You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dubbo.apache.org by li...@apache.org on 2020/07/17 04:17:12 UTC
[dubbo] branch 2.6.x updated: Hessian whitelist2 (#6486)
This is an automated email from the ASF dual-hosted git repository.
liujun pushed a commit to branch 2.6.x
in repository https://gitbox.apache.org/repos/asf/dubbo.git
The following commit(s) were added to refs/heads/2.6.x by this push:
new 5e2c07c Hessian whitelist2 (#6486)
5e2c07c is described below
commit 5e2c07c1dc3f945c6375cbeb021af30fa6d4ac31
Author: ken.lj <ke...@gmail.com>
AuthorDate: Fri Jul 17 12:16:58 2020 +0800
Hessian whitelist2 (#6486)
---
.../serialize/hessian2/Hessian2ObjectInput.java | 3 +-
.../serialize/hessian2/Hessian2ObjectOutput.java | 3 +-
.../hessian2/Hessian2SerializerFactory.java | 30 +---------------
.../dubbo/AbstractHessian2FactoryInitializer.java | 36 +++++++++++++++++++
.../dubbo/DefaultHessian2FactoryInitializer.java | 27 +++++++++++++++
.../hessian2/dubbo/Hessian2FactoryInitializer.java | 25 ++++++++++++++
.../hessian2/dubbo/Hessian2FactoryUtil.java | 36 +++++++++++++++++++
.../WhitelistHessian2FactoryInitializer.java} | 40 +++++++++-------------
...alize.hessian2.dubbo.Hessian2FactoryInitializer | 2 ++
9 files changed, 148 insertions(+), 54 deletions(-)
diff --git a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2ObjectInput.java b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2ObjectInput.java
index 7812de7..23be8e4 100644
--- a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2ObjectInput.java
+++ b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2ObjectInput.java
@@ -18,6 +18,7 @@ package com.alibaba.dubbo.common.serialize.hessian2;
import com.alibaba.com.caucho.hessian.io.Hessian2Input;
import com.alibaba.dubbo.common.serialize.ObjectInput;
+import com.alibaba.dubbo.common.serialize.hessian2.dubbo.Hessian2FactoryUtil;
import java.io.IOException;
import java.io.InputStream;
@@ -31,7 +32,7 @@ public class Hessian2ObjectInput implements ObjectInput {
public Hessian2ObjectInput(InputStream is) {
mH2i = new Hessian2Input(is);
- mH2i.setSerializerFactory(Hessian2SerializerFactory.SERIALIZER_FACTORY);
+ mH2i.setSerializerFactory(Hessian2FactoryUtil.getInstance().getSerializerFactory());
}
@Override
diff --git a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2ObjectOutput.java b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2ObjectOutput.java
index aa0e6b8..1ec7be6 100644
--- a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2ObjectOutput.java
+++ b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2ObjectOutput.java
@@ -18,6 +18,7 @@ package com.alibaba.dubbo.common.serialize.hessian2;
import com.alibaba.com.caucho.hessian.io.Hessian2Output;
import com.alibaba.dubbo.common.serialize.ObjectOutput;
+import com.alibaba.dubbo.common.serialize.hessian2.dubbo.Hessian2FactoryUtil;
import java.io.IOException;
import java.io.OutputStream;
@@ -30,7 +31,7 @@ public class Hessian2ObjectOutput implements ObjectOutput {
public Hessian2ObjectOutput(OutputStream os) {
mH2o = new Hessian2Output(os);
- mH2o.setSerializerFactory(Hessian2SerializerFactory.SERIALIZER_FACTORY);
+ mH2o.setSerializerFactory(Hessian2FactoryUtil.getInstance().getSerializerFactory());
}
@Override
diff --git a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java
index f1bfbc3..b1bd190 100644
--- a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java
+++ b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java
@@ -17,38 +17,10 @@
package com.alibaba.dubbo.common.serialize.hessian2;
import com.alibaba.com.caucho.hessian.io.SerializerFactory;
-import com.alibaba.dubbo.common.utils.ConfigUtils;
-import com.alibaba.dubbo.common.utils.StringUtils;
public class Hessian2SerializerFactory extends SerializerFactory {
- private static final String WHITELIST = "dubbo.application.hessian2.whitelist";
- private static final String ALLOW = "dubbo.application.hessian2.allow";
- private static final String DENY = "dubbo.application.hessian2.deny";
- public static final SerializerFactory SERIALIZER_FACTORY;
-
- /**
- * see https://github.com/ebourg/hessian/commit/cf851f5131707891e723f7f6a9718c2461aed826
