This is an automated email from the ASF dual-hosted git repository.
jinwoo pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/develop by this push:
new 863ba8c708 Document update - Added serialization to Security section
(#7923)
863ba8c708 is described below
commit 863ba8c708bb64c5ea9e0d7c3b9315639b8d88ec
Author: kaajaln2 <[email protected]>
AuthorDate: Thu Sep 11 07:18:29 2025 -0400
Document update - Added serialization to Security section (#7923)
* Document update - Added serialization to Security section
Added serialization page under Security section
Added link to serialization page from Security model page
Added a bullet point to the Security Implementaton Overview page
* Document update - Added serialization to Security section
Added serialization page under Security section
Added link to serialization page from Security model page
Added a bullet point to the Security Implementaton Overview page
Removed Java version
* Document update: Removed java version in serialization section
---
.../source/subnavs/geode-subnav.erb | 3 ++
geode-docs/security/chapter_overview.html.md.erb | 4 ++
.../security/implementing_security.html.md.erb | 2 +
geode-docs/security/security_model.html.md.erb | 6 ++-
geode-docs/security/serialization.html.md.erb | 54 ++++++++++++++++++++++
5 files changed, 67 insertions(+), 2 deletions(-)
diff --git a/geode-book/master_middleman/source/subnavs/geode-subnav.erb
b/geode-book/master_middleman/source/subnavs/geode-subnav.erb
index 49cd752f97..b4ba7467a4 100644
--- a/geode-book/master_middleman/source/subnavs/geode-subnav.erb
+++ b/geode-book/master_middleman/source/subnavs/geode-subnav.erb
@@ -159,6 +159,9 @@ limitations under the License.
</li>
</ul>
</li>
+ <li>
+ <a
href="/docs/guide/<%=vars.product_version_nodot%>/security/serialization.html">Serialization</a>
+ </li>
</ul>
</li>
diff --git a/geode-docs/security/chapter_overview.html.md.erb
b/geode-docs/security/chapter_overview.html.md.erb
index f75376d6f2..3984dd5ae4 100644
--- a/geode-docs/security/chapter_overview.html.md.erb
+++ b/geode-docs/security/chapter_overview.html.md.erb
@@ -48,3 +48,7 @@ The security framework permits authentication of connecting
components and autho
- **[SSL](../security/ssl_overview.html)**
SSL protects your data in transit between applications.
+
+- **[Serialization](../security/serialization.html)**
+
+ This section describes the serialization mechanisms available in Apache
Geode, including global serialization filters and PDX serialization.
diff --git a/geode-docs/security/implementing_security.html.md.erb
b/geode-docs/security/implementing_security.html.md.erb
index fcccda0933..d684346dbf 100644
--- a/geode-docs/security/implementing_security.html.md.erb
+++ b/geode-docs/security/implementing_security.html.md.erb
@@ -37,6 +37,8 @@ SSL-based, rather than plain socket connections.
You can enable SSL separately for peer-to-peer, client, JMX, gateway senders
and receivers, and HTTP connections.
- **Post processing of region data**. Return values for operations that
return region values may be formatted.
+- **Serialization**. Control and filter object serialization, particularly
+ in the context of security and performance.
## Overview
diff --git a/geode-docs/security/security_model.html.md.erb
b/geode-docs/security/security_model.html.md.erb
index fc9ccafebe..1a7f3842b3 100644
--- a/geode-docs/security/security_model.html.md.erb
+++ b/geode-docs/security/security_model.html.md.erb
@@ -22,9 +22,10 @@ Every component of Apache Geode is built with security
considerations as a top p
solutions require user-specific design and implementation. Geode's default
configuration combines maximum flexibility
and performance without any input needed from the user. Because of this,
certain security measures like
**[authentication](authentication_overview.html)**,
-**[authorization](authorization_overview.html)** and
+**[authorization](authorization_overview.html)**,
+**[serialization](../security/serialization.html)** and
**[over-the-wire encryption](ssl_overview.html)**
-are absent from a default Geode installation.
+are absent from a default Geode installation.
It is highly recommended that users review Geode's security capabilities and
implement them as they see fit. See the
**[Security Implementation Introduction and
Overview](implementing_security.html)**
to get started with Apache Geode security.
@@ -33,3 +34,4 @@ Additional documentation related to security can be found on
Apache Geode Wiki
[Geode Security
Framework](https://cwiki.apache.org/confluence/display/GEODE/Geode+Security+Framework)
and
[Geode Integrated
Security](https://cwiki.apache.org/confluence/display/GEODE/Geode+Integrated+Security).
+
diff --git a/geode-docs/security/serialization.html.md.erb
b/geode-docs/security/serialization.html.md.erb
new file mode 100644
index 0000000000..b96cb7178d
--- /dev/null
+++ b/geode-docs/security/serialization.html.md.erb
@@ -0,0 +1,54 @@
+---
+title: Serialization
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+Apache Geode offers mechanisms to control and filter object serialization,
particularly
+ in the context of security and performance. This is primarily achieved
through:
+
+
+## Global Serialization Filter (Java)
+
+For deployments using Java, a global serialization filter can be enabled to
restrict the types of objects that can be serialized and
+deserialized within the Geode process. This helps mitigate risks associated
with deserialization of untrusted data, a common vulnerability.
+
+- To enable this, the Java system property `geode.enableGlobalSerialFilter` is
set to true when starting Geode locators and servers.
+
+- Additionally, the `serializable-object-filter` configuration option, used in
conjunction with `validate-serializable-objects,` is used to
+specify a whitelist of user-defined classes that are allowed to be
serialized/deserialized, in addition to standard JDK and Geode classes.
+ This allows for fine-grained control over which custom objects are permitted
in the system.
+
+## PDX Serialization
+
+Apache Geode's Portable Data eXchange (PDX) serialization offers a more robust
and flexible approach to data serialization, providing features
+like schema evolution and language independence. While not a "filter" in the
same sense as the global serialization filter, PDX provides control
+over how objects are serialized and deserialized.
+
+- **PdxSerializer:** You can implement a custom `PdxSerializer` to define how
specific domain objects are serialized and deserialized, allowing
+ for selective handling of fields or transformations during the process.
+
+- **Reflection-Based Auto-Serialization:** PDX also supports automatic
reflection-based serialization, where Geode can serialize objects without
+ requiring explicit implementation of `PdxSerializable` in your domain
classes. This can be configured to include or exclude specific types based
+ on criteria like package names, providing a form of type filtering.
+
+
+
+
+ In conclusion, Apache Geode provides serialization filtering capabilities
through a global filter for security hardening in Java 8 environments and
+ through the flexible configurations of PDX serialization for fine-grained
control over data handling and type inclusion/exclusion.
