Skip to content

Commit

Permalink
[3.3] Update hessian-lite to 4.0.0 & Set hessian serialization back (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
AlbumenJ authored May 22, 2024
1 parent 80ffcd7 commit 225ca9d
Show file tree
Hide file tree
Showing 26 changed files with 328 additions and 35 deletions.
1 change: 0 additions & 1 deletion .github/workflows/build-and-test-pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,6 @@ jobs:
env:
DISABLE_FILE_SYSTEM_TEST: true
CURRENT_ROLE: ${{ matrix.case-role }}
DUBBO_DEFAULT_SERIALIZATION: fastjson2
steps:
- uses: actions/checkout@v3
with:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
import org.apache.dubbo.common.config.ConfigurationCache;
import org.apache.dubbo.common.convert.ConverterUtil;
import org.apache.dubbo.common.lang.ShutdownHookCallbacks;
import org.apache.dubbo.common.serialization.ClassHolder;
import org.apache.dubbo.common.ssl.CertManager;
import org.apache.dubbo.common.status.reporter.FrameworkStatusReportService;
import org.apache.dubbo.common.threadpool.manager.FrameworkExecutorRepository;
Expand All @@ -40,6 +41,7 @@ public void initializeFrameworkModel(FrameworkModel frameworkModel) {
beanFactory.registerBean(SerializeSecurityManager.class);
beanFactory.registerBean(DefaultSerializeClassChecker.class);
beanFactory.registerBean(CertManager.class);
beanFactory.registerBean(ClassHolder.class);
}

@Override
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.dubbo.common.serialization;

import org.apache.dubbo.common.utils.ConcurrentHashSet;

import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;

public class ClassHolder {
private final Map<String, Set<Class<?>>> classCache = new ConcurrentHashMap<>();

public void storeClass(Class<?> clazz) {
classCache
.computeIfAbsent(clazz.getName(), k -> new ConcurrentHashSet<>())
.add(clazz);
}

public Class<?> loadClass(String className, ClassLoader classLoader) {
Set<Class<?>> classList = classCache.get(className);
if (classList == null) {
return null;
}
for (Class<?> clazz : classList) {
if (classLoader.equals(clazz.getClassLoader())) {
return clazz;
}
}
return null;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,10 @@
*/
package org.apache.dubbo.common.utils;

import org.apache.dubbo.common.aot.NativeDetector;
import org.apache.dubbo.common.logger.ErrorTypeAwareLogger;
import org.apache.dubbo.common.logger.LoggerFactory;
import org.apache.dubbo.common.serialization.ClassHolder;
import org.apache.dubbo.rpc.model.FrameworkModel;

import java.io.Serializable;
Expand All @@ -40,13 +42,16 @@ public class DefaultSerializeClassChecker implements AllowClassNotifyListener {
private volatile boolean checkSerializable = true;

private final SerializeSecurityManager serializeSecurityManager;
private final ClassHolder classHolder;
private volatile long[] allowPrefixes = new long[0];

private volatile long[] disAllowPrefixes = new long[0];

public DefaultSerializeClassChecker(FrameworkModel frameworkModel) {
serializeSecurityManager = frameworkModel.getBeanFactory().getOrRegisterBean(SerializeSecurityManager.class);
serializeSecurityManager.registerListener(this);
classHolder =
NativeDetector.inNativeImage() ? frameworkModel.getBeanFactory().getBean(ClassHolder.class) : null;
}

@Override
Expand Down Expand Up @@ -120,7 +125,7 @@ public Class<?> loadClass(ClassLoader classLoader, String className) throws Clas

private Class<?> loadClass0(ClassLoader classLoader, String className) throws ClassNotFoundException {
if (checkStatus == SerializeCheckStatus.DISABLE) {
return ClassUtils.forName(className, classLoader);
return classForName(classLoader, className);
}

long hash = MAGIC_HASH_CODE;
Expand All @@ -133,7 +138,7 @@ private Class<?> loadClass0(ClassLoader classLoader, String className) throws Cl
hash *= MAGIC_PRIME;

if (Arrays.binarySearch(allowPrefixes, hash) >= 0) {
return ClassUtils.forName(className, classLoader);
return classForName(classLoader, className);
}
}

Expand Down Expand Up @@ -190,7 +195,7 @@ private Class<?> loadClass0(ClassLoader classLoader, String className) throws Cl
}
}

