This is an automated email from the ASF dual-hosted git repository. albumenj pushed a commit to branch apache-3.1 in repository https://gitbox.apache.org/repos/asf/dubbo.git
commit e98748580d535b97ef59504606e3c21fee322378 Author: Albumen Kevin <[email protected]> AuthorDate: Wed May 24 15:09:39 2023 +0800 Skip scan object class (#12388) * Skip scan object class * Skip scan object class --- .../apache/dubbo/common/utils/SerializeSecurityConfigurator.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeSecurityConfigurator.java b/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeSecurityConfigurator.java index a02584f0bb..ce0cf12f56 100644 --- a/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeSecurityConfigurator.java +++ b/dubbo-common/src/main/java/org/apache/dubbo/common/utils/SerializeSecurityConfigurator.java @@ -264,6 +264,15 @@ public class SerializeSecurityConfigurator implements ScopeClassLoaderListener<M addToAllow(clazz.getName()); + if (ClassUtils.isSimpleType(clazz) || clazz.isPrimitive() || clazz.isArray()) { + return; + } + String className = clazz.getName(); + if (className.startsWith("java.") || className.startsWith("javax.") || className.startsWith("com.sun.") || + className.startsWith("sun.") || className.startsWith("jdk.")) { + return; + } + Class<?>[] interfaces = clazz.getInterfaces(); for (Class<?> interfaceClass : interfaces) { checkClass(markedClass, interfaceClass);
