You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@dubbo.apache.org by al...@apache.org on 2023/05/07 23:12:20 UTC

[dubbo-samples] branch master updated: Update serialization config (#838)

This is an automated email from the ASF dual-hosted git repository.

albumenj pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/dubbo-samples.git


The following commit(s) were added to refs/heads/master by this push:
     new a12de07a Update serialization config (#838)
a12de07a is described below

commit a12de07a36b51b85dbd469cab4e11c4d0f9a7090
Author: Albumen Kevin <jh...@gmail.com>
AuthorDate: Mon May 8 07:12:12 2023 +0800

    Update serialization config (#838)
    
    * Add child pojo to allow list
    
    * Set check level
---
 .../src/main/resources/security/serialize.allowlist   | 19 +++++++++++++++++++
 .../src/test/java/org/apache/dubbo/test/CheckIT.java  | 11 ++++++-----
 .../test/java/org/apache/dubbo/test/CheckIoIT.java    | 17 +++++++++--------
 3 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/3-extensions/protocol/dubbo-samples-triple/src/main/resources/security/serialize.allowlist b/3-extensions/protocol/dubbo-samples-triple/src/main/resources/security/serialize.allowlist
new file mode 100644
index 00000000..f08a259e
--- /dev/null
+++ b/3-extensions/protocol/dubbo-samples-triple/src/main/resources/security/serialize.allowlist
@@ -0,0 +1,19 @@
+#
+#
+#   Licensed to the Apache Software Foundation (ASF) under one or more
+#   contributor license agreements.  See the NOTICE file distributed with
+#   this work for additional information regarding copyright ownership.
+#   The ASF licenses this file to You under the Apache License, Version 2.0
+#   (the "License"); you may not use this file except in compliance with
+#   the License.  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#
+org.apache.dubbo.sample.tri.api.ChildPojo
diff --git a/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIT.java b/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIT.java
index ef20db24..2ede188e 100644
--- a/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIT.java
+++ b/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIT.java
@@ -18,10 +18,6 @@
  */
 package org.apache.dubbo.test;
 
-import java.lang.reflect.Proxy;
-import java.util.Arrays;
-import java.util.Map;
-
 import org.apache.dubbo.common.beanutil.JavaBeanDescriptor;
 import org.apache.dubbo.common.beanutil.JavaBeanSerializeUtil;
 import org.apache.dubbo.common.utils.PojoUtils;
@@ -36,18 +32,23 @@ import org.apache.dubbo.samples.NotSerializable;
 import org.apache.dubbo.samples.Parent;
 import org.apache.dubbo.samples.User;
 import org.apache.dubbo.samples.User2;
+
+import io.dubbo.test2.OthersSerializable;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
-import io.dubbo.test2.OthersSerializable;
+import java.lang.reflect.Proxy;
+import java.util.Arrays;
+import java.util.Map;
 
 public class CheckIT {
     @BeforeClass
     public static void setup() {
         ApplicationConfig applicationConfig = new ApplicationConfig();
         applicationConfig.setSerializeCheckStatus("STRICT");
+        applicationConfig.setTrustSerializeClassLevel(3);
         applicationConfig.setName("consumer");
         DubboBootstrap.getInstance()
                 .application(applicationConfig)
diff --git a/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIoIT.java b/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIoIT.java
index 4a9809a6..c26b2b59 100644
--- a/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIoIT.java
+++ b/99-integration/dubbo-samples-serialize-check/src/test/java/org/apache/dubbo/test/CheckIoIT.java
@@ -18,10 +18,6 @@
  */
 package org.apache.dubbo.test;
 
-import java.lang.reflect.Proxy;
-import java.util.Arrays;
-import java.util.Map;
-
 import org.apache.dubbo.common.beanutil.JavaBeanDescriptor;
 import org.apache.dubbo.common.beanutil.JavaBeanSerializeUtil;
 import org.apache.dubbo.common.utils.PojoUtils;
@@ -31,10 +27,6 @@ import org.apache.dubbo.config.RegistryConfig;
 import org.apache.dubbo.config.bootstrap.DubboBootstrap;
 import org.apache.dubbo.rpc.model.FrameworkModel;
 import org.apache.dubbo.rpc.service.GenericService;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.Test;
 
 import io.dubbo.test.DemoService2;
 import io.dubbo.test.NotSerializable;
@@ -42,12 +34,21 @@ import io.dubbo.test.Parent;
 import io.dubbo.test.User;
 import io.dubbo.test.User2;
 import io.dubbo.test2.OthersSerializable;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import java.lang.reflect.Proxy;
+import java.util.Arrays;
+import java.util.Map;
 
 public class CheckIoIT {
     @BeforeClass
     public static void setup() {
         ApplicationConfig applicationConfig = new ApplicationConfig();
         applicationConfig.setSerializeCheckStatus("STRICT");
+        applicationConfig.setTrustSerializeClassLevel(3);
         applicationConfig.setName("consumer");
         DubboBootstrap.getInstance()
                 .application(applicationConfig)


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org