Class<?> clazz = ClassUtils.forName(className, classLoader);
Class<?> clazz = classForName(classLoader, className);
if (serializeSecurityManager.getWarnedClasses().add(className)) {
logger.warn(
PROTOCOL_UNTRUSTED_SERIALIZE_CLASS,
Expand All @@ -204,6 +209,16 @@ private Class<?> loadClass0(ClassLoader classLoader, String className) throws Cl
return clazz;
}

private Class<?> classForName(ClassLoader classLoader, String className) throws ClassNotFoundException {
if (classHolder != null) {
Class<?> aClass = classHolder.loadClass(className, classLoader);
if (aClass != null) {
return aClass;
}
}
return ClassUtils.forName(className, classLoader);
}

public static DefaultSerializeClassChecker getInstance() {
return FrameworkModel.defaultModel().getBeanFactory().getBean(DefaultSerializeClassChecker.class);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,11 @@
*/
package org.apache.dubbo.common.utils;

import org.apache.dubbo.common.aot.NativeDetector;
import org.apache.dubbo.common.constants.CommonConstants;
import org.apache.dubbo.common.logger.ErrorTypeAwareLogger;
import org.apache.dubbo.common.logger.LoggerFactory;
import org.apache.dubbo.common.serialization.ClassHolder;
import org.apache.dubbo.config.ApplicationConfig;
import org.apache.dubbo.rpc.model.FrameworkModel;
import org.apache.dubbo.rpc.model.ModuleModel;
Expand Down Expand Up @@ -52,6 +54,8 @@ public class SerializeSecurityConfigurator implements ScopeClassLoaderListener<M

private final ModuleModel moduleModel;

private final ClassHolder classHolder;

private volatile boolean autoTrustSerializeClass = true;

private volatile int trustSerializeClassLevel = Integer.MAX_VALUE;
Expand All @@ -62,6 +66,8 @@ public SerializeSecurityConfigurator(ModuleModel moduleModel) {

FrameworkModel frameworkModel = moduleModel.getApplicationModel().getFrameworkModel();
serializeSecurityManager = frameworkModel.getBeanFactory().getBean(SerializeSecurityManager.class);
classHolder =
NativeDetector.inNativeImage() ? frameworkModel.getBeanFactory().getBean(ClassHolder.class) : null;

refreshStatus();
refreshCheck();
Expand Down Expand Up @@ -210,7 +216,7 @@ public synchronized void registerInterface(Class<?> clazz) {
Set<Type> markedClass = new HashSet<>();
checkClass(markedClass, clazz);

addToAllow(clazz.getName());
addToAllow(clazz);

Method[] methodsToExport = clazz.getMethods();

Expand Down Expand Up @@ -291,7 +297,7 @@ private void checkClass(Set<Type> markedClass, Class<?> clazz) {
return;
}

addToAllow(clazz.getName());
addToAllow(clazz);

if (ClassUtils.isSimpleType(clazz) || clazz.isPrimitive() || clazz.isArray()) {
return;
Expand Down Expand Up @@ -337,11 +343,17 @@ private void checkClass(Set<Type> markedClass, Class<?> clazz) {
}
}

private void addToAllow(String className) {
private void addToAllow(Class<?> clazz) {
if (classHolder != null) {
classHolder.storeClass(clazz);
}

String className = clazz.getName();
// ignore jdk
if (className.startsWith("java.")
|| className.startsWith("javax.")
|| className.startsWith("com.sun.")
|| className.startsWith("jakarta.")
|| className.startsWith("sun.")
|| className.startsWith("jdk.")) {
serializeSecurityManager.addToAllowed(className);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -481,7 +481,7 @@ void testLoadConfig() {
public static class TestPreferSerializationProvider implements PreferSerializationProvider {
@Override
public String getPreferSerialization() {
return "fastjson2,hessian2";
return "hessian2";
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -389,7 +389,7 @@ void testPreferSerializationDefault1() throws Exception {
assertNull(protocolConfig.getPreferSerialization());

protocolConfig.checkDefault();
assertThat(protocolConfig.getPreferSerialization(), equalTo("fastjson2,hessian2"));
assertThat(protocolConfig.getPreferSerialization(), equalTo("hessian2,fastjson2"));

protocolConfig = new ProtocolConfig();
protocolConfig.setSerialization("x-serialization");
Expand All @@ -405,7 +405,7 @@ void testPreferSerializationDefault2() throws Exception {
assertNull(protocolConfig.getPreferSerialization());

protocolConfig.refresh();
assertThat(protocolConfig.getPreferSerialization(), equalTo("fastjson2,hessian2"));
assertThat(protocolConfig.getPreferSerialization(), equalTo("hessian2,fastjson2"));

protocolConfig = new ProtocolConfig();
protocolConfig.setSerialization("x-serialization");
Expand Down
10 changes: 5 additions & 5 deletions dubbo-demo/dubbo-demo-native/dubbo-demo-native-consumer/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,11 @@
<artifactId>dubbo-serialization-fastjson2</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.dubbo</groupId>
<artifactId>dubbo-serialization-hessian2</artifactId>
<version>${project.version}</version>
</dependency>

