You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@dubbo.apache.org by "kaizen84 (via GitHub)" <gi...@apache.org> on 2023/04/22 06:09:15 UTC
[GitHub] [dubbo] kaizen84 opened a new issue, #12161: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist
kaizen84 opened a new issue, #12161:
URL: https://github.com/apache/dubbo/issues/12161
看起来像反序列化Authentication时发生的错误
`
org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationPrepareFilter#setSecurityContext
org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter#getSecurityContext
`
```log
Caused by: org.apache.dubbo.rpc.StatusRpcException: UNKNOWN : objectMapper! deserialize error java.lang.IllegalArgumentException: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See https://github.com/spring-projects/spring-security/issues/4370 for details
java.lang.RuntimeException: objectMapper! deserialize error java.lang.IllegalArgumentException: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See https://github.com/spring-projects/spring-security/issues/4370 for details
at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:50)
at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:58)
at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.getSecurityContext(ContextHolderAuthenticationResolverFilter.java:56)
at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.invoke(ContextHolderAuthenticationResolverFilter.java:45)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
at org.apache.dubbo.rpc.TriRpcStatus.asException(TriRpcStatus.java:214)
at org.apache.dubbo.rpc.protocol.tri.call.UnaryClientCallListener.onClose(UnaryClientCallListener.java:51)
at org.apache.dubbo.rpc.protocol.tri.call.TripleClientCall.onComplete(TripleClientCall.java:112)
at org.apache.dubbo.rpc.protocol.tri.stream.TripleClientStream$ClientTransportListener.finishProcess(TripleClientStream.java:251)
at org.apache.dubbo.rpc.protocol.tri.stream.TripleClientStream$ClientTransportListener.onTrailersReceived(TripleClientStream.java:337)
at org.apache.dubbo.rpc.protocol.tri.stream.TripleClientStream$ClientTransportListener.lambda$onHeader$1(TripleClientStream.java:443)
at org.apache.dubbo.common.threadpool.serial.SerializingExecutor.run(SerializingExecutor.java:102)
at org.apache.dubbo.common.threadpool.ThreadlessExecutor$RunnableWrapper.run(ThreadlessExecutor.java:141)
at org.apache.dubbo.common.threadpool.ThreadlessExecutor.waitAndDrain(ThreadlessExecutor.java:70)
at org.apache.dubbo.rpc.AsyncRpcResult.get(AsyncRpcResult.java:202)
at org.apache.dubbo.rpc.protocol.AbstractInvoker.waitForResultIfSync(AbstractInvoker.java:286)
at org.apache.dubbo.rpc.protocol.AbstractInvoker.invoke(AbstractInvoker.java:189)
at org.apache.dubbo.rpc.listener.ListenerInvokerWrapper.invoke(ListenerInvokerWrapper.java:71)
at org.apache.dubbo.validation.filter.ValidationFilter.invoke(ValidationFilter.java:98)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
at com.medusa.gruul.common.system.model.remote.SystemDubboConsumerSpreadConfig.invoke(SystemDubboConsumerSpreadConfig.java:27)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
at com.medusa.gruul.common.security.resource.remote.AuthDubboConsumerSpreadConfig.invoke(AuthDubboConsumerSpreadConfig.java:30)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
at org.apache.dubbo.metrics.filter.MetricsFilter.invoke(MetricsFilter.java:51)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CallbackRegistrationInvoker.invoke(FilterChainBuilder.java:194)
at org.apache.dubbo.rpc.protocol.ReferenceCountInvokerWrapper.invoke(ReferenceCountInvokerWrapper.java:78)
at org.apache.dubbo.rpc.cluster.support.AbstractClusterInvoker.invokeWithContext(AbstractClusterInvoker.java:380)
at org.apache.dubbo.rpc.cluster.support.FailoverClusterInvoker.doInvoke(FailoverClusterInvoker.java:81)
at org.apache.dubbo.rpc.cluster.support.AbstractClusterInvoker.invoke(AbstractClusterInvoker.java:341)
at org.apache.dubbo.rpc.cluster.router.RouterSnapshotFilter.invoke(RouterSnapshotFilter.java:46)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
at org.apache.dubbo.monitor.support.MonitorFilter.invoke(MonitorFilter.java:101)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
at org.apache.dubbo.rpc.cluster.filter.support.MetricsClusterFilter.invoke(MetricsClusterFilter.java:51)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
at org.apache.dubbo.rpc.protocol.dubbo.filter.FutureFilter.invoke(FutureFilter.java:52)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
at org.apache.dubbo.spring.security.filter.ContextHolderParametersSelectedTransferFilter.invoke(ContextHolderParametersSelectedTransferFilter.java:41)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationPrepareFilter.invoke(ContextHolderAuthenticationPrepareFilter.java:47)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
at org.apache.dubbo.rpc.cluster.filter.support.ConsumerClassLoaderFilter.invoke(ConsumerClassLoaderFilter.java:40)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
at org.apache.dubbo.rpc.cluster.filter.support.ConsumerContextFilter.invoke(ConsumerContextFilter.java:118)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CallbackRegistrationInvoker.invoke(FilterChainBuilder.java:194)
at org.apache.dubbo.rpc.cluster.support.wrapper.AbstractCluster$ClusterFilterInvoker.invoke(AbstractCluster.java:91)
at org.apache.dubbo.rpc.cluster.support.wrapper.MockClusterInvoker.invoke(MockClusterInvoker.java:103)
at org.apache.dubbo.rpc.cluster.support.wrapper.ScopeClusterInvoker.invoke(ScopeClusterInvoker.java:131)
at org.apache.dubbo.registry.client.migration.MigrationInvoker.invoke(MigrationInvoker.java:284)
at org.apache.dubbo.rpc.proxy.InvocationUtil.invoke(InvocationUtil.java:57)
at org.apache.dubbo.rpc.proxy.InvokerInvocationHandler.invoke(InvokerInvocationHandler.java:75)
at com.medusa.gruul.shop.api.rpc.ShopRpcServiceDubboProxy0.getShopInfoByShopId(ShopRpcServiceDubboProxy0.java)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)
at jdk.proxy2/jdk.proxy2.$Proxy176.getShopInfoByShopId(Unknown Source)
at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl.lambda$myData$10(ShopAdminServiceImpl.java:253)
at com.medusa.gruul.common.security.resource.exntends.RoleTask.lambda$when$0(RoleTask.java:37)
at com.medusa.gruul.common.security.resource.exntends.RolePermMatcher.and(RolePermMatcher.java:174)
at com.medusa.gruul.common.security.resource.exntends.RoleTask.lambda$when$1(RoleTask.java:37)
at com.medusa.gruul.common.security.resource.exntends.RolePermMatcher.or(RolePermMatcher.java:190)
at com.medusa.gruul.common.security.resource.exntends.RoleTask.when(RoleTask.java:35)
at com.medusa.gruul.common.security.resource.exntends.RoleTask.ifAnyShopAdmin(RoleTask.java:113)
at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl.lambda$myData$11(ShopAdminServiceImpl.java:250)
at io.vavr.control.Option.getOrElse(Option.java:336)
at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl.myData(ShopAdminServiceImpl.java:243)
at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl$$FastClassBySpringCGLIB$$ad26a94f.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy.invokeMethod(CglibAopProxy.java:386)
at org.springframework.aop.framework.CglibAopProxy.access$000(CglibAopProxy.java:85)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:704)
at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl$$EnhancerBySpringCGLIB$$e31ae6f2.myData(<generated>)
at com.medusa.gruul.service.uaa.service.controller.ShopUserController.mine(ShopUserController.java:44)
at com.medusa.gruul.service.uaa.service.controller.ShopUserController$$FastClassBySpringCGLIB$$81a7126d.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at com.medusa.gruul.common.log.aspect.LogInterceptor.invoke(LogInterceptor.java:55)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708)
at com.medusa.gruul.service.uaa.service.controller.ShopUserController$$EnhancerBySpringCGLIB$$dd2d6316.mine(<generated>)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1071)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:964)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
... 99 common frames omitted
``
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo] kaizen84 closed issue #12161: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist
Posted by "kaizen84 (via GitHub)" <gi...@apache.org>.
kaizen84 closed issue #12161: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist
URL: https://github.com/apache/dubbo/issues/12161
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo] kaizen84 commented on issue #12161: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist
Posted by "kaizen84 (via GitHub)" <gi...@apache.org>.
kaizen84 commented on issue #12161:
URL: https://github.com/apache/dubbo/issues/12161#issuecomment-1518536716
临时处理措施
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo] kaizen84 commented on issue #12161: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist
Posted by "kaizen84 (via GitHub)" <gi...@apache.org>.
