You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/09/01 16:53:00 UTC
[jira] [Commented] (GEODE-9486) Serialized classes in
geode-serializable fail to deserialize when validate-serializable-objects
is enabled
[ https://issues.apache.org/jira/browse/GEODE-9486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17408276#comment-17408276 ]
ASF subversion and git services commented on GEODE-9486:
--------------------------------------------------------
Commit 25f70a71d0b0c05b38dd383f2d9f36678c2b636b in geode's branch refs/heads/develop from Kirk Lund
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=25f70a7 ]
Revert "GEODE-9486: Fix validate-serializable-objects (#6746)" (#6816)
This reverts commit 3b2c5312d163f34701c3a01250491876942a6b48.
> Serialized classes in geode-serializable fail to deserialize when validate-serializable-objects is enabled
> ----------------------------------------------------------------------------------------------------------
>
> Key: GEODE-9486
> URL: https://issues.apache.org/jira/browse/GEODE-9486
> Project: Geode
> Issue Type: Bug
> Components: serialization
> Reporter: Kirk Lund
> Assignee: Kirk Lund
> Priority: Major
> Labels: GeodeOperationAPI, pull-request-available
>
> Serialized classes in geode-serializable fail to deserialize when {{validate-serializable-objects}} is enabled. This bug was caught by {{SessionsAndCrashesDUnitTest}} in geode-apis-compatible-with-redis (GEODE-9485):
> {noformat}
> [fatal 2021/08/04 13:50:57.548 UTC <GeodeRedisServer-Command-1> tid=114] Serialization filter is rejecting class org.apache.geode.internal.serialization.DSFIDNotFoundException
> java.lang.Exception:
> at org.apache.geode.internal.ObjectInputStreamFilterWrapper.lambda$createSerializationFilter$0(ObjectInputStreamFilterWrapper.java:234)
> at com.sun.proxy.$Proxy26.checkInput(Unknown Source)
> at java.base/java.io.ObjectInputStream.filterCheck(ObjectInputStream.java:1336)
> at java.base/java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2005)
> at java.base/java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1862)
> at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2169)
> at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1679)
> {noformat}
> Any module with a class that may be serialized must implement {{DistributedSystemService}} to provide the list of sanctioned serializables as defined in {{sanctionedDataSerializables.txt}} and a concrete test subclassing {{AnalyzeSerializablesJUnitTestBase}}.
> {{org.apache.geode.internal.serialization.DSFIDNotFoundException}} is in geode-serialization which cannot depend on geode-core which owns {{DistributedSystemService}}. Even if we remove the unused {{void init(InternalDistributedSystem internalDistributedSystem)}} and move it to geode-serialization, {{SerializationDistributedSystemService}} would need to implement {{getSerializationAcceptlist()}} as:
> {noformat}
> @Override
> public Collection<String> getSerializationAcceptlist() throws IOException {
> URL sanctionedSerializables = ClassPathLoader.getLatest().getResource(getClass(),
> "sanctioned-geode-gfsh-serializables.txt");
> return InternalDataSerializer.loadClassNames(sanctionedSerializables);
> }
> {noformat}
> ... which uses {{ClassPathLoader}} and {{InternalDataSerializer}} which live in geode-core.
> This requires moving the classes {{ClassPathLoader}} and {{InternalDataSerializer}} that need to be used within {{getSerializationAcceptlist()}}.
> {{ClassPathLoader}} depends on geode deployment:
> {noformat}
> import org.apache.geode.internal.deployment.DeploymentServiceFactory;
> import org.apache.geode.internal.deployment.JarDeploymentService;
> {noformat}
> {{InternalDataSerializer}} gets even more complicated with many dependencies.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)