Skip to content

Commit

Permalink
GEODE-9758: Add internal serial filter API (#7217)
Browse files Browse the repository at this point in the history
GEODE-9758: Add internal serial filter API #7217

Expand ObjectInputStreamFilterWrapper to be an internal API which
supports all of Geode's uses of Java's ObjectInputFilter.

Introduce a new system property, geode.enableGlobalSerialFilter, to
enable a process-wide filter with all serializable Geode classes on the 
classpath and the value of serializable-object-filter accept-listed.

To enable the process-wide filter with GFSH start commands, add:

* --J=-Dgeode.enableGlobalSerialFilter=true

Functional Capabilities

The internal API lives in geode-serialization and works on OpenJDK
based JREs providing a facade for Java's ObjectInputFilter in Java 8
and Java 9 or greater using reflection. The API provides the following 
capabilities:

* creating an ObjectInputFilter
* setting an ObjectInputFilter on an ObjectInputStream
* getting an ObjectInputFilter from a ObjectInputStream
* setting a process-wide ObjectInputFilter
* getting a process-wide ObjectInputFilter

Design Notes

The API defines the following primary interface types:

* factory interfaces for creating instances of types within the API
* filter interfaces to split out single ops from Java's
  ObjectInputFilter
* configuration interfaces for handling system properties, logging,
  and config validation

The concrete classes in the API receive parameters injected via a
constructor for any collaborators that are not specified by the
interfaces. This is intentional even when the instance is only used
once before de-referencing it. All collaborators that are defined in
the interface are passed in as parameters to the implementing 
method; all others are passed in via the constructor and stored as 
fields.
  • Loading branch information
kirklund committed Jan 18, 2022
1 parent a240351 commit 7978abf
Show file tree
Hide file tree
Showing 101 changed files with 6,070 additions and 1,392 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package org.apache.geode.serialization.filter;

import static org.apache.geode.internal.AvailablePortHelper.getRandomAvailableTCPPorts;
import static org.apache.geode.test.assertj.LogFileAssert.assertThat;
import static org.apache.geode.test.awaitility.GeodeAwaitility.await;

import java.nio.file.Path;

import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;

import org.apache.geode.test.junit.rules.RequiresGeodeHome;
import org.apache.geode.test.junit.rules.gfsh.GfshRule;

public class StartLocatorGlobalSerialFilterAcceptanceTest {

@Rule
public RequiresGeodeHome requiresGeodeHome = new RequiresGeodeHome();
@Rule
public GfshRule gfshRule = new GfshRule();

private Path locatorFolder;
private int locatorPort;
private int locatorJmxPort;
private Path locatorLogFile;

@Before
public void setUpFiles() {
locatorFolder = gfshRule.getTemporaryFolder().getRoot().toPath().toAbsolutePath();
locatorLogFile = locatorFolder.resolve("locator.log");
}

@Before
public void setUpPorts() {
int[] ports = getRandomAvailableTCPPorts(2);
locatorPort = ports[0];
locatorJmxPort = ports[1];
}

@Test
public void startDoesNotConfigureGlobalSerialFilter_byDefault() {
String startLocatorCommand = String.join(" ",
"start locator",
"--name=locator",
"--dir=" + locatorFolder,
"--port=" + locatorPort,
"--J=-Dgemfire.jmx-manager-port=" + locatorJmxPort);

gfshRule.execute(startLocatorCommand);

await().untilAsserted(() -> {
assertThat(locatorLogFile.toFile())
.as(locatorLogFile.toFile().getAbsolutePath())
.exists()
.doesNotContain("Global serial filter is now configured.")
.doesNotContain("jdk.serialFilter");
});
}

@Test
public void startDoesNotConfigureGlobalSerialFilter_whenJdkSerialFilterIsNotBlank() {
String startLocatorCommand = String.join(" ",
"start locator",
"--name=locator",
"--dir=" + locatorFolder,
"--port=" + locatorPort,
"--J=-Dgemfire.jmx-manager-port=" + locatorJmxPort,
"--J=-Djdk.serialFilter=*");

gfshRule.execute(startLocatorCommand);

await().untilAsserted(() -> {
assertThat(locatorLogFile.toFile())
.as(locatorLogFile.toFile().getAbsolutePath())
.exists()
.doesNotContain("Global serial filter is now configured.")
.contains("jdk.serialFilter");
});
}

@Test
public void startConfiguresGlobalSerialFilter_whenEnableGlobalSerialFilterIsTrue() {
String startLocatorCommand = String.join(" ",
"start locator",
"--name=locator",
"--dir=" + locatorFolder,
"--port=" + locatorPort,
"--J=-Dgemfire.jmx-manager-port=" + locatorJmxPort,
"--J=-Dgeode.enableGlobalSerialFilter=true");

gfshRule.execute(startLocatorCommand);

await().untilAsserted(() -> {
assertThat(locatorLogFile.toFile())
.as(locatorLogFile.toFile().getAbsolutePath())
.exists()
.contains("Global serial filter is now configured.")
.doesNotContain("jdk.serialFilter");
});
}