kaizen84 commented on issue #12161:
URL: https://github.com/apache/dubbo/issues/12161#issuecomment-1537646231
> > dubbo 3.2.0 看起来像dubbo provider反序列化Authentication时发生的错误 `org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationPrepareFilter#setSecurityContext org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter#getSecurityContext`
> > ```
> > Caused by: org.apache.dubbo.rpc.StatusRpcException: UNKNOWN : objectMapper! deserialize error java.lang.IllegalArgumentException: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See https://github.com/spring-projects/spring-security/issues/4370 for details
> > java.lang.RuntimeException: objectMapper! deserialize error java.lang.IllegalArgumentException: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See https://github.com/spring-projects/spring-security/issues/4370 for details
> > at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:50)
> > at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:58)
> > at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.getSecurityContext(ContextHolderAuthenticationResolverFilter.java:56)
> > at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.invoke(ContextHolderAuthenticationResolverFilter.java:45)
> > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> >
> > at org.apache.dubbo.rpc.TriRpcStatus.asException(TriRpcStatus.java:214)
> > at org.apache.dubbo.rpc.protocol.tri.call.UnaryClientCallListener.onClose(UnaryClientCallListener.java:51)
> > at org.apache.dubbo.rpc.protocol.tri.call.TripleClientCall.onComplete(TripleClientCall.java:112)
> > at org.apache.dubbo.rpc.protocol.tri.stream.TripleClientStream$ClientTransportListener.finishProcess(TripleClientStream.java:251)
> > at org.apache.dubbo.rpc.protocol.tri.stream.TripleClientStream$ClientTransportListener.onTrailersReceived(TripleClientStream.java:337)
> > at org.apache.dubbo.rpc.protocol.tri.stream.TripleClientStream$ClientTransportListener.lambda$onHeader$1(TripleClientStream.java:443)
> > at org.apache.dubbo.common.threadpool.serial.SerializingExecutor.run(SerializingExecutor.java:102)
> > at org.apache.dubbo.common.threadpool.ThreadlessExecutor$RunnableWrapper.run(ThreadlessExecutor.java:141)
> > at org.apache.dubbo.common.threadpool.ThreadlessExecutor.waitAndDrain(ThreadlessExecutor.java:70)
> > at org.apache.dubbo.rpc.AsyncRpcResult.get(AsyncRpcResult.java:202)
> > at org.apache.dubbo.rpc.protocol.AbstractInvoker.waitForResultIfSync(AbstractInvoker.java:286)
> > at org.apache.dubbo.rpc.protocol.AbstractInvoker.invoke(AbstractInvoker.java:189)
> > at org.apache.dubbo.rpc.listener.ListenerInvokerWrapper.invoke(ListenerInvokerWrapper.java:71)
> > at org.apache.dubbo.validation.filter.ValidationFilter.invoke(ValidationFilter.java:98)
> > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> > at com.medusa.gruul.common.system.model.remote.SystemDubboConsumerSpreadConfig.invoke(SystemDubboConsumerSpreadConfig.java:27)
> > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> > at com.medusa.gruul.common.security.resource.remote.AuthDubboConsumerSpreadConfig.invoke(AuthDubboConsumerSpreadConfig.java:30)
> > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> > at org.apache.dubbo.metrics.filter.MetricsFilter.invoke(MetricsFilter.java:51)
> > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CallbackRegistrationInvoker.invoke(FilterChainBuilder.java:194)
> > at org.apache.dubbo.rpc.protocol.ReferenceCountInvokerWrapper.invoke(ReferenceCountInvokerWrapper.java:78)
> > at org.apache.dubbo.rpc.cluster.support.AbstractClusterInvoker.invokeWithContext(AbstractClusterInvoker.java:380)
> > at org.apache.dubbo.rpc.cluster.support.FailoverClusterInvoker.doInvoke(FailoverClusterInvoker.java:81)
> > at org.apache.dubbo.rpc.cluster.support.AbstractClusterInvoker.invoke(AbstractClusterInvoker.java:341)
> > at org.apache.dubbo.rpc.cluster.router.RouterSnapshotFilter.invoke(RouterSnapshotFilter.java:46)
> > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> > at org.apache.dubbo.monitor.support.MonitorFilter.invoke(MonitorFilter.java:101)
> > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> > at org.apache.dubbo.rpc.cluster.filter.support.MetricsClusterFilter.invoke(MetricsClusterFilter.java:51)
> > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> > at org.apache.dubbo.rpc.protocol.dubbo.filter.FutureFilter.invoke(FutureFilter.java:52)
> > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> > at org.apache.dubbo.spring.security.filter.ContextHolderParametersSelectedTransferFilter.invoke(ContextHolderParametersSelectedTransferFilter.java:41)
> > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> > at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationPrepareFilter.invoke(ContextHolderAuthenticationPrepareFilter.java:47)
> > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> > at org.apache.dubbo.rpc.cluster.filter.support.ConsumerClassLoaderFilter.invoke(ConsumerClassLoaderFilter.java:40)
> > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> > at org.apache.dubbo.rpc.cluster.filter.support.ConsumerContextFilter.invoke(ConsumerContextFilter.java:118)
> > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CallbackRegistrationInvoker.invoke(FilterChainBuilder.java:194)
> > at org.apache.dubbo.rpc.cluster.support.wrapper.AbstractCluster$ClusterFilterInvoker.invoke(AbstractCluster.java:91)
> > at org.apache.dubbo.rpc.cluster.support.wrapper.MockClusterInvoker.invoke(MockClusterInvoker.java:103)
> > at org.apache.dubbo.rpc.cluster.support.wrapper.ScopeClusterInvoker.invoke(ScopeClusterInvoker.java:131)
> > at org.apache.dubbo.registry.client.migration.MigrationInvoker.invoke(MigrationInvoker.java:284)
> > at org.apache.dubbo.rpc.proxy.InvocationUtil.invoke(InvocationUtil.java:57)
> > at org.apache.dubbo.rpc.proxy.InvokerInvocationHandler.invoke(InvokerInvocationHandler.java:75)
> > at com.medusa.gruul.shop.api.rpc.ShopRpcServiceDubboProxy0.getShopInfoByShopId(ShopRpcServiceDubboProxy0.java)
> > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> > at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> > at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
> > at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)
> > at jdk.proxy2/jdk.proxy2.$Proxy176.getShopInfoByShopId(Unknown Source)
> > at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl.lambda$myData$10(ShopAdminServiceImpl.java:253)
> > at com.medusa.gruul.common.security.resource.exntends.RoleTask.lambda$when$0(RoleTask.java:37)
> > at com.medusa.gruul.common.security.resource.exntends.RolePermMatcher.and(RolePermMatcher.java:174)
> > at com.medusa.gruul.common.security.resource.exntends.RoleTask.lambda$when$1(RoleTask.java:37)
> > at com.medusa.gruul.common.security.resource.exntends.RolePermMatcher.or(RolePermMatcher.java:190)
> > at com.medusa.gruul.common.security.resource.exntends.RoleTask.when(RoleTask.java:35)
> > at com.medusa.gruul.common.security.resource.exntends.RoleTask.ifAnyShopAdmin(RoleTask.java:113)
> > at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl.lambda$myData$11(ShopAdminServiceImpl.java:250)
> > at io.vavr.control.Option.getOrElse(Option.java:336)
> > at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl.myData(ShopAdminServiceImpl.java:243)
> > at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl$$FastClassBySpringCGLIB$$ad26a94f.invoke(<generated>)
> > at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
> > at org.springframework.aop.framework.CglibAopProxy.invokeMethod(CglibAopProxy.java:386)
> > at org.springframework.aop.framework.CglibAopProxy.access$000(CglibAopProxy.java:85)
> > at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:704)
> > at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl$$EnhancerBySpringCGLIB$$e31ae6f2.myData(<generated>)
> > at com.medusa.gruul.service.uaa.service.controller.ShopUserController.mine(ShopUserController.java:44)
> > at com.medusa.gruul.service.uaa.service.controller.ShopUserController$$FastClassBySpringCGLIB$$81a7126d.invoke(<generated>)
> > at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
> > at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
> > at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> > at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
> > at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61)
> > at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
> > at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
> > at com.medusa.gruul.common.log.aspect.LogInterceptor.invoke(LogInterceptor.java:55)
> > at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
> > at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
> > at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708)
> > at com.medusa.gruul.service.uaa.service.controller.ShopUserController$$EnhancerBySpringCGLIB$$dd2d6316.mine(<generated>)
> > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> > at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> > at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
> > at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
> > at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
> > at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
> > at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
> > at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
> > at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1071)
> > at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:964)
> > at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
> > ... 99 common frames omitted
> > ``
> > ```
>
> 当前ObjectMapperCodec内部内置了一些反序列的对象,你可以看看你当前序列化对象有没有在 这些反序列化的对象里面,如果没有,或者有特殊的对象,你需要通过 ObjectMapperCodecCustomer 自定义
OK
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo] AlbumenJ commented on issue #12161: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist
Posted by "AlbumenJ (via GitHub)" <gi...@apache.org>.
