This is an automated email from the ASF dual-hosted git repository.
albumenj pushed a commit to branch 3.2
in repository https://gitbox.apache.org/repos/asf/dubbo.git
The following commit(s) were added to refs/heads/3.2 by this push:
new 16daf9527b Skip scan object class (#12388)
16daf9527b is described below
commit 16daf9527b1565a1a07f132067cf90e94e8d7add
Author: Albumen Kevin <[email protected]>
AuthorDate: Wed May 24 15:09:39 2023 +0800
Skip scan object class (#12388)
* Skip scan object class
* Skip scan object class
---
.../apache/dubbo/common/utils/SerializeSecurityConfigurator.java | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git
a/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeSecurityConfigurator.java
b/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeSecurityConfigurator.java
index 629443142d..ba7227a1ac 100644
---
a/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeSecurityConfigurator.java
+++
b/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeSecurityConfigurator.java
@@ -271,6 +271,15 @@ public class SerializeSecurityConfigurator implements
ScopeClassLoaderListener<M
addToAllow(clazz.getName());
+ if (ClassUtils.isSimpleType(clazz) || clazz.isPrimitive() ||
clazz.isArray()) {
+ return;
+ }
+ String className = clazz.getName();
+ if (className.startsWith("java.") || className.startsWith("javax.") ||
className.startsWith("com.sun.") ||
+ className.startsWith("sun.") || className.startsWith("jdk.")) {
+ return;
+ }
+
Class<?>[] interfaces = clazz.getInterfaces();
for (Class<?> interfaceClass : interfaces) {
checkClass(markedClass, interfaceClass);
