Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow configuration of SpringCloudCommandRouter with a provided XStreamSerializer #13

Closed
martijnvanderwoud opened this issue Nov 5, 2019 · 4 comments · Fixed by #25
Closed

Allow configuration of SpringCloudCommandRouter with a provided XStreamSerializer #13

martijnvanderwoud opened this issue Nov 5, 2019 · 4 comments · Fixed by #25
Assignees
@smcvb
Labels
Ideal for Contribution Priority 4: Would Status: Resolved Type: Enhancement
Milestone
Release 4.4

Comments

@martijnvanderwoud
Copy link

The serializer used by the SpringCloudCommandRouter is hard-coded.

protected final XStreamSerializer serializer = XStreamSerializer.builder().build();

So far, I have not found a way to provide my own serializer. I would like to do so, since the hardcoded one produces this warning: "Security framework of XStream not initialized, XStream is probably vulnerable."
@smcvb smcvb self-assigned this Nov 6, 2019
@smcvb
Copy link
Member

smcvb commented Nov 7, 2019
edited by lfgcampos
Loading

Good point @martijnvanderwoud. It was hard coded to XStream as it is dedicated to serializing the CommandFilter which is shared with the other instances which will not go down too well with something like the JacksonSerialzier. At that point the warning didn't occur yet, hence why it's their.

Should be easy enough to adjust this though. I would suggest to add a dedicated builder method in the SpringCloudCommandRouter.Builder which allows you to set the XStreamSerializer. That way, users have the ability to adjust the XStreamSerializer to a version which has an initialized XStream instance.

@smcvb smcvb changed the title Allow configuration of SpringCloudCommandRouter with a provided serializer Allow configuration of SpringCloudCommandRouter with a provided XStreamSerializer Nov 7, 2019
@martijnvanderwoud
Copy link
Author

martijnvanderwoud commented Nov 7, 2019
edited
Loading

I agree Steven, would you like me to submit a PR for this? Might be a while before I find some time for this but it does not appear to be very complicated

@smcvb
Copy link
Member

smcvb commented Nov 7, 2019

If you would have the time to provide a PR @martijnvanderwoud, that would be great!

@smcvb smcvb mentioned this issue Mar 9, 2020
Closed
@smcvb smcvb added this to the Release 4.4 milestone May 12, 2020
smcvb added a commit that referenced this issue May 13, 2020
@smcvb
Allow configuration of Serializer
fdd7ddb 
The Serializer should be configurable for two reasons:
1. To ensure the security warning thrown by XStream can be mitigated by
users.
2. To allow setting of the ClassLoader, which is required for Spring
Devtools to work correctly.

#1382 & #13
@smcvb smcvb mentioned this issue May 13, 2020
Merged
@smcvb smcvb closed this as completed in #25 May 15, 2020
smcvb added a commit that referenced this issue May 15, 2020
@smcvb
Merge pull request #25 from AxonFramework/feature/1382
a3d124b 
[#13 & #1382] Allow Serializer Configuration & Support Spring Boot DevTools
@martijnvanderwoud
Copy link
Author

Thanks for fixing this @smcvb, sorry that I did not make time to create a PR (this was still on my todo list, but has been there for ages)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@smcvb smcvb

Labels
Ideal for Contribution Priority 4: Would Status: Resolved Type: Enhancement
Projects
None yet
Milestone
Release 4.4
2 participants
@martijnvanderwoud @smcvb