You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dubbo.apache.org by li...@apache.org on 2021/11/25 06:20:21 UTC
[dubbo] 35/45: fix:暂时移除 java 序列化的检查
This is an automated email from the ASF dual-hosted git repository.
liujun pushed a commit to branch release/3.0.14-rpccontext-bugfix
in repository https://gitbox.apache.org/repos/asf/dubbo.git
commit 7060c2bbe0e7c5165e878c1cc296bd8fccc5c051
Author: 未宇 <li...@alibaba-inc.com>
AuthorDate: Thu Jan 7 15:43:16 2021 +0800
fix:暂时移除 java 序列化的检查
---
.../apache/dubbo/remoting/transport/CodecSupport.java | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/CodecSupport.java b/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/CodecSupport.java
index 8c74fe5..3b0d82a 100644
--- a/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/CodecSupport.java
+++ b/dubbo-remoting/dubbo-remoting-api/src/main/java/org/apache/dubbo/remoting/transport/CodecSupport.java
@@ -31,10 +31,6 @@ import java.util.HashMap;
import java.util.Map;
import java.util.Set;
-import static org.apache.dubbo.common.serialize.Constants.COMPACTED_JAVA_SERIALIZATION_ID;
-import static org.apache.dubbo.common.serialize.Constants.JAVA_SERIALIZATION_ID;
-import static org.apache.dubbo.common.serialize.Constants.NATIVE_JAVA_SERIALIZATION_ID;
-
public class CodecSupport {
private static final Logger logger = LoggerFactory.getLogger(CodecSupport.class);
@@ -78,12 +74,17 @@ public class CodecSupport {
public static Serialization getSerialization(URL url, Byte id) throws IOException {
Serialization serialization = getSerializationById(id);
- String serializationName = url.getParameter(Constants.SERIALIZATION_KEY, Constants.DEFAULT_REMOTING_SERIALIZATION);
+// String serializationName = url.getParameter(Constants.SERIALIZATION_KEY, Constants.DEFAULT_REMOTING_SERIALIZATION);
+// // Check if "serialization id" passed from network matches the id on this side(only take effect for JDK serialization), for security purpose.
+// if (serialization == null
+// || ((id == JAVA_SERIALIZATION_ID || id == NATIVE_JAVA_SERIALIZATION_ID || id == COMPACTED_JAVA_SERIALIZATION_ID)
+// && !(serializationName.equals(ID_SERIALIZATIONNAME_MAP.get(id))))) {
+// throw new IOException("Unexpected serialization id:" + id + " received from network, please check if the peer send the right id.");
+// }
// Check if "serialization id" passed from network matches the id on this side(only take effect for JDK serialization), for security purpose.
- if (serialization == null
- || ((id == JAVA_SERIALIZATION_ID || id == NATIVE_JAVA_SERIALIZATION_ID || id == COMPACTED_JAVA_SERIALIZATION_ID)
- && !(serializationName.equals(ID_SERIALIZATIONNAME_MAP.get(id))))) {
- throw new IOException("Unexpected serialization id:" + id + " received from network, please check if the peer send the right id.");
+ if (serialization == null) {
+ logger.error("Unexpected serialization id:" + id + " received from network, please check if the peer send the right id.");
+ serialization = getSerialization(url);
}
return serialization;
}