This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch asf-site-v2
in repository https://gitbox.apache.org/repos/asf/dubbo-website.git
The following commit(s) were added to refs/heads/asf-site-v2 by this push:
new 20d9966560 deploy: 1d90017d0611dd3b25934e5ef1c09d0d758860fb
20d9966560 is described below
commit 20d9966560583d8d12751fda10c1773c5333e6db
Author: AlbumenJ <[email protected]>
AuthorDate: Thu Feb 9 08:18:16 2023 +0000
deploy: 1d90017d0611dd3b25934e5ef1c09d0d758860fb
---
sitemap.xml | 2 +-
zh/docs/index.xml | 26 ++++++++++--------
.../security/class-check/index.html | 18 ++++++------
.../security/index.html | 2 +-
.../advanced-features-and-usage/security/index.xml | 32 +++++++++++++---------
.../security/tls/index.html | 7 +++--
.../security/token-authorization/index.html | 6 ++--
zh/sitemap.xml | 2 +-
8 files changed, 54 insertions(+), 41 deletions(-)
diff --git a/sitemap.xml b/sitemap.xml
index 1b653cab18..7de3bdd53d 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><sitemapindex
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";><sitemap><loc>https://dubbo.apache.org/zh/sitemap.xml</loc><lastmod>2023-02-09T16:12:24+08:00</lastmod></sitemap><sitemap><loc>https://dubbo.apache.org/en/sitemap.xml</loc><lastmod>2023-02-09T08:44:24+08:00</lastmod></sitemap></sitemapindex>
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><sitemapindex
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";><sitemap><loc>https://dubbo.apache.org/zh/sitemap.xml</loc><lastmod>2023-02-09T16:13:09+08:00</lastmod></sitemap><sitemap><loc>https://dubbo.apache.org/en/sitemap.xml</loc><lastmod>2023-02-09T08:44:24+08:00</lastmod></sitemap></sitemapindex>
\ No newline at end of file
diff --git a/zh/docs/index.xml b/zh/docs/index.xml
index 546c386fa8..bc853aef4e 100644
--- a/zh/docs/index.xml
+++ b/zh/docs/index.xml
@@ -599,12 +599,14 @@
<li>如果你需要实现自定义的过滤器,你可以使用 Dubbo 扩展能力。</li>
</ul>
<p>Dubbo 扩展平等的对待内部实现和第三方实现。更多使用场景,参见 <a href="../description/">SPI
扩展实现</a></p></description></item><item><title>Docs3-V2: Dubbo
类检查机制</title><link>https://dubbo.apache.org/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/class-check/</link><pubDate>Mon,
01 Jan 0001 00:00:00
+0000</pubDate><guid>https://dubbo.apache.org/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/class-check/</guid><description>
-<h2 id="支持版本">支持版本</h2>
-<p>Dubbo &gt;= 3.1.6</p>
-<h2 id="适用范围">适用范围</h2>
-<p>目前序列化检查支持 Hessian2、Fastjson2 序列化以及泛化调用。其他的序列化方式暂不支持。</p>
-<h2 id="配置方式">配置方式</h2>
-<h3 id="1-检查模式">1. 检查模式</h3>
+<h2 id="特性说明">特性说明</h2>
+<h2 id="使用场景">使用场景</h2>
+<h2 id="使用方式">使用方式</h2>
+<p>支持版本
+Dubbo &gt;= 3.1.6</p>
+<p>适用范围
+目前序列化检查支持 Hessian2、Fastjson2 序列化以及泛化调用。其他的序列化方式暂不支持。</p>
+<h3 id="检查模式">检查模式</h3>
<p>检查模式分为三个级别:<code>STRICT</code> 严格检查,<code>WARN</code>
告警,<code>DISABLED</code> 禁用。
<code>STRICT</code> 严格检查:禁止反序列化所有不在允许序列化列表(白名单)中的类。
<code>WARN</code>
告警:仅禁止序列化所有在不允许序列化列表中(黑名单)的类,同时在反序列化不在允许序列化列表(白名单)中类的时候通过日志进行告警。
@@ -622,7 +624,7 @@
</span></span></code></pre></div><p>配置成功后可以在日志中看到如下的提示:</p>
<div class="highlight"><pre tabindex="0"
style="color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-fallback" data-lang="fallback"><span
style="display:flex;"><span>INFO utils.SerializeSecurityManager: [DUBBO]
Serialize check level: STRICT
</span></span></code></pre></div><p>注:在同一个进程(Dubbo Framework
Model)下的多个应用如果同时配置不同的检查模式,最终会生效“最宽松”的级别。如两个 Spring Context 同时启动,一个配置为
<code>STRICT</code>,另外一个配置为 <code>WARN</code>,则最终生效
<code>WARN</code> 级别的配置。</p>
-<h3 id="2-serializable-接口检查">2. Serializable 接口检查</h3>
+<h3 id="serializable-接口检查">Serializable 接口检查</h3>
<p>Serializable 接口检查模式分为两个级别:<code>true</code>
开启,<code>false</code> 关闭。开启检查后会拒绝反序列化所有未实现
<code>Serializable</code> 的类。</p>
<p>Dubbo 中默认配置为 <code>true</code> 开启检查。</p>
<p>通过 ApplicationConfig 配置:</p>
@@ -638,7 +640,7 @@
<div class="highlight"><pre tabindex="0"
style="color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-fallback" data-lang="fallback"><span
style="display:flex;"><span>INFO utils.SerializeSecurityManager: [DUBBO]
Serialize check serializable: true
</span></span></code></pre></div><p>注 1:在同一个进程(Dubbo
Framework Model)下的多个应用如果同时配置不同的 Serializable 接口检查模式,最终会生效“最宽松”的级别。如两个 Spring
Context 同时启动,一个配置为 <code>true</code>,另外一个配置为
<code>false</code>,则最终生效 <code>false</code> 级别的配置。
注 2:目前暂未打通 Hessian2、Fastjson2 内置的 <code>Serializable</code>
检查配置。对于泛化调用,仅需要配置 <code>dubbo.application.check-serializable</code>
即可修改检查配置;对于 Hessian2 序列化,需要同时修改
<code>dubbo.application.check-serializable</code> 和
<code>dubbo.hessian.allowNonSerializable�</code> 两个配置;对于 Fastjson2
序列化,目前暂不支持修改。</p>
-<h3 id="3-自动扫描相关配置">3. 自动扫描相关配置</h3>
+<h3 id="自动扫描相关配置">自动扫描相关配置</h3>
<p>Dubbo 类自动扫描机制共有两个配置项:<code>AutoTrustSerializeClass�</code>
是否启用自动扫描和 <code>TrustSerializeClassLevel�</code> 类信任层级。</p>
<p>简单来说,在开启类自动扫描之后,Dubbo 会通过 <code>ReferenceConfig</code> 和
<code>ServiceConfig</code> 自动扫描接口所有可能会用到的相关类,并且递归信任其所在的 package。
<code>TrustSerializeClassLevel�</code> 类信任层级可以用来限制最终信任的 package 层级。如
<code>io.dubbo.test.pojo.User</code> 在
<code>TrustSerializeClassLevel�</code> 配置为 <code>3</code> 的时候,最终会信任
<code>io.dubbo.test</code> 这个 package 下所有的类。</p>
<p>Dubbo 中默认配置 <code>AutoTrustSerializeClass�</code> 为
<code>true</code> 启用扫描, <code>TrustSerializeClassLevel�</code> 为
<code>3</code>。</p>
@@ -656,7 +658,7 @@
</span></span><span
style="display:flex;"><span>-Ddubbo.application.trust-serialize-class-level<span
style="color:#719e07">=</span><span style="color:#2aa198">3</span>
</span></span></code></pre></div><p>配置成功后可以通过 QoS
命令检查当前已经加载的可信类结果是否符合预期。</p>
<p>注:开启检查之后在启动的过程中会有一定的性能损耗。</p>
-<h3 id="4-可信不可信类自定义配置">4. 可信/不可信类自定义配置</h3>
+<h3 id="可信不可信类自定义配置">可信/不可信类自定义配置</h3>
<p>除了 Dubbo 自动扫描类之外,也支持通过资源文件的方式配置可信/不可信类列表。</p>
<p>配置方式:在资源目录(resource)下定义以下文件。</p>
<div class="highlight"><pre tabindex="0"
style="color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-properties" data-lang="properties"><span
style="display:flex;"><span><span style="color:#586e75">#
security/serialize.allowlist</span>
@@ -667,7 +669,7 @@
<div class="highlight"><pre tabindex="0"
style="color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-properties" data-lang="properties"><span
style="display:flex;"><span>INFO <span
style="color:#2aa198">utils.SerializeSecurityConfigurator: [DUBBO] Read
serialize allow list from
file:/Users/albumen/code/dubbo-samples/99-integration/dubbo-samples-serialize-check/target/classes/security/serialize.allowlist</span>
</span></span><span style="display:flex;"><span>INFO <span
style="color:#2aa198">utils.SerializeSecurityConfigurator: [DUBBO] Read
serialize blocked list from
file:/Users/albumen/code/dubbo-samples/99-integration/dubbo-samples-serialize-check/target/classes/security/serialize.blockedlist</span>
</span></span></code></pre></div><p>配置优先级为:用户自定义可信类 =
框架内置可信类 &gt; 用户自定义不可信类 = 框架内置不可信类 &gt; 自动类扫描可信类。</p>
-<h2 id="审计方式">审计方式</h2>
+<h3 id="审计方式">审计方式</h3>
<p>Dubbo 支持通过 QoS
命令实时查看当前的配置信息以及可信/不可信类列表。目前共支持两个命令:<code>serializeCheckStatus</code>
查看当前配置信息,<code>serializeWarnedClasses</code> 查看实时的告警列表。</p>
<ol>
<li><code>serializeCheckStatus</code> 查看当前配置信息</li>
@@ -721,7 +723,9 @@
</span></span></code></pre></div><p>通过 http 请求 json
格式结果:</p>
<div class="highlight"><pre tabindex="0"
style="color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-bash" data-lang="bash"><span
style="display:flex;"><span>&gt; curl
http://127.0.0.1:22222/serializeWarnedClasses
</span></span><span style="display:flex;"><span><span
style="color:#719e07">{</span><span
style="color:#2aa198">&#34;warnedClasses&#34;</span>:<span
style="color:#719e07">[</span><span
style="color:#2aa198">&#34;io.dubbo.test2.NotSerializable&#34;</span>,<span
style="color:#2aa198">&#34;org.apache.dubbo.samples.NotSerializable&#34;</span>,<span
style="color:#2aa198">&#34;io.dubbo.test.NotSerializable&#34;</sp
[...]
-</span></span></code></pre></div><p>注:建议及时关注
<code>serializeWarnedClasses</code>
的结果,通过返回结果是否非空来判断是否受到攻击。</p></description></item><item><title>Docs: dubbo
协议</title><link>https://dubbo.apache.org/zh/docs/references/protocols/dubbo/</link><pubDate>Mon,
01 Jan 0001 00:00:00
+0000</pubDate><guid>https://dubbo.apache.org/zh/docs/references/protocols/dubbo/</guid><description>
+</span></span></code></pre></div><blockquote>
+<p>建议及时关注 <code>serializeWarnedClasses</code>
的结果,通过返回结果是否非空来判断是否受到攻击。</p>
+</blockquote></description></item><item><title>Docs: dubbo
协议</title><link>https://dubbo.apache.org/zh/docs/references/protocols/dubbo/</link><pubDate>Mon,
01 Jan 0001 00:00:00
+0000</pubDate><guid>https://dubbo.apache.org/zh/docs/references/protocols/dubbo/</guid><description>
<div class="pageinfo pageinfo-primary">
<p>此文档已经不再维护。您当前查看的是快照版本。如果想要查看最新版本的文档,请参阅<a
href="https://dubbo.apache.org/zh/docs3-v2/java-sdk/reference-manual/protocol/dubbo/";>最新版本</a>。</p>
</div>
diff --git
a/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/class-check/index.html
b/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/class-check/index.html
index b0f469e7d1..71a2e0fffc 100644
---
a/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/class-check/index.html
+++
b/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/class-check/index.html
@@ -1,9 +1,11 @@
-<!doctype html><html lang=zh class=no-js><head><meta charset=utf-8><meta
name=viewport
content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta
name=generator content="Hugo 0.110.0"><meta name=ROBOTS content="INDEX,
FOLLOW"><link rel="shortcut icon" href=/favicons/favicon.ico><link
rel=apple-touch-icon href=/favicons/apple-touch-icon-180x180.png
sizes=180x180><link rel=icon type=image/png href=/favicons/favicon-16x16.png
sizes=16x16><link rel=icon type=image/png href=/favicons [...]
+<!doctype html><html lang=zh class=no-js><head><meta charset=utf-8><meta
name=viewport
content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta
name=generator content="Hugo 0.110.0"><meta name=ROBOTS content="INDEX,
FOLLOW"><link rel="shortcut icon" href=/favicons/favicon.ico><link
rel=apple-touch-icon href=/favicons/apple-touch-icon-180x180.png
sizes=180x180><link rel=icon type=image/png href=/favicons/favicon-16x16.png
sizes=16x16><link rel=icon type=image/png href=/favicons [...]
<link rel=preload
href=/scss/main.min.8637cb48af1c2672dbf22e4e83652c0cebe2d667477b88c8a046be155bcf7cfe.css
as=style><link
href=/scss/main.min.8637cb48af1c2672dbf22e4e83652c0cebe2d667477b88c8a046be155bcf7cfe.css
rel=stylesheet integrity><script src=/js/jquery-3.5.1.min.js
integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0="
crossorigin=anonymous></script>
<link rel=stylesheet
href=https://cdn.jsdelivr.net/npm/@docsearch/css@3></head><body
class=td-page><header><nav class="js-navbar-scroll navbar navbar-expand
navbar-dark flex-column flex-md-row td-navbar"><a class=navbar-brand
href=/zh/><span class=navbar-logo><svg xmlns="http://www.w3.org/2000/svg";
viewBox="0 0 321.39 78.54"><title id="title19">DUBBO LOGO</title><path
class="cls-1" d="M68.46 50.38c0 14.06 11.39 22.11 25.45 22.11s25.45-8.05
25.45-22.11V7.25H68.46zm21.24-28h8.6V31H89.7zm0 [...]
<a
href="https://github.com/apache/dubbo-website/new/master/content/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/class-check.md?filename=change-me.md&value=---%0Atitle%3A+%22Long+Page+Title%22%0AlinkTitle%3A+%22Short+Nav+Title%22%0Aweight%3A+100%0Adescription%3A+%3E-%0A+++++Page+description+for+heading+and+indexes.%0A---%0A%0A%23%23+Heading%0A%0AEdit+this+template+to+create+your+new+page.%0A%0A%2A+Give+it+a+good+name%2C+ending+in+%60.md%60+-+e.g.+%60getting-started.md%60%0A%
[...]
<a
href="https://github.com/apache/dubbo-website/issues/new?title=Dubbo%20%e7%b1%bb%e6%a3%80%e6%9f%a5%e6%9c%ba%e5%88%b6";
target=_blank><i class="fab fa-github fa-fw"></i> 提交文档问题</a>
-<a href=https://github.com/apache/dubbo/issues/new target=_blank><i class="fas
fa-tasks fa-fw"></i> 提交项目问题</a></div><div class=td-toc><nav
id=TableOfContents><ul><li><a href=#支持版本>支持版本</a></li><li><a
href=#适用范围>适用范围</a></li><li><a href=#配置方式>配置方式</a><ul><li><a href=#1-检查模式>1.
检查模式</a></li><li><a href=#2-serializable-接口检查>2. Serializable
接口检查</a></li><li><a href=#3-自动扫描相关配置>3. 自动扫描相关配置</a></li><li><a
href=#4-可信不可信类自定义配置>4. 可信/不可信类自定义配置</a></li></ul></li><li><a
href=#审计方式>审计方式</a></li></ul [...]
