jojocodeX commented on issue #12073: URL: https://github.com/apache/dubbo/issues/12073#issuecomment-1505312131
> > * [ ] I have searched the [issues](https://github.com/apache/dubbo/issues) of this repository and believe that this is not a duplicate. > > > > ### Environment > > > > * Dubbo version: 3.2.0-beta.6 / org.apache.dubbo:dubbo-bom:3.2.0-beta.6 > > * Java version: java 17 > > * springboot 3.0.5 > > * org.springframework.cloud:spring-cloud-dependencies:2022.0.1 > > * com.alibaba.cloud:spring-cloud-alibaba-dependencies:2022.0.0.0-RC1 > > * com.alibaba.fastjson2:fastjson2:2.0.27 > > > > ### Steps to reproduce this issue > > > > 1. Dubbo请求获取用户信息 > > 2. 返回自定义的UserDetails对象,登录成功 > > 3. Dubbo再次请求获取用户信息 > > 4. 控制台报错 > > > > 自定义一个 UserDetails 对象,在SpringBootSecurity登录成功后返回自定义的 UserDetails 对象,此时再次发起Dubbo请求,无法获取数据,控制台报错。 > > ``` > > 2023-04-11T22:54:15.413+08:00 WARN 64592 --- [o-auto-1-exec-3] o.a.d.r.c.s.wrapper.MockClusterInvoker : [DUBBO] fail-mock: getLocalIdentifier fail-mock enabled , url : consumer://172.29.237.2/com.houkunlin.cloud.micro.rpc.UserDubboService?application=api-auth-server&background=false&check=true&dubbo=2.0.2&executor-management-mode=default&file-cache=false&interface=com.houkunlin.cloud.micro.rpc.UserDubboService&methods=getAssignAuthorities,getLeaderIds,getLocalIdentifier,getUserAllPermissionValues,getUserByUserId,getUserByUsername,loginFailureAction,loginSuccessAction,saveUserLog,updatePassword&mock=true&pid=64592&qos.enable=true&qos.port=9622®ister-mode=instance®ister.ip=172.29.237.2&release=3.2.0-beta.6&revision=0.0.7-SNAPSHOT-plain&side=consumer&sticky=false×tamp=1681224224385&unloadClusterRelated=false, dubbo version: 3.2.0-beta.6, current host: 172.29.237.2, error code: 2-17. This may be caused by failed to mock invoke, go to https://dubbo.apache.org/faq/2/1 7 to find instructions. > > > > org.apache.dubbo.rpc.RpcException: Failed to invoke the method getLocalIdentifier in the service com.houkunlin.cloud.micro.rpc.UserDubboService. Tried 3 times of the providers [172.29.237.2:20883] (1/1) from the registry 192.168.0.5:8848 on the consumer 172.29.237.2 using the dubbo version 3.2.0-beta.6. Last error is: Failed to invoke remote method: getLocalIdentifier, provider: DefaultServiceInstance{serviceName='system-user-server', host='172.29.237.2', port=20883, enabled=true, healthy=true, metadata={dubbo.metadata-service.url-params={"prefer.serialization":"fastjson2,hessian2","version":"1.0.0","dubbo":"2.0.2","release":"3.2.0-beta.6","side":"provider","port":"20883","protocol":"dubbo"}, dubbo.endpoints=[{"port":20883,"protocol":"dubbo"}], dubbo.metadata.revision=998f69ef376ecb6920e7f05d9e6f0b14, dubbo.metadata.storage-type=local, timestamp=1681209402712}}, service{name='com.houkunlin.cloud.micro.rpc.UserDubboService',group='null',version='null',protocol='dubbo',port='208 83',params={executor-management-mode=default, side=provider, file-cache=false, release=3.2.0-beta.6, methods=getAssignAuthorities,getLeaderIds,getLocalIdentifier,getUserAllPermissionValues,getUserByUserId,getUserByUsername,loginFailureAction,loginSuccessAction,saveUserLog,updatePassword, deprecated=false, dubbo=2.0.2, interface=com.houkunlin.cloud.micro.rpc.UserDubboService, service-name-mapping=true, register-mode=instance, generic=false, revision=0.0.7-SNAPSHOT-plain, application=system-user-server, prefer.serialization=fastjson2,hessian2, background=false, dynamic=true, anyhost=true},}, cause: org.apache.dubbo.remoting.RemotingException: java.lang.RuntimeException: objectMapper! deserialize error