thmd opened a new issue, #3050:
URL: https://github.com/apache/fory/issues/3050
### Feature Request
```
AllowListChecker checker = new
AllowListChecker(AllowListChecker.CheckLevel.STRICT);
ThreadSafeFory fory = new ThreadLocalFory(classLoader -> {
Fory f =
Fory.builder().requireClassRegistration(true).withClassLoader(classLoader).build();
f.getClassResolver().setClassChecker(checker);
checker.addListener(f.getClassResolver());
return f;
});
checker.allowClass("org.example.*");
```
I think it makes sense `setClassChecker` doing
`checker.addListener(f.getClassResolver());` automatically unless I'm missing
something.
Also after adding AllowListChecker I still get this error in log
`ForyBuilder:477 [Test worker] - Class registration isn't forced, unknown
classes can be deserialized. If the environment isn't secure, please enable
class registration by `ForyBuilder#requireClassRegistration(true)` or configure
TypeChecker by `TypeResolver#setTypeChecker``
I think the security error should be suppressed with a `TypeChecker`
registered since I'm not allowing any random class.
### Is your feature request related to a problem? Please describe
_No response_
### Describe the solution you'd like
I think either registration or TypeChecker should stop the unsafe
serialization error.
### Describe alternatives you've considered
_No response_
### Additional context
_No response_
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