AlbumenJ commented on issue #12161:
URL: https://github.com/apache/dubbo/issues/12161#issuecomment-1521141548
@jojocodeX PTAL
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo] jojocodeX commented on issue #12161: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist
Posted by "jojocodeX (via GitHub)" <gi...@apache.org>.
jojocodeX commented on issue #12161:
URL: https://github.com/apache/dubbo/issues/12161#issuecomment-1521153900
> dubbo 3.2.0 看起来像dubbo provider反序列化Authentication时发生的错误 `org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationPrepareFilter#setSecurityContext org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter#getSecurityContext`
>
> ```
> Caused by: org.apache.dubbo.rpc.StatusRpcException: UNKNOWN : objectMapper! deserialize error java.lang.IllegalArgumentException: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See https://github.com/spring-projects/spring-security/issues/4370 for details
> java.lang.RuntimeException: objectMapper! deserialize error java.lang.IllegalArgumentException: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See https://github.com/spring-projects/spring-security/issues/4370 for details
> at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:50)
> at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:58)
> at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.getSecurityContext(ContextHolderAuthenticationResolverFilter.java:56)
> at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.invoke(ContextHolderAuthenticationResolverFilter.java:45)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
>
> at org.apache.dubbo.rpc.TriRpcStatus.asException(TriRpcStatus.java:214)
> at org.apache.dubbo.rpc.protocol.tri.call.UnaryClientCallListener.onClose(UnaryClientCallListener.java:51)
> at org.apache.dubbo.rpc.protocol.tri.call.TripleClientCall.onComplete(TripleClientCall.java:112)
> at org.apache.dubbo.rpc.protocol.tri.stream.TripleClientStream$ClientTransportListener.finishProcess(TripleClientStream.java:251)
> at org.apache.dubbo.rpc.protocol.tri.stream.TripleClientStream$ClientTransportListener.onTrailersReceived(TripleClientStream.java:337)
> at org.apache.dubbo.rpc.protocol.tri.stream.TripleClientStream$ClientTransportListener.lambda$onHeader$1(TripleClientStream.java:443)
> at org.apache.dubbo.common.threadpool.serial.SerializingExecutor.run(SerializingExecutor.java:102)
> at org.apache.dubbo.common.threadpool.ThreadlessExecutor$RunnableWrapper.run(ThreadlessExecutor.java:141)
> at org.apache.dubbo.common.threadpool.ThreadlessExecutor.waitAndDrain(ThreadlessExecutor.java:70)
> at org.apache.dubbo.rpc.AsyncRpcResult.get(AsyncRpcResult.java:202)
> at org.apache.dubbo.rpc.protocol.AbstractInvoker.waitForResultIfSync(AbstractInvoker.java:286)
> at org.apache.dubbo.rpc.protocol.AbstractInvoker.invoke(AbstractInvoker.java:189)
> at org.apache.dubbo.rpc.listener.ListenerInvokerWrapper.invoke(ListenerInvokerWrapper.java:71)
> at org.apache.dubbo.validation.filter.ValidationFilter.invoke(ValidationFilter.java:98)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at com.medusa.gruul.common.system.model.remote.SystemDubboConsumerSpreadConfig.invoke(SystemDubboConsumerSpreadConfig.java:27)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at com.medusa.gruul.common.security.resource.remote.AuthDubboConsumerSpreadConfig.invoke(AuthDubboConsumerSpreadConfig.java:30)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.metrics.filter.MetricsFilter.invoke(MetricsFilter.java:51)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CallbackRegistrationInvoker.invoke(FilterChainBuilder.java:194)
> at org.apache.dubbo.rpc.protocol.ReferenceCountInvokerWrapper.invoke(ReferenceCountInvokerWrapper.java:78)
> at org.apache.dubbo.rpc.cluster.support.AbstractClusterInvoker.invokeWithContext(AbstractClusterInvoker.java:380)
> at org.apache.dubbo.rpc.cluster.support.FailoverClusterInvoker.doInvoke(FailoverClusterInvoker.java:81)
> at org.apache.dubbo.rpc.cluster.support.AbstractClusterInvoker.invoke(AbstractClusterInvoker.java:341)
> at org.apache.dubbo.rpc.cluster.router.RouterSnapshotFilter.invoke(RouterSnapshotFilter.java:46)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.monitor.support.MonitorFilter.invoke(MonitorFilter.java:101)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.rpc.cluster.filter.support.MetricsClusterFilter.invoke(MetricsClusterFilter.java:51)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.rpc.protocol.dubbo.filter.FutureFilter.invoke(FutureFilter.java:52)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.spring.security.filter.ContextHolderParametersSelectedTransferFilter.invoke(ContextHolderParametersSelectedTransferFilter.java:41)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationPrepareFilter.invoke(ContextHolderAuthenticationPrepareFilter.java:47)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.rpc.cluster.filter.support.ConsumerClassLoaderFilter.invoke(ConsumerClassLoaderFilter.java:40)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.rpc.cluster.filter.support.ConsumerContextFilter.invoke(ConsumerContextFilter.java:118)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CallbackRegistrationInvoker.invoke(FilterChainBuilder.java:194)
