Uploaded image for project: 'Geode'
  1. Geode
  2. GEODE-9486

Serialized classes fail to deserialize when validate-serializable-objects is enabled

    XMLWordPrintableJSON

Details

    Description

      Serialized classes in geode-serializable (and potentially other geode modules without sanctioned serializable support) fail to deserialize when validate-serializable-objects is enabled. This bug was caught by SessionsAndCrashesDUnitTest in geode-apis-compatible-with-redis (GEODE-9485):

      [fatal 2021/08/04 13:50:57.548 UTC <GeodeRedisServer-Command-1> tid=114] Serialization filter is rejecting class org.apache.geode.internal.serialization.DSFIDNotFoundException
    java.lang.Exception: 
      at org.apache.geode.internal.ObjectInputStreamFilterWrapper.lambda$createSerializationFilter$0(ObjectInputStreamFilterWrapper.java:234)
      at com.sun.proxy.$Proxy26.checkInput(Unknown Source)
      at java.base/java.io.ObjectInputStream.filterCheck(ObjectInputStream.java:1336)
      at java.base/java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:2005)
      at java.base/java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1862)
      at java.base/java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2169)
      at java.base/java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1679)

      Any module with a class that may be serialized must implement DistributedSystemService to provide the list of sanctioned serializables as defined in sanctionedDataSerializables.txt and a concrete test subclassing AnalyzeSerializablesJUnitTestBase.

      org.apache.geode.internal.serialization.DSFIDNotFoundException is in geode-serialization which cannot depend on geode-core which owns DistributedSystemService. Even if we remove the unused void init(InternalDistributedSystem internalDistributedSystem) and move it to geode-serialization, SerializationDistributedSystemService would need to implement getSerializationAcceptlist() as:

        @Override
  public Collection<String> getSerializationAcceptlist() throws IOException {
    URL sanctionedSerializables = ClassPathLoader.getLatest().getResource(getClass(),
        "sanctioned-geode-gfsh-serializables.txt");
    return InternalDataSerializer.loadClassNames(sanctionedSerializables);
  }

      ... which uses ClassPathLoader and InternalDataSerializer which live in geode-core.

      This requires moving the classes ClassPathLoader and InternalDataSerializer that need to be used within getSerializationAcceptlist().

      ClassPathLoader depends on geode deployment:

      import org.apache.geode.internal.deployment.DeploymentServiceFactory;
import org.apache.geode.internal.deployment.JarDeploymentService;

      InternalDataSerializer gets even more complicated with many dependencies.

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. GEODE-9485 Serialization filter is rejecting class org.apache.geode.internal.serialization.DSFIDNotFoundException

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #6746

          Web Link GitHub Pull Request #6816

          Web Link GitHub Pull Request #6823

          Web Link GitHub Pull Request #6878

          Web Link GitHub Pull Request #6893

          Web Link GitHub Pull Request #6898

          Web Link GitHub Pull Request #6900

          Activity

            People

              klund Kirk Lund
              klund Kirk Lund
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: