kaizen84 commented on issue #12161: URL: https://github.com/apache/dubbo/issues/12161#issuecomment-1537646231
> > dubbo 3.2.0 看起来像dubbo provider反序列化Authentication时发生的错误 `org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationPrepareFilter#setSecurityContext org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter#getSecurityContext` > > ``` > > Caused by: org.apache.dubbo.rpc.StatusRpcException: UNKNOWN : objectMapper! deserialize error java.lang.IllegalArgumentException: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See https://github.com/spring-projects/spring-security/issues/4370 for details > > java.lang.RuntimeException: objectMapper! deserialize error java.lang.IllegalArgumentException: The class with org.springframework.security.oauth2.provider.OAuth2Authentication and name of org.springframework.security.oauth2.provider.OAuth2Authentication is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See https://github.com/spring-projects/spring-security/issues/4370 for details > > at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:50) > > at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.deserialize(ObjectMapperCodec.java:58) > > at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.getSecurityContext(ContextHolderAuthenticationResolverFilter.java:56) > > at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationResolverFilter.invoke(ContextHolderAuthenticationResolverFilter.java:45) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > > > at org.apache.dubbo.rpc.TriRpcStatus.asException(TriRpcStatus.java:214) > > at org.apache.dubbo.rpc.protocol.tri.call.UnaryClientCallListener.onClose(UnaryClientCallListener.java:51) > > at org.apache.dubbo.rpc.protocol.tri.call.TripleClientCall.onComplete(TripleClientCall.java:112) > > at org.apache.dubbo.rpc.protocol.tri.stream.TripleClientStream$ClientTransportListener.finishProcess(TripleClientStream.java:251) > > at org.apache.dubbo.rpc.protocol.tri.stream.TripleClientStream$ClientTransportListener.onTrailersReceived(TripleClientStream.java:337) > > at org.apache.dubbo.rpc.protocol.tri.stream.TripleClientStream$ClientTransportListener.lambda$onHeader$1(TripleClientStream.java:443) > > at org.apache.dubbo.common.threadpool.serial.SerializingExecutor.run(SerializingExecutor.java:102) > > at org.apache.dubbo.common.threadpool.ThreadlessExecutor$RunnableWrapper.run(ThreadlessExecutor.java:141) > > at org.apache.dubbo.common.threadpool.ThreadlessExecutor.waitAndDrain(ThreadlessExecutor.java:70) > > at org.apache.dubbo.rpc.AsyncRpcResult.get(AsyncRpcResult.java:202) > > at org.apache.dubbo.rpc.protocol.AbstractInvoker.waitForResultIfSync(AbstractInvoker.java:286) > > at org.apache.dubbo.rpc.protocol.AbstractInvoker.invoke(AbstractInvoker.java:189) > > at org.apache.dubbo.rpc.listener.ListenerInvokerWrapper.invoke(ListenerInvokerWrapper.java:71) > > at org.apache.dubbo.validation.filter.ValidationFilter.invoke(ValidationFilter.java:98) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at com.medusa.gruul.common.system.model.remote.SystemDubboConsumerSpreadConfig.invoke(SystemDubboConsumerSpreadConfig.java:27) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at com.medusa.gruul.common.security.resource.remote.AuthDubboConsumerSpreadConfig.invoke(AuthDubboConsumerSpreadConfig.java:30) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.metrics.filter.MetricsFilter.invoke(MetricsFilter.java:51) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CallbackRegistrationInvoker.invoke(FilterChainBuilder.java:194) > > at org.apache.dubbo.rpc.protocol.ReferenceCountInvokerWrapper.invoke(ReferenceCountInvokerWrapper.java:78) > > at org.apache.dubbo.rpc.cluster.support.AbstractClusterInvoker.invokeWithContext(AbstractClusterInvoker.java:380) > > at org.apache.dubbo.rpc.cluster.support.FailoverClusterInvoker.doInvoke(FailoverClusterInvoker.java:81) > > at org.apache.dubbo.rpc.cluster.support.AbstractClusterInvoker.invoke(AbstractClusterInvoker.java:341) > > at org.apache.dubbo.rpc.cluster.router.RouterSnapshotFilter.invoke(RouterSnapshotFilter.java:46) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.monitor.support.MonitorFilter.invoke(MonitorFilter.java:101) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.rpc.cluster.filter.support.MetricsClusterFilter.invoke(MetricsClusterFilter.java:51) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.rpc.protocol.dubbo.filter.FutureFilter.invoke(FutureFilter.java:52) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.spring.security.filter.ContextHolderParametersSelectedTransferFilter.invoke(ContextHolderParametersSelectedTransferFilter.java:41) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationPrepareFilter.invoke(ContextHolderAuthenticationPrepareFilter.java:47) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.rpc.cluster.filter.support.ConsumerClassLoaderFilter.invoke(ConsumerClassLoaderFilter.java:40) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.rpc.cluster.filter.support.ConsumerContextFilter.invoke(ConsumerContextFilter.java:118) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331) > > at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CallbackRegistrationInvoker.invoke(FilterChainBuilder.java:194) > > at