> at org.apache.dubbo.rpc.cluster.support.wrapper.AbstractCluster$ClusterFilterInvoker.invoke(AbstractCluster.java:91)
> at org.apache.dubbo.rpc.cluster.support.wrapper.MockClusterInvoker.invoke(MockClusterInvoker.java:103)
> at org.apache.dubbo.rpc.cluster.support.wrapper.ScopeClusterInvoker.invoke(ScopeClusterInvoker.java:131)
> at org.apache.dubbo.registry.client.migration.MigrationInvoker.invoke(MigrationInvoker.java:284)
> at org.apache.dubbo.rpc.proxy.InvocationUtil.invoke(InvocationUtil.java:57)
> at org.apache.dubbo.rpc.proxy.InvokerInvocationHandler.invoke(InvokerInvocationHandler.java:75)
> at com.medusa.gruul.shop.api.rpc.ShopRpcServiceDubboProxy0.getShopInfoByShopId(ShopRpcServiceDubboProxy0.java)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
> at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)
> at jdk.proxy2/jdk.proxy2.$Proxy176.getShopInfoByShopId(Unknown Source)
> at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl.lambda$myData$10(ShopAdminServiceImpl.java:253)
> at com.medusa.gruul.common.security.resource.exntends.RoleTask.lambda$when$0(RoleTask.java:37)
> at com.medusa.gruul.common.security.resource.exntends.RolePermMatcher.and(RolePermMatcher.java:174)
> at com.medusa.gruul.common.security.resource.exntends.RoleTask.lambda$when$1(RoleTask.java:37)
> at com.medusa.gruul.common.security.resource.exntends.RolePermMatcher.or(RolePermMatcher.java:190)
> at com.medusa.gruul.common.security.resource.exntends.RoleTask.when(RoleTask.java:35)
> at com.medusa.gruul.common.security.resource.exntends.RoleTask.ifAnyShopAdmin(RoleTask.java:113)
> at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl.lambda$myData$11(ShopAdminServiceImpl.java:250)
> at io.vavr.control.Option.getOrElse(Option.java:336)
> at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl.myData(ShopAdminServiceImpl.java:243)
> at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl$$FastClassBySpringCGLIB$$ad26a94f.invoke(<generated>)
> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
> at org.springframework.aop.framework.CglibAopProxy.invokeMethod(CglibAopProxy.java:386)
> at org.springframework.aop.framework.CglibAopProxy.access$000(CglibAopProxy.java:85)
> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:704)
> at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl$$EnhancerBySpringCGLIB$$e31ae6f2.myData(<generated>)
> at com.medusa.gruul.service.uaa.service.controller.ShopUserController.mine(ShopUserController.java:44)
> at com.medusa.gruul.service.uaa.service.controller.ShopUserController$$FastClassBySpringCGLIB$$81a7126d.invoke(<generated>)
> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
> at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
> at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
> at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
> at com.medusa.gruul.common.log.aspect.LogInterceptor.invoke(LogInterceptor.java:55)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
> at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708)
> at com.medusa.gruul.service.uaa.service.controller.ShopUserController$$EnhancerBySpringCGLIB$$dd2d6316.mine(<generated>)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
> at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
> at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
> at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
> at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
> at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
> at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1071)
> at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:964)
> at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
> ... 99 common frames omitted
> ``
> ```
当前ObjectMapperCodec内部内置了一些反序列的对象,你可以看看你当前序列化对象有没有在 这些反序列化的对象里面,如果没有,或者有特殊的对象,你需要通过 ObjectMapperCodecCustomer 自定义
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org
[GitHub] [dubbo] jojocodeX commented on issue #12161: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist
Posted by "jojocodeX (via GitHub)" <gi...@apache.org>.