java.lang.IllegalArgumentException: The class with com.houkunlin.cloud.micro.login.LoginUserDetails and name of com.houkunlin.cloud.micro.login.LoginUserDetails is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson ann otations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See https://github.com/spring-projects/spring-security/issues/4370 for details > > java.lang.RuntimeException: objectMapper! deserialize error java.lang.IllegalArgumentException: The class with com.houkunlin.cloud.micro.login.LoginUserDetails and name of com.houkunlin.cloud.micro.login.LoginUserDetails is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See https://github.com/spring-projects/spring-security/issues/4370 for details > > at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:50) > > at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:58) > > at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.getSecurityContext(ContextHolderAuthenticationResolverFilter.java:56) > > at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.invoke(ContextHolderAuthenticationResolverFilter.java:45) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.rpc.filter.GenericFilter.invoke(GenericFilter.java:192) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.rpc.filter.ClassLoaderFilter.invoke(ClassLoaderFilter.java:54) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.rpc.filter.EchoFilter.invoke(EchoFilter.java:41) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.rpc.filter.ProfilerServerFilter.invoke(ProfilerServerFilter.java:64) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.rpc.filter.ContextFilter.invoke(ContextFilter.java:144) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CallbackRegistrationInvoker.invoke(FilterChainBuilder.java:194) > > at org.apache.dubbo.rpc.protocol.dubbo.DubboProtocol$1.reply(DubboProtocol.java:159) > > at org.apache.dubbo.remoting.exchange.support.header.HeaderExchangeHandler.handleRequest(HeaderExchangeHandler.java:103) > > at org.apache.dubbo.remoting.exchange.support.header.HeaderExchangeHandler.received(HeaderExchangeHandler.java:186) > > at org.apache.dubbo.remoting.transport.DecodeHandler.received(DecodeHandler.java:53) > > at org.apache.dubbo.remoting.transport.dispatcher.ChannelEventRunnable.run(ChannelEventRunnable.java:62) > > at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) > > at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) > > at org.apache.dubbo.common.threadlocal.InternalRunnable.run(InternalRunnable.java:41) > > at java.base/java.lang.Thread.run(Thread.java:833) > > ``` > > > > > > > > > > > > > > > > > > > > > > > > 尝试使用 `ObjectMapperCodecCustomer` 来处理 ObjectMapperCodec.ObjectMapper ,增加`context.setMixInAnnotations(LoginUserDetails.class, LoginUserDetailsMixin.class);`,断点发现配置正常生效,在Dubbo请求之前断点能够看到生效的信息,但是依旧无法完成反序列化,并且控制台报错的位置在调试模式无法断点。 > > 复制 `CoreJackson2Module` 类到本地进行覆盖,取消 `// context.setMixInAnnotations(User.class, UserMixin.class);`配置,使用官方的 User 对象,调试运行发现本地 `CoreJackson2Module` 正常执行,并且ObjectMapperCodec.ObjectMapper无UserMixin配置,此时依旧能够请求成功,但是我想要的并不是使用官方的User对象,而是想要自定义的UserDetails对象。 > > 上面两种方式,一种是增加自己的 Mixin 对象,一种是取消官方的 Mixin 对象配置,两种方式均无法正常生效,虽然断点看到的配置是生效的,但是实际Dubbo请求时执行的配置与断点的配置不一致 > > Pls. provide [GitHub address] to reproduce this issue. > > ### Expected Behavior > > ### Actual Behavior > > If there is an exception, please attach the exception trace: > > ``` > > Just put your stack trace here! > > ``` > >  > >  > >  > >   > > 在本地进行了相应的自定义序列化器,没有复现该错误,你可以提供下序列化器相关的代码 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
