[dubbo] branch 3.2 updated: Fix allow non-serializable check (#12267)

Tue, 16 May 2023 04:02:28 -0700 

This is an automated email from the ASF dual-hosted git repository.

albumenj pushed a commit to branch 3.2
in repository https://gitbox.apache.org/repos/asf/dubbo.git


The following commit(s) were added to refs/heads/3.2 by this push:
     new 906517149b Fix allow non-serializable check (#12267)
906517149b is described below

commit 906517149b4fd2438b7eb313832cbdae8dda2728
Author: Albumen Kevin <[email protected]>
AuthorDate: Tue May 16 19:01:32 2023 +0800

    Fix allow non-serializable check (#12267)
    
    * Fix allow non-serializable check
    
    * opt code
    
    * opt code
    
    ---------
    
    Co-authored-by: songxiaosheng <[email protected]>
---
 .../hessian2/Hessian2SerializerFactory.java          | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git 
a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/org/apache/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java
 
b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/org/apache/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java
index 0d886b9d39..893e1a59c6 100644
--- 
a/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/org/apache/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java
+++ 
b/dubbo-serialization/dubbo-serialization-hessian2/src/main/java/org/apache/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java
@@ -51,10 +51,7 @@ public class Hessian2SerializerFactory extends 
SerializerFactory {
             // ignore
         }
 
-        if (!Serializable.class.isAssignableFrom(cl)
-            && (!isAllowNonSerializable() || 
defaultSerializeClassChecker.isCheckSerializable())) {
-            throw new IllegalStateException("Serialized class " + cl.getName() 
+ " must implement java.io.Serializable");
-        }
+        checkSerializable(cl);
 
         return new JavaSerializer(cl, getClassLoader());
     }
@@ -68,11 +65,20 @@ public class Hessian2SerializerFactory extends 
SerializerFactory {
             // ignore
         }
 
+        checkSerializable(cl);
+
+        return new JavaDeserializer(cl);
+    }
+
+    private void checkSerializable(Class<?> cl) {
+        // If class is Serializable => ok
+        // If class has not implement Serializable
+        //      If hessian check serializable => fail
+        //      If dubbo class checker check serializable => fail
+        //      If both hessian and dubbo class checker allow non-serializable 
=> ok
         if (!Serializable.class.isAssignableFrom(cl)
-            && (!isAllowNonSerializable() || 
!defaultSerializeClassChecker.isCheckSerializable())) {
+            && (!isAllowNonSerializable() || 
defaultSerializeClassChecker.isCheckSerializable())) {
             throw new IllegalStateException("Serialized class " + cl.getName() 
+ " must implement java.io.Serializable");
         }
-
-        return new JavaDeserializer(cl);
     }
 }

Reply via email to