- */
- static {
- SERIALIZER_FACTORY = new Hessian2SerializerFactory();
- String whiteList = ConfigUtils.getProperty(WHITELIST);
- if ("true".equals(whiteList)) {
- SERIALIZER_FACTORY.getClassFactory().setWhitelist(true);
- String allowPattern = ConfigUtils.getProperty(ALLOW);
- if (StringUtils.isNotEmpty(allowPattern)) {
- SERIALIZER_FACTORY.getClassFactory().allow(allowPattern);
- }
- } else {
- SERIALIZER_FACTORY.getClassFactory().setWhitelist(false);
- String denyPattern = ConfigUtils.getProperty(DENY);
- if (StringUtils.isNotEmpty(denyPattern)) {
- SERIALIZER_FACTORY.getClassFactory().deny(denyPattern);
- }
- }
- }
-
- private Hessian2SerializerFactory() {
+ public Hessian2SerializerFactory() {
}
@Override
diff --git a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/AbstractHessian2FactoryInitializer.java b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/AbstractHessian2FactoryInitializer.java
new file mode 100644
index 0000000..12b8f19
--- /dev/null
+++ b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/AbstractHessian2FactoryInitializer.java
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.dubbo.common.serialize.hessian2.dubbo;
+
+import com.alibaba.com.caucho.hessian.io.SerializerFactory;
+
+public abstract class AbstractHessian2FactoryInitializer implements Hessian2FactoryInitializer {
+ private static SerializerFactory SERIALIZER_FACTORY;
+
+ @Override
+ public SerializerFactory getSerializerFactory() {
+ if (SERIALIZER_FACTORY != null) {
+ return SERIALIZER_FACTORY;
+ }
+ synchronized (this) {
+ SERIALIZER_FACTORY = createSerializerFactory();
+ }
+ return SERIALIZER_FACTORY;
+ }
+
+ protected abstract SerializerFactory createSerializerFactory();
+}
\ No newline at end of file
diff --git a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/DefaultHessian2FactoryInitializer.java b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/DefaultHessian2FactoryInitializer.java
new file mode 100644
index 0000000..901201f
--- /dev/null
+++ b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/DefaultHessian2FactoryInitializer.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.dubbo.common.serialize.hessian2.dubbo;
+
+import com.alibaba.com.caucho.hessian.io.SerializerFactory;
+import com.alibaba.dubbo.common.serialize.hessian2.Hessian2SerializerFactory;
+
+public class DefaultHessian2FactoryInitializer extends AbstractHessian2FactoryInitializer {
+ @Override
+ protected SerializerFactory createSerializerFactory() {
+ return new Hessian2SerializerFactory();
+ }
+}
diff --git a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/Hessian2FactoryInitializer.java b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/Hessian2FactoryInitializer.java
new file mode 100644
index 0000000..af4074e
--- /dev/null
+++ b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/Hessian2FactoryInitializer.java
@@ -0,0 +1,25 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.dubbo.common.serialize.hessian2.dubbo;
+
+import com.alibaba.com.caucho.hessian.io.SerializerFactory;
+import com.alibaba.dubbo.common.extension.SPI;
+
+@SPI("default")
+public interface Hessian2FactoryInitializer {
+ SerializerFactory getSerializerFactory();
+}
\ No newline at end of file
diff --git a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/Hessian2FactoryUtil.java b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/Hessian2FactoryUtil.java
new file mode 100644
index 0000000..5ee1747
--- /dev/null
+++ b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/Hessian2FactoryUtil.java
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.dubbo.common.serialize.hessian2.dubbo;
+
+import com.alibaba.dubbo.common.extension.ExtensionLoader;
+import com.alibaba.dubbo.common.utils.ConfigUtils;
+import com.alibaba.dubbo.common.utils.StringUtils;
+
+public class Hessian2FactoryUtil {
+ static String WHITELIST = "dubbo.application.hessian2.whitelist";
+ static String ALLOW = "dubbo.application.hessian2.allow";
+ static String DENY = "dubbo.application.hessian2.deny";
+ static ExtensionLoader<Hessian2FactoryInitializer> loader = ExtensionLoader.getExtensionLoader(Hessian2FactoryInitializer.class);
