Bill commented on a change in pull request #7167: URL: https://github.com/apache/geode/pull/7167#discussion_r766216187
########## File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/impl/ReflectionObjectInputFilterApiFactory.java ########## @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.internal.serialization.filter.impl; + +import static org.apache.commons.lang3.JavaVersion.JAVA_1_8; +import static org.apache.commons.lang3.JavaVersion.JAVA_9; +import static org.apache.commons.lang3.SystemUtils.isJavaVersionAtLeast; +import static org.apache.geode.internal.serialization.filter.impl.ApiPackage.JAVA_IO; +import static org.apache.geode.internal.serialization.filter.impl.ApiPackage.SUN_MISC; + +public class ReflectionObjectInputFilterApiFactory implements ObjectInputFilterApiFactory { + + private static final String UNSUPPORTED_MESSAGE = + "ObjectInputFilter is not supported in JRE version"; + + @Override + public ObjectInputFilterApi createObjectInputFilterApi() { + try { + if (isJavaVersionAtLeast(JAVA_9)) { + return new Java9ReflectionObjectInputFilterApi(JAVA_IO); + } + if (isJavaVersionAtLeast(JAVA_1_8)) { + return new ReflectionObjectInputFilterApi(SUN_MISC); + } + } catch (ClassNotFoundException | NoSuchMethodException e) { + throw new UnsupportedOperationException(UNSUPPORTED_MESSAGE, e); + } + throw new UnsupportedOperationException(UNSUPPORTED_MESSAGE); + } Review comment: I don't understand how this doesn't generate a compiler error. Can the compiler prove that the Java version will always be at least 1.8? ########## File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/ConditionalGlobalSerialFilterConfigurationFactory.java ########## @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.internal.serialization.filter; + +import org.apache.geode.internal.serialization.filter.impl.ConditionalGlobalSerialFilterConfiguration; +import org.apache.geode.internal.serialization.filter.impl.EnableFiltering; + +public class ConditionalGlobalSerialFilterConfigurationFactory implements Review comment: This class is never referenced statically. Is it referenced dynamically? If not, I think it should be removed. ########## File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/DelegatingObjectInputFilterFactory.java ########## @@ -0,0 +1,57 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.internal.serialization.filter; + +import static java.util.Objects.requireNonNull; + +import java.util.Set; + +import org.apache.geode.internal.serialization.filter.impl.DelegatingObjectInputFilter; +import org.apache.geode.internal.serialization.filter.impl.ObjectInputFilterApi; +import org.apache.geode.internal.serialization.filter.impl.ObjectInputFilterApiFactory; +import org.apache.geode.internal.serialization.filter.impl.ReflectionObjectInputFilterApiFactory; + +public class DelegatingObjectInputFilterFactory implements ObjectInputFilterFactory { + + private final Runnable precondition; + private final ObjectInputFilterApiFactory apiFactory; + + public DelegatingObjectInputFilterFactory(Runnable precondition) { + this(new ReflectionObjectInputFilterApiFactory(), precondition); + } + + private DelegatingObjectInputFilterFactory(ObjectInputFilterApiFactory apiFactory, + Runnable precondition) { + this.apiFactory = requireNonNull(apiFactory, "apiFactory is required"); + this.precondition = requireNonNull(precondition, "precondition is required"); + } + + @Override + public ObjectInputFilter create(SerializableObjectConfig config, Set<String> sanctionedClasses) { + if (config.getValidateSerializableObjects()) { + precondition.run(); Review comment: `DelegatingObjectInputFilterFactory` is a class that takes parameters in a constructor, assigns them to fields, and then provides a `create()` method. Yet product and test code always constructs an instance and then immediately calls the `create()` method, then the constructed instance is eligible for garbage collection. Inasmuch as the factory is never retained, and since the constructor call is always followed by the create call, it seems to me this could be a single function. No class, no constructor, no fields, are needed. If polymorphism is needed (which currently does not seem to be the case), a functional interface could be defined: ```java ObjectInputFilter create(SerializableObjectConfig config, Set<String> sanctionedClasses, ObjectInputFilterApiFactory apiFactory, Runnable precondition) ``` There could be a single concrete implementation of that interface in the product. In that case I also think `precondition` looks a little fishy, but perhaps it is important it's called inside the `if`. Am I missing something here? Is there some reason why all this structure is needed? ########## File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/ConditionalGlobalSerialFilterConfigurationFactory.java ########## @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.internal.serialization.filter; + +import org.apache.geode.internal.serialization.filter.impl.ConditionalGlobalSerialFilterConfiguration; +import org.apache.geode.internal.serialization.filter.impl.EnableFiltering; + +public class ConditionalGlobalSerialFilterConfigurationFactory implements + GlobalSerialFilterConfigurationFactory { + + private final EnableFiltering enableFiltering; + + public ConditionalGlobalSerialFilterConfigurationFactory() { + this(() -> false); + } + + /** + * Example: + * {@code + * () -> isJavaVersionAtLeast(JAVA_1_8) && + * isJavaVersionAtMost(JAVA_1_8) && + * isBlank(System.getProperty("jdk.serialFilter")) + * } + */ Review comment: I don't understand this code example, given that the only invocation of this constructor is on line 26 (and does not look anything like the code example). ########## File path: geode-serialization/src/main/java/org/apache/geode/internal/serialization/filter/SerializableObjectConfig.java ########## @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.internal.serialization.filter; + +public interface SerializableObjectConfig { + + default String getFilterPatternIfEnabled() { + return getValidateSerializableObjects() ? getSerializableObjectFilter() : null; + } + + boolean getValidateSerializableObjects(); Review comment: Need javadoc on this method and all the others, and the class itself please. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