<dependency>
<groupId>org.apache.dubbo</groupId>
Expand All @@ -134,11 +139,6 @@
<version>${project.version}</version>
</dependency>

<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
</dependency>

<dependency>
<groupId>org.apache.dubbo</groupId>
<artifactId>dubbo-native</artifactId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ public class Application {
public static void main(String[] args) {
SystemPropertyConfigUtils.setSystemProperty(DubboProperty.DUBBO_APPLICATION_LOGGER, "logback");
System.setProperty("native", "true");
SystemPropertyConfigUtils.setSystemProperty(DubboProperty.DUBBO_PREFER_JSON_FRAMEWORK_NAME, "fastjson");
SystemPropertyConfigUtils.setSystemProperty(DubboProperty.DUBBO_PREFER_JSON_FRAMEWORK_NAME, "fastjson2");
runWithBootstrap();
}

Expand All @@ -55,7 +55,7 @@ private static void runWithBootstrap() {
reference.setGeneric("false");

ProtocolConfig protocolConfig = new ProtocolConfig(CommonConstants.DUBBO, -1);
protocolConfig.setSerialization("fastjson2");
protocolConfig.setSerialization("hessian2");
bootstrap
.application(applicationConfig)
.registry(new RegistryConfig(REGISTRY_URL))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,11 @@
<artifactId>dubbo-serialization-fastjson2</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.dubbo</groupId>
<artifactId>dubbo-serialization-hessian2</artifactId>
<version>${project.version}</version>
</dependency>

<dependency>
<groupId>org.apache.dubbo</groupId>
Expand All @@ -133,10 +138,6 @@
<artifactId>dubbo-filter-validation</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
</dependency>

<dependency>
<groupId>org.apache.dubbo</groupId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ public class Application {
public static void main(String[] args) throws Exception {
SystemPropertyConfigUtils.setSystemProperty(DubboProperty.DUBBO_APPLICATION_LOGGER, "logback");
System.setProperty("native", "true");
SystemPropertyConfigUtils.setSystemProperty(DubboProperty.DUBBO_PREFER_JSON_FRAMEWORK_NAME, "fastjson");
SystemPropertyConfigUtils.setSystemProperty(DubboProperty.DUBBO_PREFER_JSON_FRAMEWORK_NAME, "fastjson2");
startWithBootstrap();
System.in.read();
}
Expand All @@ -60,7 +60,7 @@ private static void startWithBootstrap() {
service.setRef(new DemoServiceImpl());

ProtocolConfig protocolConfig = new ProtocolConfig(CommonConstants.DUBBO, -1);
protocolConfig.setSerialization("fastjson2");
protocolConfig.setSerialization("hessian2");
bootstrap
.application(applicationConfig)
.registry(new RegistryConfig(REGISTRY_URL))
Expand Down
4 changes: 2 additions & 2 deletions dubbo-dependencies-bom/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@
<jaxb_version>2.2.7</jaxb_version>
<activation_version>1.2.0</activation_version>
<test_container_version>1.19.7</test_container_version>
<hessian_lite_version>3.2.13</hessian_lite_version>
<hessian_lite_version>4.0.0</hessian_lite_version>
<swagger_version>1.6.14</swagger_version>

<snappy_java_version>1.1.10.5</snappy_java_version>
Expand Down Expand Up @@ -364,7 +364,7 @@
<version>${hessian_version}</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<groupId>org.apache.dubbo</groupId>
<artifactId>hessian-lite</artifactId>
<version>${hessian_lite_version}</version>
</dependency>
Expand Down
2 changes: 1 addition & 1 deletion dubbo-distribution/dubbo-all-shaded/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -427,7 +427,7 @@
<artifactId>snakeyaml</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<groupId>org.apache.dubbo</groupId>
<artifactId>hessian-lite</artifactId>
</dependency>
<dependency>
Expand Down
2 changes: 1 addition & 1 deletion dubbo-distribution/dubbo-all/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -456,7 +456,7 @@
<artifactId>snakeyaml</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<groupId>org.apache.dubbo</groupId>
<artifactId>hessian-lite</artifactId>
</dependency>
<dependency>
Expand Down
Loading

0 comments on commit 225ca9d

Please sign in to comment.