jojocodeX commented on issue #12161:
URL: https://github.com/apache/dubbo/issues/12161#issuecomment-1521153588
> dubbo 3.2.0 看起来像dubbo provider反序列化Authentication时发生的错误 `org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationPrepareFilter#setSecurityContext org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter#getSecurityContext`
>
> ```
> Caused by: org.apache.dubbo.rpc.StatusRpcException: UNKNOWN : objectMapper! deserialize error java.lang.IllegalArgumentException: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See https://github.com/spring-projects/spring-security/issues/4370 for details
> java.lang.RuntimeException: objectMapper! deserialize error java.lang.IllegalArgumentException: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See https://github.com/spring-projects/spring-security/issues/4370 for details
> at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:50)
> at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:58)
> at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.getSecurityContext(ContextHolderAuthenticationResolverFilter.java:56)
> at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.invoke(ContextHolderAuthenticationResolverFilter.java:45)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
>
> at org.apache.dubbo.rpc.TriRpcStatus.asException(TriRpcStatus.java:214)
> at org.apache.dubbo.rpc.protocol.tri.call.UnaryClientCallListener.onClose(UnaryClientCallListener.java:51)
> at org.apache.dubbo.rpc.protocol.tri.call.TripleClientCall.onComplete(TripleClientCall.java:112)
> at org.apache.dubbo.rpc.protocol.tri.stream.TripleClientStream$ClientTransportListener.finishProcess(TripleClientStream.java:251)
> at org.apache.dubbo.rpc.protocol.tri.stream.TripleClientStream$ClientTransportListener.onTrailersReceived(TripleClientStream.java:337)
> at org.apache.dubbo.rpc.protocol.tri.stream.TripleClientStream$ClientTransportListener.lambda$onHeader$1(TripleClientStream.java:443)
> at org.apache.dubbo.common.threadpool.serial.SerializingExecutor.run(SerializingExecutor.java:102)
> at org.apache.dubbo.common.threadpool.ThreadlessExecutor$RunnableWrapper.run(ThreadlessExecutor.java:141)
> at org.apache.dubbo.common.threadpool.ThreadlessExecutor.waitAndDrain(ThreadlessExecutor.java:70)
> at org.apache.dubbo.rpc.AsyncRpcResult.get(AsyncRpcResult.java:202)
> at org.apache.dubbo.rpc.protocol.AbstractInvoker.waitForResultIfSync(AbstractInvoker.java:286)
> at org.apache.dubbo.rpc.protocol.AbstractInvoker.invoke(AbstractInvoker.java:189)
> at org.apache.dubbo.rpc.listener.ListenerInvokerWrapper.invoke(ListenerInvokerWrapper.java:71)
> at org.apache.dubbo.validation.filter.ValidationFilter.invoke(ValidationFilter.java:98)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at com.medusa.gruul.common.system.model.remote.SystemDubboConsumerSpreadConfig.invoke(SystemDubboConsumerSpreadConfig.java:27)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at com.medusa.gruul.common.security.resource.remote.AuthDubboConsumerSpreadConfig.invoke(AuthDubboConsumerSpreadConfig.java:30)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.metrics.filter.MetricsFilter.invoke(MetricsFilter.java:51)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CallbackRegistrationInvoker.invoke(FilterChainBuilder.java:194)
> at org.apache.dubbo.rpc.protocol.ReferenceCountInvokerWrapper.invoke(ReferenceCountInvokerWrapper.java:78)
> at org.apache.dubbo.rpc.cluster.support.AbstractClusterInvoker.invokeWithContext(AbstractClusterInvoker.java:380)
> at org.apache.dubbo.rpc.cluster.support.FailoverClusterInvoker.doInvoke(FailoverClusterInvoker.java:81)
> at org.apache.dubbo.rpc.cluster.support.AbstractClusterInvoker.invoke(AbstractClusterInvoker.java:341)
> at org.apache.dubbo.rpc.cluster.router.RouterSnapshotFilter.invoke(RouterSnapshotFilter.java:46)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.monitor.support.MonitorFilter.invoke(MonitorFilter.java:101)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.rpc.cluster.filter.support.MetricsClusterFilter.invoke(MetricsClusterFilter.java:51)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.rpc.protocol.dubbo.filter.FutureFilter.invoke(FutureFilter.java:52)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.spring.security.filter.ContextHolderParametersSelectedTransferFilter.invoke(ContextHolderParametersSelectedTransferFilter.java:41)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationPrepareFilter.invoke(ContextHolderAuthenticationPrepareFilter.java:47)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.rpc.cluster.filter.support.ConsumerClassLoaderFilter.invoke(ConsumerClassLoaderFilter.java:40)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.rpc.cluster.filter.support.ConsumerContextFilter.invoke(ConsumerContextFilter.java:118)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
