dubbo-serialization-fury allowList/allowListPrefix doesn't take affect

[huisman6]

Is your feature request related to a problem? Please describe.

When Dubbo class serialization security check is enabled:

dubbo.application.serialize-check-status=STRICT
dubbo.application.auto-trust-serialize-class=true
dubbo.application.trust-serialize-class-level=3

Dubbo Serialization Fury keeps running an exception during deserialization, indicating that it is not in the serialization allowlist.

After debugging, the reason for this exception is that FuryCheckerListener#notifyPrefix method calls AllowListChecker without adding * to the allowedList and Fury AllowListChecker uses the suffix character * to determine whether it is a prefix match or an exact match..

For example, for DTO io.github.playground.server.model.User, the allowedList finally parsed by the dubbo security mechanism io.github.playground is added to AllowListChecker through FuryCheckerListener and saved in allowList instead of allowListPrefix.

Describe the solution you'd like

FuryCheckerListener adapts to AllowListChecker by appending the suffix character * .

Additional context

dubbo: 3.2
dubbo-serialization-fury: 3.2.0
dubbo security mechanism: https://cn.dubbo.apache.org/en/docs3-v2/java-sdk/advanced-features-and-usage/security/class-check/

[heliang666s]

I am interested in it.Please assign to me~