@Test
public void startDoesNotConfigureGlobalSerialFilter_whenEnableGlobalSerialFilterIsTrue_andJdkSerialFilterIsNotBlank() {
String startLocatorCommand = String.join(" ",
"start locator",
"--name=locator",
"--dir=" + locatorFolder,
"--port=" + locatorPort,
"--J=-Dgemfire.jmx-manager-port=" + locatorJmxPort,
"--J=-Dgeode.enableGlobalSerialFilter=true",
"--J=-Djdk.serialFilter=*");

gfshRule.execute(startLocatorCommand);

await().untilAsserted(() -> {
assertThat(locatorLogFile.toFile())
.as(locatorLogFile.toFile().getAbsolutePath())
.exists()
.doesNotContain("Global serial filter is now configured.")
.contains("jdk.serialFilter");
});
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -12,65 +12,61 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package org.apache.geode.management;
package org.apache.geode.serialization.filter;

import static org.apache.commons.lang3.JavaVersion.JAVA_1_8;
import static org.apache.commons.lang3.JavaVersion.JAVA_9;
import static org.apache.commons.lang3.SystemUtils.isJavaVersionAtLeast;
import static org.apache.commons.lang3.SystemUtils.isJavaVersionAtMost;
import static org.apache.geode.internal.AvailablePortHelper.getRandomAvailableTCPPorts;
import static org.apache.geode.management.internal.JmxRmiOpenTypesSerialFilter.PROPERTY_NAME;
import static org.apache.geode.test.assertj.LogFileAssert.assertThat;
import static org.apache.geode.test.awaitility.GeodeAwaitility.await;
import static org.assertj.core.api.Assumptions.assumeThat;

import java.nio.file.Path;

import org.apache.commons.lang3.JavaVersion;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;

import org.apache.geode.test.assertj.LogFileAssert;
import org.apache.geode.test.junit.rules.RequiresGeodeHome;
import org.apache.geode.test.junit.rules.gfsh.GfshRule;

public class LocatorManagerConfiguresJmxSerialFilterAcceptanceTest {
public class StartLocatorJmxSerialFilterAcceptanceTest {

private static final String NAME = "the-locator";

private Path workingDir;
private int locatorPort;
private int jmxPort;
private Path locatorLogFile;
private static final String PROPERTY_NAME = "jmx.remote.rmi.server.serial.filter.pattern";

@Rule
public RequiresGeodeHome requiresGeodeHome = new RequiresGeodeHome();
@Rule
public GfshRule gfshRule = new GfshRule();

@Before
public void setUpOutputFiles() {
TemporaryFolder temporaryFolder = gfshRule.getTemporaryFolder();
private Path locatorFolder;
private int locatorPort;
private int jmxPort;
private Path locatorLogFile;

workingDir = temporaryFolder.getRoot().toPath().toAbsolutePath();
locatorLogFile = workingDir.resolve(NAME + ".log");
@Before
public void setUpFiles() {
locatorFolder = gfshRule.getTemporaryFolder().getRoot().toPath().toAbsolutePath();
locatorLogFile = locatorFolder.resolve("locator.log");
}

@Before
public void setUpRandomPorts() {
public void setUpPorts() {
int[] ports = getRandomAvailableTCPPorts(2);

locatorPort = ports[0];
jmxPort = ports[1];
}

@Test
public void startingLocatorWithJmxManager_configuresSerialFilter_atLeastJava9() {
assumeThat(isJavaVersionAtLeast(JavaVersion.JAVA_9)).isTrue();
public void startWithJmxManagerConfiguresJmxSerialFilter_onJava9orGreater() {
assumeThat(isJavaVersionAtLeast(JAVA_9)).isTrue();

String startLocatorCommand = String.join(" ",
"start locator",
"--name=" + NAME,
"--dir=" + workingDir,
"--name=locator",
"--dir=" + locatorFolder,
"--port=" + locatorPort,
"--J=-Dgemfire.enable-cluster-configuration=false",
"--J=-Dgemfire.http-service-port=0",
Expand All @@ -81,21 +77,21 @@ public void startingLocatorWithJmxManager_configuresSerialFilter_atLeastJava9()
gfshRule.execute(startLocatorCommand);

await().untilAsserted(() -> {
LogFileAssert.assertThat(locatorLogFile.toFile())
assertThat(locatorLogFile.toFile())
.as(locatorLogFile.toFile().getAbsolutePath())
.exists()
.contains("System property " + PROPERTY_NAME + " is now configured with");
.contains("System property '" + PROPERTY_NAME + "' is now configured with");
});
}

@Test
public void startingLocatorWithJmxManager_configuresSerialFilter_atMostJava8() {
assumeThat(isJavaVersionAtMost(JavaVersion.JAVA_1_8)).isTrue();
public void startWithJmxManagerDoesNotConfigureJmxSerialFilter_onJava8() {
assumeThat(isJavaVersionAtMost(JAVA_1_8)).isTrue();

String startLocatorCommand = String.join(" ",
"start locator",
"--name=" + NAME,
"--dir=" + workingDir,
"--name=locator",
"--dir=" + locatorFolder,
"--port=" + locatorPort,
"--J=-Dgemfire.enable-cluster-configuration=false",
"--J=-Dgemfire.http-service-port=0",
Expand All @@ -106,10 +102,10 @@ public void startingLocatorWithJmxManager_configuresSerialFilter_atMostJava8() {
gfshRule.execute(startLocatorCommand);

await().untilAsserted(() -> {
LogFileAssert.assertThat(locatorLogFile.toFile())
assertThat(locatorLogFile.toFile())
.as(locatorLogFile.toFile().getAbsolutePath())
.exists()
.doesNotContain("System property " + PROPERTY_NAME + " is now configured with");
.doesNotContain("System property '" + PROPERTY_NAME + "' is now configured with");
});
}
}
Loading

0 comments on commit 7978abf

Please sign in to comment.