> at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CallbackRegistrationInvoker.invoke(FilterChainBuilder.java:194)
> at org.apache.dubbo.rpc.cluster.support.wrapper.AbstractCluster$ClusterFilterInvoker.invoke(AbstractCluster.java:91)
> at org.apache.dubbo.rpc.cluster.support.wrapper.MockClusterInvoker.invoke(MockClusterInvoker.java:103)
> at org.apache.dubbo.rpc.cluster.support.wrapper.ScopeClusterInvoker.invoke(ScopeClusterInvoker.java:131)
> at org.apache.dubbo.registry.client.migration.MigrationInvoker.invoke(MigrationInvoker.java:284)
> at org.apache.dubbo.rpc.proxy.InvocationUtil.invoke(InvocationUtil.java:57)
> at org.apache.dubbo.rpc.proxy.InvokerInvocationHandler.invoke(InvokerInvocationHandler.java:75)
> at com.medusa.gruul.shop.api.rpc.ShopRpcServiceDubboProxy0.getShopInfoByShopId(ShopRpcServiceDubboProxy0.java)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
> at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)
> at jdk.proxy2/jdk.proxy2.$Proxy176.getShopInfoByShopId(Unknown Source)
> at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl.lambda$myData$10(ShopAdminServiceImpl.java:253)
> at com.medusa.gruul.common.security.resource.exntends.RoleTask.lambda$when$0(RoleTask.java:37)
> at com.medusa.gruul.common.security.resource.exntends.RolePermMatcher.and(RolePermMatcher.java:174)
> at com.medusa.gruul.common.security.resource.exntends.RoleTask.lambda$when$1(RoleTask.java:37)
> at com.medusa.gruul.common.security.resource.exntends.RolePermMatcher.or(RolePermMatcher.java:190)
> at com.medusa.gruul.common.security.resource.exntends.RoleTask.when(RoleTask.java:35)
> at com.medusa.gruul.common.security.resource.exntends.RoleTask.ifAnyShopAdmin(RoleTask.java:113)
> at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl.lambda$myData$11(ShopAdminServiceImpl.java:250)
> at io.vavr.control.Option.getOrElse(Option.java:336)
> at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl.myData(ShopAdminServiceImpl.java:243)
> at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl$$FastClassBySpringCGLIB$$ad26a94f.invoke(<generated>)
> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
> at org.springframework.aop.framework.CglibAopProxy.invokeMethod(CglibAopProxy.java:386)
> at org.springframework.aop.framework.CglibAopProxy.access$000(CglibAopProxy.java:85)
> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:704)
> at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl$$EnhancerBySpringCGLIB$$e31ae6f2.myData(<generated>)
> at com.medusa.gruul.service.uaa.service.controller.ShopUserController.mine(ShopUserController.java:44)
> at com.medusa.gruul.service.uaa.service.controller.ShopUserController$$FastClassBySpringCGLIB$$81a7126d.invoke(<generated>)
> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
> at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
> at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
> at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
> at com.medusa.gruul.common.log.aspect.LogInterceptor.invoke(LogInterceptor.java:55)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
> at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708)
> at com.medusa.gruul.service.uaa.service.controller.ShopUserController$$EnhancerBySpringCGLIB$$dd2d6316.mine(<generated>)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
> at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:568)
> at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
> at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
> at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
> at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
> at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
> at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
> at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1071)
> at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:964)
> at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
> ... 99 common frames omitted
> ``
> ```
当前ObjectMapperCodec内部内置了一些反序列的对象,你可以看看你当前序列化对象有没有在 这些反序列化的对象里面,如果没有,或者有特殊的对象,你需要通过 ObjectMapperCodecCustomer 自定义
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org