org.apache.dubbo.rpc.cluster.support.wrapper.AbstractCluster$ClusterFilterInvoker.invoke(AbstractCluster.java:91) > > at org.apache.dubbo.rpc.cluster.support.wrapper.MockClusterInvoker.invoke(MockClusterInvoker.java:103) > > at org.apache.dubbo.rpc.cluster.support.wrapper.ScopeClusterInvoker.invoke(ScopeClusterInvoker.java:131) > > at org.apache.dubbo.registry.client.migration.MigrationInvoker.invoke(MigrationInvoker.java:284) > > at org.apache.dubbo.rpc.proxy.InvocationUtil.invoke(InvocationUtil.java:57) > > at org.apache.dubbo.rpc.proxy.InvokerInvocationHandler.invoke(InvokerInvocationHandler.java:75) > > at com.medusa.gruul.shop.api.rpc.ShopRpcServiceDubboProxy0.getShopInfoByShopId(ShopRpcServiceDubboProxy0.java) > > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) > > at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.base/java.lang.reflect.Method.invoke(Method.java:568) > > at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) > > at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208) > > at jdk.proxy2/jdk.proxy2.$Proxy176.getShopInfoByShopId(Unknown Source) > > at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl.lambda$myData$10(ShopAdminServiceImpl.java:253) > > at com.medusa.gruul.common.security.resource.exntends.RoleTask.lambda$when$0(RoleTask.java:37) > > at com.medusa.gruul.common.security.resource.exntends.RolePermMatcher.and(RolePermMatcher.java:174) > > at com.medusa.gruul.common.security.resource.exntends.RoleTask.lambda$when$1(RoleTask.java:37) > > at com.medusa.gruul.common.security.resource.exntends.RolePermMatcher.or(RolePermMatcher.java:190) > > at com.medusa.gruul.common.security.resource.exntends.RoleTask.when(RoleTask.java:35) > > at com.medusa.gruul.common.security.resource.exntends.RoleTask.ifAnyShopAdmin(RoleTask.java:113) > > at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl.lambda$myData$11(ShopAdminServiceImpl.java:250) > > at io.vavr.control.Option.getOrElse(Option.java:336) > > at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl.myData(ShopAdminServiceImpl.java:243) > > at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl$$FastClassBySpringCGLIB$$ad26a94f.invoke(<generated>) > > at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) > > at org.springframework.aop.framework.CglibAopProxy.invokeMethod(CglibAopProxy.java:386) > > at org.springframework.aop.framework.CglibAopProxy.access$000(CglibAopProxy.java:85) > > at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:704) > > at com.medusa.gruul.service.uaa.service.service.impl.ShopAdminServiceImpl$$EnhancerBySpringCGLIB$$e31ae6f2.myData(<generated>) > > at com.medusa.gruul.service.uaa.service.controller.ShopUserController.mine(ShopUserController.java:44) > > at com.medusa.gruul.service.uaa.service.controller.ShopUserController$$FastClassBySpringCGLIB$$81a7126d.invoke(<generated>) > > at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) > > at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793) > > at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) > > at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763) > > at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61) > > at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) > > at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763) > > at com.medusa.gruul.common.log.aspect.LogInterceptor.invoke(LogInterceptor.java:55) > > at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) > > at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763) > > at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708) > > at com.medusa.gruul.service.uaa.service.controller.ShopUserController$$EnhancerBySpringCGLIB$$dd2d6316.mine(<generated>) > > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) > > at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.base/java.lang.reflect.Method.invoke(Method.java:568) > > at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) > > at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150) > > at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117) > > at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895) > > at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808) > > at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) > > at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1071) > > at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:964) > > at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) > > ... 99 common frames omitted > > `` > > ``` > > 当前ObjectMapperCodec内部内置了一些反序列的对象,你可以看看你当前序列化对象有没有在 这些反序列化的对象里面,如果没有,或者有特殊的对象,你需要通过 ObjectMapperCodecCustomer 自定义 OK -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