+<a href=https://github.com/apache/dubbo/issues/new target=_blank><i class="fas
fa-tasks fa-fw"></i> 提交项目问题</a></div><div class=td-toc><nav
id=TableOfContents><ul><li><a href=#特性说明>特性说明</a></li><li><a
href=#使用场景>使用场景</a></li><li><a href=#使用方式>使用方式</a><ul><li><a
href=#检查模式>检查模式</a></li><li><a href=#serializable-接口检查>Serializable
接口检查</a></li><li><a href=#自动扫描相关配置>自动扫描相关配置</a></li><li><a
href=#可信不可信类自定义配置>可信/不可信类自定义配置</a></li><li><a
href=#审计方式>审计方式</a></li></ul></li></ul></nav></div></aside [...]
+Dubbo >= 3.1.6</p><p>适用范围
+目前序列化检查支持 Hessian2、Fastjson2 序列化以及泛化调用。其他的序列化方式暂不支持。</p><h3
id=检查模式>检查模式</h3><p>检查模式分为三个级别:<code>STRICT</code> 严格检查,<code>WARN</code>
告警,<code>DISABLED</code> 禁用。
<code>STRICT</code> 严格检查:禁止反序列化所有不在允许序列化列表(白名单)中的类。
<code>WARN</code>
告警:仅禁止序列化所有在不允许序列化列表中(黑名单)的类,同时在反序列化不在允许序列化列表(白名单)中类的时候通过日志进行告警。
<code>DISABLED</code> 禁用:不进行任何检查。</p><p>3.1 版本中默认为 <code>WARN</code> 告警级别,3.2
版本中默认为 <code>STRICT</code> 严格检查级别。</p><p>通过 ApplicationConfig 配置:</p><div
class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-java data-lang=java><span
style=display:flex><span>ApplicationConfig applicationConfig <span
style=color:#719e07>=</span> <span style=color:#719e07>new</span>
ApplicationConfig<span style=color:#719e07 [...]
@@ -12,14 +14,14 @@
</span></span></code></pre></div><p>通过 Spring Properties / dubbo.properties
配置:</p><div class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-properties data-lang=properties><span
style=display:flex><span>dubbo.application.serialize-check-status<span
style=color:#719e07>=</span><span style=color:#2aa198>STRICT</span>
</span></span></code></pre></div><p>通过 System Property 配置:</p><div
class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-properties data-lang=properties><span
style=display:flex><span>-Ddubbo.application.serialize-check-status<span
style=color:#719e07>=</span><span style=color:#2aa198>STRICT</span>
</span></span></code></pre></div><p>配置成功后可以在日志中看到如下的提示:</p><div
class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-fallback data-lang=fallback><span style=display:flex><span>INFO
utils.SerializeSecurityManager: [DUBBO] Serialize check level: STRICT
-</span></span></code></pre></div><p>注:在同一个进程(Dubbo Framework
Model)下的多个应用如果同时配置不同的检查模式,最终会生效“最宽松”的级别。如两个 Spring Context 同时启动,一个配置为
<code>STRICT</code>,另外一个配置为 <code>WARN</code>,则最终生效 <code>WARN</code>
级别的配置。</p><h3 id=2-serializable-接口检查>2. Serializable 接口检查</h3><p>Serializable
接口检查模式分为两个级别:<code>true</code> 开启,<code>false</code> 关闭。开启检查后会拒绝反序列化所有未实现
<code>Serializable</code> 的类。</p><p>Dubbo 中默认配置为 <code>true</code>
开启检查。</p><p>通过 ApplicationConfig 配置:</p><div class=highlight><pre tabind [...]
+</span></span></code></pre></div><p>注:在同一个进程(Dubbo Framework
Model)下的多个应用如果同时配置不同的检查模式,最终会生效“最宽松”的级别。如两个 Spring Context 同时启动,一个配置为
<code>STRICT</code>,另外一个配置为 <code>WARN</code>,则最终生效 <code>WARN</code>
级别的配置。</p><h3 id=serializable-接口检查>Serializable 接口检查</h3><p>Serializable
接口检查模式分为两个级别:<code>true</code> 开启,<code>false</code> 关闭。开启检查后会拒绝反序列化所有未实现
<code>Serializable</code> 的类。</p><p>Dubbo 中默认配置为 <code>true</code>
开启检查。</p><p>通过 ApplicationConfig 配置:</p><div class=highlight><pre tabindex=0
[...]
</span></span><span style=display:flex><span>applicationConfig<span
style=color:#719e07>.</span>setCheckSerializable<span
style=color:#719e07>(</span><span style=color:#cb4b16>true</span><span
style=color:#719e07>);</span>
</span></span></code></pre></div><p>通过 Spring XML 配置:</p><div
class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-xml data-lang=xml><span style=display:flex><span><span
style=color:#268bd2><dubbo:application</span> name=<span
style=color:#2aa198>"demo-provider"</span> check-serializable=<span
style=color:#2aa198>"true"</span><span style=color:#268bd2>/></span>
</span></span></code></pre></div><p>通过 Spring Properties / dubbo.properties
配置:</p><div class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-properties data-lang=properties><span
style=display:flex><span>dubbo.application.check-serializable<span
style=color:#719e07>=</span><span style=color:#2aa198>true</span>
</span></span></code></pre></div><p>通过 System Property 配置:</p><div
class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-properties data-lang=properties><span
style=display:flex><span>-Ddubbo.application.check-serializable<span
style=color:#719e07>=</span><span style=color:#2aa198>true</span>
</span></span></code></pre></div><p>配置成功后可以在日志中看到如下的提示:</p><div
class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-fallback data-lang=fallback><span style=display:flex><span>INFO
utils.SerializeSecurityManager: [DUBBO] Serialize check serializable: true
</span></span></code></pre></div><p>注 1:在同一个进程(Dubbo Framework
Model)下的多个应用如果同时配置不同的 Serializable 接口检查模式,最终会生效“最宽松”的级别。如两个 Spring Context
同时启动,一个配置为 <code>true</code>,另外一个配置为 <code>false</code>,则最终生效
<code>false</code> 级别的配置。
-注 2:目前暂未打通 Hessian2、Fastjson2 内置的 <code>Serializable</code> 检查配置。对于泛化调用,仅需要配置
<code>dubbo.application.check-serializable</code> 即可修改检查配置;对于 Hessian2
序列化,需要同时修改 <code>dubbo.application.check-serializable</code> 和
<code>dubbo.hessian.allowNonSerializable�</code> 两个配置;对于 Fastjson2
序列化,目前暂不支持修改。</p><h3 id=3-自动扫描相关配置>3. 自动扫描相关配置</h3><p>Dubbo
类自动扫描机制共有两个配置项:<code>AutoTrustSerializeClass�</code> 是否启用自动扫描和
<code>TrustSerializeClassLevel�</code> 类信任层级。</p><p>简单来说,在开启类自动扫描之后,Dubbo 会通过
<code>Refere [...]
+注 2:目前暂未打通 Hessian2、Fastjson2 内置的 <code>Serializable</code> 检查配置。对于泛化调用,仅需要配置
<code>dubbo.application.check-serializable</code> 即可修改检查配置;对于 Hessian2
序列化,需要同时修改 <code>dubbo.application.check-serializable</code> 和
<code>dubbo.hessian.allowNonSerializable�</code> 两个配置;对于 Fastjson2
序列化,目前暂不支持修改。</p><h3 id=自动扫描相关配置>自动扫描相关配置</h3><p>Dubbo
类自动扫描机制共有两个配置项:<code>AutoTrustSerializeClass�</code> 是否启用自动扫描和
<code>TrustSerializeClassLevel�</code> 类信任层级。</p><p>简单来说,在开启类自动扫描之后,Dubbo 会通过
<code>ReferenceCo [...]
</span></span><span style=display:flex><span>applicationConfig<span
style=color:#719e07>.</span>setAutoTrustSerializeClass<span
style=color:#719e07>(</span><span style=color:#cb4b16>true</span><span
style=color:#719e07>);</span>
</span></span><span style=display:flex><span>applicationConfig<span
style=color:#719e07>.</span>setTrustSerializeClassLevel<span
style=color:#719e07>(</span><span style=color:#2aa198>3</span><span
style=color:#719e07>);</span>
</span></span></code></pre></div><p>通过 Spring XML 配置:</p><div
class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-xml data-lang=xml><span style=display:flex><span><span
style=color:#268bd2><dubbo:application</span> name=<span
style=color:#2aa198>"demo-provider"</span>
auto-trust-serialize-class=<span style=color:#2aa198>"true"</span>
trust-serialize-class-level=<span style=color:#2aa [...]
@@ -27,13 +29,13 @@
</span></span><span
style=display:flex><span>dubbo.application.trust-serialize-class-level<span
style=color:#719e07>=</span><span style=color:#2aa198>3</span>
</span></span></code></pre></div><p>通过 System Property 配置:</p><div
class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-properties data-lang=properties><span
style=display:flex><span>-Ddubbo.application.auto-trust-serialize-class<span
style=color:#719e07>=</span><span style=color:#2aa198>true</span>
</span></span><span
style=display:flex><span>-Ddubbo.application.trust-serialize-class-level<span
style=color:#719e07>=</span><span style=color:#2aa198>3</span>
-</span></span></code></pre></div><p>配置成功后可以通过 QoS
命令检查当前已经加载的可信类结果是否符合预期。</p><p>注:开启检查之后在启动的过程中会有一定的性能损耗。</p><h3
id=4-可信不可信类自定义配置>4. 可信/不可信类自定义配置</h3><p>除了 Dubbo
自动扫描类之外,也支持通过资源文件的方式配置可信/不可信类列表。</p><p>配置方式:在资源目录(resource)下定义以下文件。</p><div
class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-properties data-lang=properties><span
style=display:flex><span><span style=color:#586e75># security/serialize.allow
[...]
+</span></span></code></pre></div><p>配置成功后可以通过 QoS
命令检查当前已经加载的可信类结果是否符合预期。</p><p>注:开启检查之后在启动的过程中会有一定的性能损耗。</p><h3
id=可信不可信类自定义配置>可信/不可信类自定义配置</h3><p>除了 Dubbo
自动扫描类之外,也支持通过资源文件的方式配置可信/不可信类列表。</p><p>配置方式:在资源目录(resource)下定义以下文件。</p><div
class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-properties data-lang=properties><span
style=display:flex><span><span style=color:#586e75>#
security/serialize.allowlist</span>
</span></span><span style=display:flex><span>io.dubbo.test
</span></span></code></pre></div><div class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-properties data-lang=properties><span
style=display:flex><span><span style=color:#586e75>#
security/serialize.blockedlist</span>
</span></span><span style=display:flex><span>io.dubbo.block
</span></span></code></pre></div><p>配置成功以后可以在日志看到以下提示:</p><div
class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-properties data-lang=properties><span
style=display:flex><span>INFO <span
style=color:#2aa198>utils.SerializeSecurityConfigurator: [DUBBO] Read
serialize allow list from
file:/Users/albumen/code/dubbo-samples/99-integration/dubbo-samples-serialize-check/target/classes/security/serialize.a
[...]
</span></span><span style=display:flex><span>INFO <span
style=color:#2aa198>utils.SerializeSecurityConfigurator: [DUBBO] Read
serialize blocked list from
file:/Users/albumen/code/dubbo-samples/99-integration/dubbo-samples-serialize-check/target/classes/security/serialize.blockedlist</span>
-</span></span></code></pre></div><p>配置优先级为:用户自定义可信类 = 框架内置可信类 > 用户自定义不可信类 =
框架内置不可信类 > 自动类扫描可信类。</p><h2 id=审计方式>审计方式</h2><p>Dubbo 支持通过 QoS
命令实时查看当前的配置信息以及可信/不可信类列表。目前共支持两个命令:<code>serializeCheckStatus</code>
查看当前配置信息,<code>serializeWarnedClasses</code>
查看实时的告警列表。</p><ol><li><code>serializeCheckStatus</code>
查看当前配置信息</li></ol><p>通过控制台直接访问:</p><div class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-bash [...]
+</span></span></code></pre></div><p>配置优先级为:用户自定义可信类 = 框架内置可信类 > 用户自定义不可信类 =
框架内置不可信类 > 自动类扫描可信类。</p><h3 id=审计方式>审计方式</h3><p>Dubbo 支持通过 QoS
命令实时查看当前的配置信息以及可信/不可信类列表。目前共支持两个命令:<code>serializeCheckStatus</code>
查看当前配置信息,<code>serializeWarnedClasses</code>
查看实时的告警列表。</p><ol><li><code>serializeCheckStatus</code>
查看当前配置信息</li></ol><p>通过控制台直接访问:</p><div class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-bash [...]
</span></span><span style=display:flex><span>Trying 127.0.0.1...
</span></span><span style=display:flex><span>Connected to localhost.
</span></span><span style=display:flex><span>Escape character is <span
style=color:#2aa198>'^]'</span>.
@@ -75,8 +77,8 @@
</span></span><span style=display:flex><span>dubbo>
</span></span></code></pre></div><p>通过 http 请求 json 格式结果:</p><div
class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-bash data-lang=bash><span style=display:flex><span>> curl
http://127.0.0.1:22222/serializeWarnedClasses
</span></span><span style=display:flex><span><span
style=color:#719e07>{</span><span
style=color:#2aa198>"warnedClasses"</span>:<span
style=color:#719e07>[</span><span
style=color:#2aa198>"io.dubbo.test2.NotSerializable"</span>,<span
style=color:#2aa198>"org.apache.dubbo.samples.NotSerializable"</span>,<span
style=color:#2aa198>"io.dubbo.test.NotSerializable"</span>,<span
style=color:#2aa198>"io.dubbo.test2.OthersSerializable"</span><span
style=col [...]
-</span></span></code></pre></div><p>注:建议及时关注
<code>serializeWarnedClasses</code>
的结果,通过返回结果是否非空来判断是否受到攻击。</p><style>.feedback--answer{display:inline-block}.feedback--answer-no{margin-left:1em}.feedback--response{display:none;margin-top:1em}.feedback--response__visible{display:block}</style><div
class=d-print-none><h2 class=feedback--title>Feedback</h2><p
class=feedback--question>Was this page helpful?</p><button class="btn
btn-primary mb-4 feedback--answer feedback--answer-yes">Yes</button>
-<button class="btn btn-primary mb-4 feedback--answer
feedback--answer-no">No</button><p class="feedback--response
feedback--response-yes">Glad to hear it! Please <a
href=https://github.com/apache/dubbo-website/issues/new>tell us how we can
improve</a>.</p><p class="feedback--response feedback--response-no">Sorry to
hear that. Please <a
href=https://github.com/apache/dubbo-website/issues/new>tell us how we can
improve</a>.</p></div><script>const yesButton=document.querySelector(".feedback
[...]
+</span></span></code></pre></div><blockquote><p>建议及时关注
<code>serializeWarnedClasses</code>
的结果,通过返回结果是否非空来判断是否受到攻击。</p></blockquote><style>.feedback--answer{display:inline-block}.feedback--answer-no{margin-left:1em}.feedback--response{display:none;margin-top:1em}.feedback--response__visible{display:block}</style><div
class=d-print-none><h2 class=feedback--title>Feedback</h2><p
class=feedback--question>Was this page helpful?</p><button class="btn
btn-primary mb-4 feedback--answer feedback [...]
+<button class="btn btn-primary mb-4 feedback--answer
feedback--answer-no">No</button><p class="feedback--response
feedback--response-yes">Glad to hear it! Please <a
href=https://github.com/apache/dubbo-website/issues/new>tell us how we can
improve</a>.</p><p class="feedback--response feedback--response-no">Sorry to
hear that. Please <a
href=https://github.com/apache/dubbo-website/issues/new>tell us how we can
improve</a>.</p></div><script>const yesButton=document.querySelector(".feedback
[...]
<script src=/js/bootstrap.min.js
integrity=sha384-ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy
crossorigin=anonymous></script>
<script
src=/js/main.min.9f304eb79b67eb331e2b22923c361575b563af25c0fd56279cf20f3a2417cff4.js
integrity="sha256-nzBOt5tn6zMeKyKSPDYVdbVjryXA/VYnnPIPOiQXz/Q="
crossorigin=anonymous></script>
<script src=https://cdn.jsdelivr.net/npm/@docsearch/js@3></script>
diff --git
a/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/index.html
b/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/index.html
index bc8dd9566d..912ec89a72 100644
--- a/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/index.html
+++ b/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/index.html
@@ -3,7 +3,7 @@
<link rel=stylesheet
href=https://cdn.jsdelivr.net/npm/@docsearch/css@3></head><body
class=td-section><header><nav class="js-navbar-scroll navbar navbar-expand
navbar-dark flex-column flex-md-row td-navbar"><a class=navbar-brand
href=/zh/><span class=navbar-logo><svg xmlns="http://www.w3.org/2000/svg";
viewBox="0 0 321.39 78.54"><title id="title19">DUBBO LOGO</title><path
class="cls-1" d="M68.46 50.38c0 14.06 11.39 22.11 25.45 22.11s25.45-8.05
25.45-22.11V7.25H68.46zm21.24-28h8.6V31H89.7z [...]
<a
href="https://github.com/apache/dubbo-website/new/master/content/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/_index.md?filename=change-me.md&value=---%0Atitle%3A+%22Long+Page+Title%22%0AlinkTitle%3A+%22Short+Nav+Title%22%0Aweight%3A+100%0Adescription%3A+%3E-%0A+++++Page+description+for+heading+and+indexes.%0A---%0A%0A%23%23+Heading%0A%0AEdit+this+template+to+create+your+new+page.%0A%0A%2A+Give+it+a+good+name%2C+ending+in+%60.md%60+-+e.g.+%60getting-started.md%60%0A%2A+Ed
[...]
<a
href="https://github.com/apache/dubbo-website/issues/new?title=%e6%8f%90%e5%8d%87%e6%9c%8d%e5%8a%a1%e5%ae%89%e5%85%a8%e6%80%a7";
target=_blank><i class="fab fa-github fa-fw"></i> 提交文档问题</a>
-<a href=https://github.com/apache/dubbo/issues/new target=_blank><i class="fas
fa-tasks fa-fw"></i> 提交项目问题</a></div></aside><main class="col-12 col-md-9
col-xl-8 pl-md-5" role=main><nav aria-label=breadcrumb class="d-none d-md-block
d-print-none"><ol class="breadcrumb spb-1"><li class=breadcrumb-item><a
href=https://dubbo.apache.org/zh/docs3-v2/>SDK 手册</a></li><li
class=breadcrumb-item><a
href=https://dubbo.apache.org/zh/docs3-v2/java-sdk/>Java</a></li><li
class=breadcrumb-item><a href=h [...]
+<a href=https://github.com/apache/dubbo/issues/new target=_blank><i class="fas
fa-tasks fa-fw"></i> 提交项目问题</a></div></aside><main class="col-12 col-md-9
col-xl-8 pl-md-5" role=main><nav aria-label=breadcrumb class="d-none d-md-block
d-print-none"><ol class="breadcrumb spb-1"><li class=breadcrumb-item><a
href=https://dubbo.apache.org/zh/docs3-v2/>SDK 手册</a></li><li
class=breadcrumb-item><a
href=https://dubbo.apache.org/zh/docs3-v2/java-sdk/>Java</a></li><li
class=breadcrumb-item><a href=h [...]
<button class="btn btn-primary mb-4 feedback--answer
feedback--answer-no">No</button><p class="feedback--response
feedback--response-yes">Glad to hear it! Please <a
href=https://github.com/apache/dubbo-website/issues/new>tell us how we can
improve</a>.</p><p class="feedback--response feedback--response-no">Sorry to
hear that. Please <a
href=https://github.com/apache/dubbo-website/issues/new>tell us how we can
improve</a>.</p></div><script>const yesButton=document.querySelector(".feedback
[...]
<script src=/js/bootstrap.min.js
integrity=sha384-ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy
crossorigin=anonymous></script>
<script
src=/js/main.min.9f304eb79b67eb331e2b22923c361575b563af25c0fd56279cf20f3a2417cff4.js
integrity="sha256-nzBOt5tn6zMeKyKSPDYVdbVjryXA/VYnnPIPOiQXz/Q="
crossorigin=anonymous></script>
diff --git
a/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/index.xml
b/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/index.xml
index f6da5c2f03..2337a90b4c 100644
--- a/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/index.xml
+++ b/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/index.xml
@@ -1,10 +1,12 @@
<rss version="2.0"
xmlns:atom="http://www.w3.org/2005/Atom";><channel><title>Apache Dubbo –
提升服务安全性</title><link>https://dubbo.apache.org/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/</link><description>Recent
content in 提升服务安全性 on Apache Dubbo</description><generator>Hugo --
gohugo.io</generator><language>en-us</language><atom:link
href="https://dubbo.apache.org/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/index.xml";
rel="self" type="application/rss+xml"/><item> [...]
-<h2 id="支持版本">支持版本</h2>
-<p>Dubbo &gt;= 3.1.6</p>
-<h2 id="适用范围">适用范围</h2>
-<p>目前序列化检查支持 Hessian2、Fastjson2 序列化以及泛化调用。其他的序列化方式暂不支持。</p>
-<h2 id="配置方式">配置方式</h2>
-<h3 id="1-检查模式">1. 检查模式</h3>
+<h2 id="特性说明">特性说明</h2>
+<h2 id="使用场景">使用场景</h2>
+<h2 id="使用方式">使用方式</h2>
+<p>支持版本
+Dubbo &gt;= 3.1.6</p>
+<p>适用范围
+目前序列化检查支持 Hessian2、Fastjson2 序列化以及泛化调用。其他的序列化方式暂不支持。</p>
+<h3 id="检查模式">检查模式</h3>
<p>检查模式分为三个级别:<code>STRICT</code> 严格检查,<code>WARN</code>
告警,<code>DISABLED</code> 禁用。
<code>STRICT</code> 严格检查:禁止反序列化所有不在允许序列化列表(白名单)中的类。
<code>WARN</code>
告警:仅禁止序列化所有在不允许序列化列表中(黑名单)的类,同时在反序列化不在允许序列化列表(白名单)中类的时候通过日志进行告警。
@@ -22,7 +24,7 @@
</span></span></code></pre></div><p>配置成功后可以在日志中看到如下的提示:</p>
<div class="highlight"><pre tabindex="0"
style="color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-fallback" data-lang="fallback"><span
style="display:flex;"><span>INFO utils.SerializeSecurityManager: [DUBBO]
Serialize check level: STRICT
</span></span></code></pre></div><p>注:在同一个进程(Dubbo Framework
Model)下的多个应用如果同时配置不同的检查模式,最终会生效“最宽松”的级别。如两个 Spring Context 同时启动,一个配置为
<code>STRICT</code>,另外一个配置为 <code>WARN</code>,则最终生效
<code>WARN</code> 级别的配置。</p>
-<h3 id="2-serializable-接口检查">2. Serializable 接口检查</h3>
+<h3 id="serializable-接口检查">Serializable 接口检查</h3>
<p>Serializable 接口检查模式分为两个级别:<code>true</code>
开启,<code>false</code> 关闭。开启检查后会拒绝反序列化所有未实现
<code>Serializable</code> 的类。</p>
<p>Dubbo 中默认配置为 <code>true</code> 开启检查。</p>
<p>通过 ApplicationConfig 配置:</p>
@@ -38,7 +40,7 @@
<div class="highlight"><pre tabindex="0"
style="color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-fallback" data-lang="fallback"><span
style="display:flex;"><span>INFO utils.SerializeSecurityManager: [DUBBO]
Serialize check serializable: true
</span></span></code></pre></div><p>注 1:在同一个进程(Dubbo
Framework Model)下的多个应用如果同时配置不同的 Serializable 接口检查模式,最终会生效“最宽松”的级别。如两个 Spring
Context 同时启动,一个配置为 <code>true</code>,另外一个配置为
<code>false</code>,则最终生效 <code>false</code> 级别的配置。
注 2:目前暂未打通 Hessian2、Fastjson2 内置的 <code>Serializable</code>
检查配置。对于泛化调用,仅需要配置 <code>dubbo.application.check-serializable</code>
即可修改检查配置;对于 Hessian2 序列化,需要同时修改
<code>dubbo.application.check-serializable</code> 和
<code>dubbo.hessian.allowNonSerializable�</code> 两个配置;对于 Fastjson2
序列化,目前暂不支持修改。</p>
-<h3 id="3-自动扫描相关配置">3. 自动扫描相关配置</h3>
+<h3 id="自动扫描相关配置">自动扫描相关配置</h3>
<p>Dubbo 类自动扫描机制共有两个配置项:<code>AutoTrustSerializeClass�</code>
是否启用自动扫描和 <code>TrustSerializeClassLevel�</code> 类信任层级。</p>
<p>简单来说,在开启类自动扫描之后,Dubbo 会通过 <code>ReferenceConfig</code> 和
<code>ServiceConfig</code> 自动扫描接口所有可能会用到的相关类,并且递归信任其所在的 package。
<code>TrustSerializeClassLevel�</code> 类信任层级可以用来限制最终信任的 package 层级。如
<code>io.dubbo.test.pojo.User</code> 在
<code>TrustSerializeClassLevel�</code> 配置为 <code>3</code> 的时候,最终会信任
<code>io.dubbo.test</code> 这个 package 下所有的类。</p>
<p>Dubbo 中默认配置 <code>AutoTrustSerializeClass�</code> 为
<code>true</code> 启用扫描, <code>TrustSerializeClassLevel�</code> 为
<code>3</code>。</p>
@@ -56,7 +58,7 @@
</span></span><span
style="display:flex;"><span>-Ddubbo.application.trust-serialize-class-level<span
style="color:#719e07">=</span><span style="color:#2aa198">3</span>
</span></span></code></pre></div><p>配置成功后可以通过 QoS
命令检查当前已经加载的可信类结果是否符合预期。</p>
<p>注:开启检查之后在启动的过程中会有一定的性能损耗。</p>
-<h3 id="4-可信不可信类自定义配置">4. 可信/不可信类自定义配置</h3>
+<h3 id="可信不可信类自定义配置">可信/不可信类自定义配置</h3>
<p>除了 Dubbo 自动扫描类之外,也支持通过资源文件的方式配置可信/不可信类列表。</p>
<p>配置方式:在资源目录(resource)下定义以下文件。</p>
<div class="highlight"><pre tabindex="0"
style="color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-properties" data-lang="properties"><span
style="display:flex;"><span><span style="color:#586e75">#
security/serialize.allowlist</span>
@@ -67,7 +69,7 @@
<div class="highlight"><pre tabindex="0"
style="color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-properties" data-lang="properties"><span
style="display:flex;"><span>INFO <span
style="color:#2aa198">utils.SerializeSecurityConfigurator: [DUBBO] Read
serialize allow list from
file:/Users/albumen/code/dubbo-samples/99-integration/dubbo-samples-serialize-check/target/classes/security/serialize.allowlist</span>
</span></span><span style="display:flex;"><span>INFO <span
style="color:#2aa198">utils.SerializeSecurityConfigurator: [DUBBO] Read
serialize blocked list from
file:/Users/albumen/code/dubbo-samples/99-integration/dubbo-samples-serialize-check/target/classes/security/serialize.blockedlist</span>
</span></span></code></pre></div><p>配置优先级为:用户自定义可信类 =
框架内置可信类 &gt; 用户自定义不可信类 = 框架内置不可信类 &gt; 自动类扫描可信类。</p>
-<h2 id="审计方式">审计方式</h2>
+<h3 id="审计方式">审计方式</h3>
<p>Dubbo 支持通过 QoS
命令实时查看当前的配置信息以及可信/不可信类列表。目前共支持两个命令:<code>serializeCheckStatus</code>
查看当前配置信息,<code>serializeWarnedClasses</code> 查看实时的告警列表。</p>
<ol>
<li><code>serializeCheckStatus</code> 查看当前配置信息</li>
@@ -121,14 +123,18 @@
</span></span></code></pre></div><p>通过 http 请求 json
格式结果:</p>
<div class="highlight"><pre tabindex="0"
style="color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-bash" data-lang="bash"><span
style="display:flex;"><span>&gt; curl
http://127.0.0.1:22222/serializeWarnedClasses
</span></span><span style="display:flex;"><span><span
style="color:#719e07">{</span><span
style="color:#2aa198">&#34;warnedClasses&#34;</span>:<span
style="color:#719e07">[</span><span
style="color:#2aa198">&#34;io.dubbo.test2.NotSerializable&#34;</span>,<span
style="color:#2aa198">&#34;org.apache.dubbo.samples.NotSerializable&#34;</span>,<span
style="color:#2aa198">&#34;io.dubbo.test.NotSerializable&#34;</sp
[...]
-</span></span></code></pre></div><p>注:建议及时关注
<code>serializeWarnedClasses</code>
的结果,通过返回结果是否非空来判断是否受到攻击。</p></description></item><item><title>Docs3-V2:
TLS支持</title><link>https://dubbo.apache.org/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/tls/</link><pubDate>Mon,
01 Jan 0001 00:00:00
+0000</pubDate><guid>https://dubbo.apache.org/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/tls/</guid><description>
+</span></span></code></pre></div><blockquote>
+<p>建议及时关注 <code>serializeWarnedClasses</code>
的结果,通过返回结果是否非空来判断是否受到攻击。</p>
+</blockquote></description></item><item><title>Docs3-V2:
TLS支持</title><link>https://dubbo.apache.org/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/tls/</link><pubDate>Mon,
01 Jan 0001 00:00:00
+0000</pubDate><guid>https://dubbo.apache.org/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/tls/</guid><description>
<h2 id="特性说明">特性说明</h2>
<p>内置的 Dubbo Netty Server 和新引入的 gRPC 协议都提供了基于 TLS 的安全链路传输机制。</p>
<p>TLS 的配置都有统一的入口。</p>
<h2 id="使用场景">使用场景</h2>
<p>对全链路有加密需求的用户可以使用 TLS。</p>
-<h2 id="参考用例">参考用例</h2>
-<p><a
href="https://github.com/apache/dubbo-samples/tree/master/4-governance/dubbo-samples-ssl";>https://github.com/apache/dubbo-samples/tree/master/dubbo-samples-ssl</a></p>
+<blockquote>
+<p>参考用例
+<a
href="https://github.com/apache/dubbo-samples/tree/master/4-governance/dubbo-samples-ssl";>https://github.com/apache/dubbo-samples/tree/master/dubbo-samples-ssl</a></p>
+</blockquote>
<h2 id="使用方式">使用方式</h2>
<h3 id="provider-端">Provider 端</h3>
<div class="highlight"><pre tabindex="0"
style="color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-java" data-lang="java"><span
style="display:flex;"><span>SslConfig sslConfig <span
style="color:#719e07">=</span> <span style="color:#719e07">new</span>
SslConfig<span style="color:#719e07">();</span>
diff --git
a/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/tls/index.html
b/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/tls/index.html
index 4c8eed6052..90de28ce02 100644
--- a/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/tls/index.html
+++ b/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/tls/index.html
@@ -1,9 +1,10 @@
-<!doctype html><html lang=zh class=no-js><head><meta charset=utf-8><meta
name=viewport
content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta
name=generator content="Hugo 0.110.0"><meta name=ROBOTS content="INDEX,
FOLLOW"><link rel="shortcut icon" href=/favicons/favicon.ico><link
rel=apple-touch-icon href=/favicons/apple-touch-icon-180x180.png
sizes=180x180><link rel=icon type=image/png href=/favicons/favicon-16x16.png
sizes=16x16><link rel=icon type=image/png href=/favicons [...]
+<!doctype html><html lang=zh class=no-js><head><meta charset=utf-8><meta
name=viewport
content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta
name=generator content="Hugo 0.110.0"><meta name=ROBOTS content="INDEX,
FOLLOW"><link rel="shortcut icon" href=/favicons/favicon.ico><link
rel=apple-touch-icon href=/favicons/apple-touch-icon-180x180.png
sizes=180x180><link rel=icon type=image/png href=/favicons/favicon-16x16.png
sizes=16x16><link rel=icon type=image/png href=/favicons [...]
<link rel=preload
href=/scss/main.min.8637cb48af1c2672dbf22e4e83652c0cebe2d667477b88c8a046be155bcf7cfe.css
as=style><link
href=/scss/main.min.8637cb48af1c2672dbf22e4e83652c0cebe2d667477b88c8a046be155bcf7cfe.css
rel=stylesheet integrity><script src=/js/jquery-3.5.1.min.js
integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0="
crossorigin=anonymous></script>
<link rel=stylesheet
href=https://cdn.jsdelivr.net/npm/@docsearch/css@3></head><body
class=td-page><header><nav class="js-navbar-scroll navbar navbar-expand
navbar-dark flex-column flex-md-row td-navbar"><a class=navbar-brand
href=/zh/><span class=navbar-logo><svg xmlns="http://www.w3.org/2000/svg";
viewBox="0 0 321.39 78.54"><title id="title19">DUBBO LOGO</title><path
class="cls-1" d="M68.46 50.38c0 14.06 11.39 22.11 25.45 22.11s25.45-8.05
25.45-22.11V7.25H68.46zm21.24-28h8.6V31H89.7zm0 [...]
<a
href="https://github.com/apache/dubbo-website/new/master/content/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/tls.md?filename=change-me.md&value=---%0Atitle%3A+%22Long+Page+Title%22%0AlinkTitle%3A+%22Short+Nav+Title%22%0Aweight%3A+100%0Adescription%3A+%3E-%0A+++++Page+description+for+heading+and+indexes.%0A---%0A%0A%23%23+Heading%0A%0AEdit+this+template+to+create+your+new+page.%0A%0A%2A+Give+it+a+good+name%2C+ending+in+%60.md%60+-+e.g.+%60getting-started.md%60%0A%2A+Edit+
[...]
<a
href="https://github.com/apache/dubbo-website/issues/new?title=TLS%e6%94%af%e6%8c%81";
target=_blank><i class="fab fa-github fa-fw"></i> 提交文档问题</a>
-<a href=https://github.com/apache/dubbo/issues/new target=_blank><i class="fas
fa-tasks fa-fw"></i> 提交项目问题</a></div><div class=td-toc><nav
id=TableOfContents><ul><li><a href=#特性说明>特性说明</a></li><li><a
href=#使用场景>使用场景</a></li><li><a href=#参考用例>参考用例</a></li><li><a
href=#使用方式>使用方式</a><ul><li><a href=#provider-端>Provider 端</a></li><li><a
href=#consumer-端>Consumer 端</a></li></ul></li></ul></nav></div></aside><main
class="col-12 col-md-9 col-xl-8 pl-md-5" role=main><nav aria-label=breadcrumb
cl [...]
+<a href=https://github.com/apache/dubbo/issues/new target=_blank><i class="fas
fa-tasks fa-fw"></i> 提交项目问题</a></div><div class=td-toc><nav
id=TableOfContents><ul><li><a href=#特性说明>特性说明</a></li><li><a
href=#使用场景>使用场景</a></li><li><a href=#使用方式>使用方式</a><ul><li><a
href=#provider-端>Provider 端</a></li><li><a href=#consumer-端>Consumer
端</a></li></ul></li></ul></nav></div></aside><main class="col-12 col-md-9
col-xl-8 pl-md-5" role=main><nav aria-label=breadcrumb class="d-none d-md-block
d-print- [...]
+<a
href=https://github.com/apache/dubbo-samples/tree/master/4-governance/dubbo-samples-ssl>https://github.com/apache/dubbo-samples/tree/master/dubbo-samples-ssl</a></p></blockquote><h2
id=使用方式>使用方式</h2><h3 id=provider-端>Provider 端</h3><div class=highlight><pre
tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-java data-lang=java><span style=display:flex><span>SslConfig
sslConfig <span style=color:#719e07>=</span> <span s [...]
</span></span><span style=display:flex><span>sslConfig<span
style=color:#719e07>.</span>setServerKeyCertChainPath<span
style=color:#719e07>(</span><span style=color:#2aa198>"path to
cert"</span><span style=color:#719e07>);</span>
</span></span><span style=display:flex><span>sslConfig<span
style=color:#719e07>.</span>setServerPrivateKeyPath<span
style=color:#719e07>(</span>args<span style=color:#719e07>[</span><span
style=color:#2aa198>1</span><span style=color:#719e07>]);</span>
</span></span><span style=display:flex><span><span style=color:#586e75>//
如果开启双向 cert 认证
@@ -21,7 +22,7 @@
</span></span><span style=display:flex><span> sslConfig<span
style=color:#719e07>.</span>setClientPrivateKeyPath<span
style=color:#719e07>(</span>args<span style=color:#719e07>[</span><span
style=color:#2aa198>2</span><span style=color:#719e07>]);</span>
</span></span><span style=display:flex><span><span style=color:#719e07>}</span>
</span></span></code></pre></div><p>为尽可能保证应用启动的灵活性,TLS Cert 的指定还能通过 -D
参数或环境变量等方式来在启动阶段根据部署环境动态指定,参考 Dubbo <a
href=/zh/docs/advanced/config-rule>配置读取规则</a></p><blockquote><p>在服务调用的安全性上,Dubbo
在后续的版本中会持续投入,其中服务发现/调用的鉴权机制预计在接下来的版本中就会和大家见面。</p></blockquote><style>.feedback--answer{display:inline-block}.feedback--answer-no{margin-left:1em}.feedback--response{display:none;margin-top:1em}.feedback--response__visible{display:block}</style><div
class=d-print-none><h2 class=feedback--title>Feedbac [...]
-<button class="btn btn-primary mb-4 feedback--answer
feedback--answer-no">No</button><p class="feedback--response
feedback--response-yes">Glad to hear it! Please <a
href=https://github.com/apache/dubbo-website/issues/new>tell us how we can
improve</a>.</p><p class="feedback--response feedback--response-no">Sorry to
hear that. Please <a
href=https://github.com/apache/dubbo-website/issues/new>tell us how we can
improve</a>.</p></div><script>const yesButton=document.querySelector(".feedback
[...]
+<button class="btn btn-primary mb-4 feedback--answer
feedback--answer-no">No</button><p class="feedback--response
feedback--response-yes">Glad to hear it! Please <a
href=https://github.com/apache/dubbo-website/issues/new>tell us how we can
improve</a>.</p><p class="feedback--response feedback--response-no">Sorry to
hear that. Please <a
href=https://github.com/apache/dubbo-website/issues/new>tell us how we can
improve</a>.</p></div><script>const yesButton=document.querySelector(".feedback
[...]
<script src=/js/bootstrap.min.js
integrity=sha384-ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy
crossorigin=anonymous></script>
<script
src=/js/main.min.9f304eb79b67eb331e2b22923c361575b563af25c0fd56279cf20f3a2417cff4.js
integrity="sha256-nzBOt5tn6zMeKyKSPDYVdbVjryXA/VYnnPIPOiQXz/Q="
crossorigin=anonymous></script>
<script src=https://cdn.jsdelivr.net/npm/@docsearch/js@3></script>
diff --git
a/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/token-authorization/index.html
b/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/token-authorization/index.html
index d258eaa8c4..a8c449fc53 100644
---
a/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/token-authorization/index.html
+++
b/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/token-authorization/index.html
@@ -1,9 +1,9 @@
-<!doctype html><html lang=zh class=no-js><head><meta charset=utf-8><meta
name=viewport
content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta
name=generator content="Hugo 0.110.0"><meta name=ROBOTS content="INDEX,
FOLLOW"><link rel="shortcut icon" href=/favicons/favicon.ico><link
rel=apple-touch-icon href=/favicons/apple-touch-icon-180x180.png
sizes=180x180><link rel=icon type=image/png href=/favicons/favicon-16x16.png
sizes=16x16><link rel=icon type=image/png href=/favicons [...]
+<!doctype html><html lang=zh class=no-js><head><meta charset=utf-8><meta
name=viewport
content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta
name=generator content="Hugo 0.110.0"><meta name=ROBOTS content="INDEX,
FOLLOW"><link rel="shortcut icon" href=/favicons/favicon.ico><link
rel=apple-touch-icon href=/favicons/apple-touch-icon-180x180.png
sizes=180x180><link rel=icon type=image/png href=/favicons/favicon-16x16.png
sizes=16x16><link rel=icon type=image/png href=/favicons [...]
<link rel=preload
href=/scss/main.min.8637cb48af1c2672dbf22e4e83652c0cebe2d667477b88c8a046be155bcf7cfe.css
as=style><link
href=/scss/main.min.8637cb48af1c2672dbf22e4e83652c0cebe2d667477b88c8a046be155bcf7cfe.css
rel=stylesheet integrity><script src=/js/jquery-3.5.1.min.js
integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0="
crossorigin=anonymous></script>
<link rel=stylesheet
href=https://cdn.jsdelivr.net/npm/@docsearch/css@3></head><body
class=td-page><header><nav class="js-navbar-scroll navbar navbar-expand
navbar-dark flex-column flex-md-row td-navbar"><a class=navbar-brand
href=/zh/><span class=navbar-logo><svg xmlns="http://www.w3.org/2000/svg";
viewBox="0 0 321.39 78.54"><title id="title19">DUBBO LOGO</title><path
class="cls-1" d="M68.46 50.38c0 14.06 11.39 22.11 25.45 22.11s25.45-8.05
25.45-22.11V7.25H68.46zm21.24-28h8.6V31H89.7zm0 [...]
<a
href="https://github.com/apache/dubbo-website/new/master/content/zh/docs3-v2/java-sdk/advanced-features-and-usage/security/token-authorization.md?filename=change-me.md&value=---%0Atitle%3A+%22Long+Page+Title%22%0AlinkTitle%3A+%22Short+Nav+Title%22%0Aweight%3A+100%0Adescription%3A+%3E-%0A+++++Page+description+for+heading+and+indexes.%0A---%0A%0A%23%23+Heading%0A%0AEdit+this+template+to+create+your+new+page.%0A%0A%2A+Give+it+a+good+name%2C+ending+in+%60.md%60+-+e.g.+%60getting-started.m
[...]
<a
href="https://github.com/apache/dubbo-website/issues/new?title=%e6%9d%83%e9%99%90%e6%8e%a7%e5%88%b6";
target=_blank><i class="fab fa-github fa-fw"></i> 提交文档问题</a>
-<a href=https://github.com/apache/dubbo/issues/new target=_blank><i class="fas
fa-tasks fa-fw"></i> 提交项目问题</a></div><div class=td-toc><nav
id=TableOfContents><ul><li><a href=#特性说明>特性说明</a></li><li><a
href=#使用场景>使用场景</a></li><li><a href=#使用方式>使用方式</a><ul><li><a
href=#全局设置>全局设置</a></li><li><a
href=#服务级别设置>服务级别设置</a></li></ul></li></ul></nav></div></aside><main
class="col-12 col-md-9 col-xl-8 pl-md-5" role=main><nav aria-label=breadcrumb
class="d-none d-md-block d-print-none"><ol class="bre [...]
+<a href=https://github.com/apache/dubbo/issues/new target=_blank><i class="fas
fa-tasks fa-fw"></i> 提交项目问题</a></div><div class=td-toc><nav
id=TableOfContents><ul><li><a href=#特性说明>特性说明</a></li><li><a
href=#使用场景>使用场景</a></li><li><a href=#使用方式>使用方式</a><ul><li><a
href=#全局设置>全局设置</a></li><li><a
href=#服务级别设置>服务级别设置</a></li></ul></li></ul></nav></div></aside><main
class="col-12 col-md-9 col-xl-8 pl-md-5" role=main><nav aria-label=breadcrumb
class="d-none d-md-block d-print-none"><ol class="bre [...]
可以防止消费者绕过注册中心访问提供者,
另外通过注册中心可灵活改变授权方式,而不需修改或升级提供者。</p><p><img src=/imgs/user/dubbo-token.jpg
alt=/user-guide/images/dubbo-token.jpg></p><h2
id=使用场景>使用场景</h2><p>在一定程度上实现客户端和服务端的可信鉴权,避免任意客户端都可以访问,降低出现安全问题的风险。</p><h2
id=使用方式>使用方式</h2><h3 id=全局设置>全局设置</h3><p>开启令牌验证</p><div class=highlight><pre
tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-xml data-lang=xml><span style=display:flex><span><span
style=color:#586e75><!--随机token令牌,使用UUID生成--& [...]
</span></span><span style=display:flex><span><span
style=color:#268bd2><dubbo:provider</span> token=<span
style=color:#2aa198>"true"</span> <span style=color:#268bd2>/></span>
@@ -14,7 +14,7 @@
</span></span></code></pre></div><p>或</p><div class=highlight><pre tabindex=0
style=color:#93a1a1;background-color:#002b36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-xml data-lang=xml><span style=display:flex><span><span
style=color:#586e75><!--固定token令牌,相当于密码--></span>
</span></span><span style=display:flex><span><span
style=color:#268bd2><dubbo:service</span> interface=<span
style=color:#2aa198>"com.foo.BarService"</span> token=<span
style=color:#2aa198>"123456"</span> <span
style=color:#268bd2>/></span>
</span></span></code></pre></div><style>.feedback--answer{display:inline-block}.feedback--answer-no{margin-left:1em}.feedback--response{display:none;margin-top:1em}.feedback--response__visible{display:block}</style><div
class=d-print-none><h2 class=feedback--title>Feedback</h2><p
class=feedback--question>Was this page helpful?</p><button class="btn
btn-primary mb-4 feedback--answer feedback--answer-yes">Yes</button>
-<button class="btn btn-primary mb-4 feedback--answer
feedback--answer-no">No</button><p class="feedback--response
feedback--response-yes">Glad to hear it! Please <a
href=https://github.com/apache/dubbo-website/issues/new>tell us how we can
improve</a>.</p><p class="feedback--response feedback--response-no">Sorry to
hear that. Please <a
href=https://github.com/apache/dubbo-website/issues/new>tell us how we can
improve</a>.</p></div><script>const yesButton=document.querySelector(".feedback
[...]
+<button class="btn btn-primary mb-4 feedback--answer
feedback--answer-no">No</button><p class="feedback--response
feedback--response-yes">Glad to hear it! Please <a
href=https://github.com/apache/dubbo-website/issues/new>tell us how we can
improve</a>.</p><p class="feedback--response feedback--response-no">Sorry to
hear that. Please <a
href=https://github.com/apache/dubbo-website/issues/new>tell us how we can
improve</a>.</p></div><script>const yesButton=document.querySelector(".feedback
[...]
<script src=/js/bootstrap.min.js
integrity=sha384-ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy
crossorigin=anonymous></script>
<script
src=/js/main.min.9f304eb79b67eb331e2b22923c361575b563af25c0fd56279cf20f3a2417cff4.js
integrity="sha256-nzBOt5tn6zMeKyKSPDYVdbVjryXA/VYnnPIPOiQXz/Q="
crossorigin=anonymous></script>
<script src=https://cdn.jsdelivr.net/npm/@docsearch/js@3></script>
diff --git a/zh/sitemap.xml b/zh/sitemap.xml
index a44229aa81..0d532e931d 100644
--- a/zh/sitemap.xml
+++ b/zh/sitemap.xml
@@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";
xmlns:xhtml="http://www.w3.org/1999/xhtml";><url><loc>https://dubbo.apache.org/zh/docs3-v2/java-sdk/faq/0/</loc><lastmod>2022-08-01T10:49:31+08:00</lastmod><changefreq>monthly</changefreq><priority>0.5</priority><xhtml:link
rel="alternate" hreflang="en"
href="https://dubbo.apache.org/en/docs3-v2/java-sdk/faq/0/"/><xhtml:link
rel="alternate" hreflang="zh" href="https://dubbo.a [...]
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";
xmlns:xhtml="http://www.w3.org/1999/xhtml";><url><loc>https://dubbo.apache.org/zh/docs3-v2/java-sdk/faq/0/</loc><lastmod>2022-08-01T10:49:31+08:00</lastmod><changefreq>monthly</changefreq><priority>0.5</priority><xhtml:link
rel="alternate" hreflang="en"
href="https://dubbo.apache.org/en/docs3-v2/java-sdk/faq/0/"/><xhtml:link
rel="alternate" hreflang="zh" href="https://dubbo.a [...]
\ No newline at end of file
