheckIoIT.java | 17 +++++++++--------
3 files changed, 34 insertions(+), 13 deletions(-)
diff --git a/3-extensions/protocol/dubbo-samples-triple/src/main/resources/security/serialize.allowlist b/3-extensions/protocol/dubbo-samples-triple/src/main/resources/security/serialize.allowlist
new file mode 100644
index 00000000..f08a259e
--- /dev/null
+++ b/3-extensions/protocol/dubbo-samples-triple/src/main/resources/security/serialize.allowlist
@@ -0,0 +1,19 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+org.apache.dubbo.sample.tri.api.ChildPojo
diff --git a/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIT.java b/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIT.java
index ef20db24..2ede188e 100644
--- a/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIT.java
+++ b/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIT.java
@@ -18,10 +18,6 @@
*/
package org.apache.dubbo.test;
-import java.lang.reflect.Proxy;
-import java.util.Arrays;
-import java.util.Map;
-
import org.apache.dubbo.common.beanutil.JavaBeanDescriptor;
import org.apache.dubbo.common.beanutil.JavaBeanSerializeUtil;
import org.apache.dubbo.common.utils.PojoUtils;
@@ -36,18 +32,23 @@ import org.apache.dubbo.samples.NotSerializable;
import org.apache.dubbo.samples.Parent;
import org.apache.dubbo.samples.User;
import org.apache.dubbo.samples.User2;
+
+import io.dubbo.test2.OthersSerializable;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
-import io.dubbo.test2.OthersSerializable;
+import java.lang.reflect.Proxy;
+import java.util.Arrays;
+import java.util.Map;
public class CheckIT {
@BeforeClass
public static void setup() {
ApplicationConfig applicationConfig = new ApplicationConfig();
applicationConfig.setSerializeCheckStatus("STRICT");
+ applicationConfig.setTrustSerializeClassLevel(3);
applicationConfig.setName("consumer");
DubboBootstrap.getInstance()
.application(applicationConfig)
diff --git a/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIoIT.java b/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIoIT.java
index 4a9809a6..c26b2b59 100644
--- a/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIoIT.java
+++ b/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIoIT.java
@@ -18,10 +18,6 @@
*/
package org.apache.dubbo.test;
-import java.lang.reflect.Proxy;
-import java.util.Arrays;
-import java.util.Map;
-
import org.apache.dubbo.common.beanutil.JavaBeanDescriptor;
import org.apache.dubbo.common.beanutil.JavaBeanSerializeUtil;
import org.apache.dubbo.common.utils.PojoUtils;
@@ -31,10 +27,6 @@ import org.apache.dubbo.config.RegistryConfig;
import org.apache.dubbo.config.bootstrap.DubboBootstrap;
import org.apache.dubbo.rpc.model.FrameworkModel;
import org.apache.dubbo.rpc.service.GenericService;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.Test;
import io.dubbo.test.DemoService2;
import io.dubbo.test.NotSerializable;
@@ -42,12 +34,21 @@ import io.dubbo.test.Parent;
import io.dubbo.test.User;
import io.dubbo.test.User2;
import io.dubbo.test2.OthersSerializable;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import java.lang.reflect.Proxy;
+import java.util.Arrays;
+import java.util.Map;
public class CheckIoIT {
@BeforeClass
public static void setup() {
ApplicationConfig applicationConfig = new ApplicationConfig();
applicationConfig.setSerializeCheckStatus("STRICT");
+ applicationConfig.setTrustSerializeClassLevel(3);
applicationConfig.setName("consumer");
DubboBootstrap.getInstance()
.application(applicationConfig)
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org