+
+ public static Hessian2FactoryInitializer getInstance() {
+ String whitelist = ConfigUtils.getProperty(WHITELIST);
+ if (StringUtils.isNotEmpty(whitelist)) {
+ return loader.getExtension("whitelist");
+ }
+ return loader.getDefaultExtension();
+ }
+}
diff --git a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/WhitelistHessian2FactoryInitializer.java
similarity index 56%
copy from dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java
copy to dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/WhitelistHessian2FactoryInitializer.java
index f1bfbc3..ea02b13 100644
--- a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java
+++ b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/WhitelistHessian2FactoryInitializer.java
@@ -14,46 +14,40 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package com.alibaba.dubbo.common.serialize.hessian2;
+package com.alibaba.dubbo.common.serialize.hessian2.dubbo;
import com.alibaba.com.caucho.hessian.io.SerializerFactory;
+import com.alibaba.dubbo.common.serialize.hessian2.Hessian2SerializerFactory;
import com.alibaba.dubbo.common.utils.ConfigUtils;
import com.alibaba.dubbo.common.utils.StringUtils;
-public class Hessian2SerializerFactory extends SerializerFactory {
- private static final String WHITELIST = "dubbo.application.hessian2.whitelist";
- private static final String ALLOW = "dubbo.application.hessian2.allow";
- private static final String DENY = "dubbo.application.hessian2.deny";
+import static com.alibaba.dubbo.common.serialize.hessian2.dubbo.Hessian2FactoryUtil.ALLOW;
+import static com.alibaba.dubbo.common.serialize.hessian2.dubbo.Hessian2FactoryUtil.DENY;
+import static com.alibaba.dubbo.common.serialize.hessian2.dubbo.Hessian2FactoryUtil.WHITELIST;
- public static final SerializerFactory SERIALIZER_FACTORY;
+/**
+ * see https://github.com/ebourg/hessian/commit/cf851f5131707891e723f7f6a9718c2461aed826
+ */
+public class WhitelistHessian2FactoryInitializer extends AbstractHessian2FactoryInitializer {
- /**
- * see https://github.com/ebourg/hessian/commit/cf851f5131707891e723f7f6a9718c2461aed826
- */
- static {
- SERIALIZER_FACTORY = new Hessian2SerializerFactory();
+ @Override
+ public SerializerFactory createSerializerFactory() {
+ SerializerFactory serializerFactory = new Hessian2SerializerFactory();
String whiteList = ConfigUtils.getProperty(WHITELIST);
if ("true".equals(whiteList)) {
- SERIALIZER_FACTORY.getClassFactory().setWhitelist(true);
+ serializerFactory.getClassFactory().setWhitelist(true);
String allowPattern = ConfigUtils.getProperty(ALLOW);
if (StringUtils.isNotEmpty(allowPattern)) {
- SERIALIZER_FACTORY.getClassFactory().allow(allowPattern);
+ serializerFactory.getClassFactory().allow(allowPattern);
}
} else {
- SERIALIZER_FACTORY.getClassFactory().setWhitelist(false);
+ serializerFactory.getClassFactory().setWhitelist(false);
String denyPattern = ConfigUtils.getProperty(DENY);
if (StringUtils.isNotEmpty(denyPattern)) {
- SERIALIZER_FACTORY.getClassFactory().deny(denyPattern);
+ serializerFactory.getClassFactory().deny(denyPattern);
}
}
- }
-
- private Hessian2SerializerFactory() {
- }
-
- @Override
- public ClassLoader getClassLoader() {
- return Thread.currentThread().getContextClassLoader();
+ return serializerFactory;
}
}
diff --git a/dubbo-serialization/dubbo-serialization-hessian2/src/main/resources/META-INF/dubbo/internal/com.alibaba.dubbo.common.serialize.hessian2.dubbo.Hessian2FactoryInitializer b/dubbo-serialization/dubbo-serialization-hessian2/src/main/resources/META-INF/dubbo/internal/com.alibaba.dubbo.common.serialize.hessian2.dubbo.Hessian2FactoryInitializer
new file mode 100644
index 0000000..39eca74
--- /dev/null
+++ b/dubbo-serialization/dubbo-serialization-hessian2/src/main/resources/META-INF/dubbo/internal/com.alibaba.dubbo.common.serialize.hessian2.dubbo.Hessian2FactoryInitializer
@@ -0,0 +1,2 @@
+default=com.alibaba.dubbo.common.serialize.hessian2.dubbo.DefaultHessian2FactoryInitializer
+whitelist=com.alibaba.dubbo.common.serialize.hessian2.dubbo.WhitelistHessian2FactoryInitializer
\ No newline at end of file