Uploaded image for project: 'Geode'
  1. Geode
  2. GEODE-9486

Serialized classes fail to deserialize when validate-serializable-objects is enabled

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      Serialized classes in geode-serializable (and potentially other geode modules without sanctioned serializable support) fail to deserialize when validate-serializable-objects is enabled. This bug was caught by SessionsAndCrashesDUnitTest in geode-apis-compatible-with-redis (GEODE-9485):

      [fatal 2021/08/04 13:50:57.548 UTC <GeodeRedisServer-Command-1> tid=114] Serialization filter is rejecting class org.apache.geode.internal.serialization.DSFIDNotFoundException
    java.lang.Exception: 
      at org.apache.geode.internal.ObjectInputStreamFilterWrapper.lambda$createSerializationFilter$0(ObjectInputStreamFilterWrapper.java:234)
      at com.sun.proxy.$Proxy26.checkInput(Unknown Source)
      at java.base/java.io.ObjectInputStream.filterCheck(ObjectInputStream.java:1336)
      at java.base/java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2005)
      at java.base/java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1862)
      at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2169)
      at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1679)

      Any module with a class that may be serialized must implement DistributedSystemService to provide the list of sanctioned serializables as defined in sanctionedDataSerializables.txt and a concrete test subclassing AnalyzeSerializablesJUnitTestBase.

      org.apache.geode.internal.serialization.DSFIDNotFoundException is in geode-serialization which cannot depend on geode-core which owns DistributedSystemService. Even if we remove the unused void init(InternalDistributedSystem internalDistributedSystem) and move it to geode-serialization, SerializationDistributedSystemService would need to implement getSerializationAcceptlist() as:

        @Override
  public Collection<String> getSerializationAcceptlist() throws IOException {
    URL sanctionedSerializables = ClassPathLoader.getLatest().getResource(getClass(),
        "sanctioned-geode-gfsh-serializables.txt");
    return InternalDataSerializer.loadClassNames(sanctionedSerializables);
  }

      ... which uses ClassPathLoader and InternalDataSerializer which live in geode-core.

      This requires moving the classes ClassPathLoader and InternalDataSerializer that need to be used within getSerializationAcceptlist().

      ClassPathLoader depends on geode deployment:

      import org.apache.geode.internal.deployment.DeploymentServiceFactory;
import org.apache.geode.internal.deployment.JarDeploymentService;

      InternalDataSerializer gets even more complicated with many dependencies.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            klund Kirk Lund
            klund Kirk Lund
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment