This is an automated email from the ASF dual-hosted git repository.
albumenj pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/dubbo.git
The following commit(s) were added to refs/heads/3.1 by this push:
new 0ad7e4041e Fix hessian2 serializable check (#11573)
0ad7e4041e is described below
commit 0ad7e4041edcbfaed1ab9e38c2bc36457dab3d87
Author: Albumen Kevin <[email protected]>
AuthorDate: Wed Feb 15 13:35:35 2023 +0800
Fix hessian2 serializable check (#11573)
---
.../hessian2/Hessian2SerializerFactory.java | 24 ++++++++++++++++------
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git
a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/org/apache/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java
b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/org/apache/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java
index 8b26cbf411..099c5e9766 100644
---
a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/org/apache/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java
+++
b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/org/apache/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java
@@ -16,8 +16,6 @@
*/
package org.apache.dubbo.common.serialize.hessian2;
-import java.io.Serializable;
-
import org.apache.dubbo.common.utils.DefaultSerializeClassChecker;
import com.alibaba.com.caucho.hessian.io.Deserializer;
@@ -26,6 +24,8 @@ import com.alibaba.com.caucho.hessian.io.JavaSerializer;
import com.alibaba.com.caucho.hessian.io.Serializer;
import com.alibaba.com.caucho.hessian.io.SerializerFactory;
+import java.io.Serializable;
+
public class Hessian2SerializerFactory extends SerializerFactory {
private final DefaultSerializeClassChecker defaultSerializeClassChecker;
@@ -44,9 +44,15 @@ public class Hessian2SerializerFactory extends
SerializerFactory {
if (_defaultSerializer != null)
return _defaultSerializer;
+ try {
+ // pre-check if class is allow
+ defaultSerializeClassChecker.loadClass(getClassLoader(),
cl.getName());
+ } catch (ClassNotFoundException e) {
+ // ignore
+ }
+
if (!Serializable.class.isAssignableFrom(cl)
- && !isAllowNonSerializable()
- && !defaultSerializeClassChecker.isCheckSerializable()) {
+ && (!isAllowNonSerializable() ||
!defaultSerializeClassChecker.isCheckSerializable())) {
throw new IllegalStateException("Serialized class " + cl.getName()
+ " must implement java.io.Serializable");
}
@@ -55,9 +61,15 @@ public class Hessian2SerializerFactory extends
SerializerFactory {
@Override
protected Deserializer getDefaultDeserializer(Class cl) {
+ try {
+ // pre-check if class is allow
+ defaultSerializeClassChecker.loadClass(getClassLoader(),
cl.getName());
+ } catch (ClassNotFoundException e) {
+ // ignore
+ }
+
if (!Serializable.class.isAssignableFrom(cl)
- && !isAllowNonSerializable()
- && !defaultSerializeClassChecker.isCheckSerializable()) {
+ && (!isAllowNonSerializable() ||
!defaultSerializeClassChecker.isCheckSerializable())) {
throw new IllegalStateException("Serialized class " + cl.getName()
+ " must implement java.io.Serializable");
}
