(incubator-seata) branch 2.x updated: optimize: optimize Hessian Serialize (#6254)

Sun, 04 Feb 2024 18:36:16 -0800 

This is an automated email from the ASF dual-hosted git repository.

jimin pushed a commit to branch 2.x
in repository https://gitbox.apache.org/repos/asf/incubator-seata.git


The following commit(s) were added to refs/heads/2.x by this push:
     new 736f2b936a optimize: optimize Hessian Serialize (#6254)
736f2b936a is described below

commit 736f2b936ad44c9cdda2a8b3dcc5884b3e0ff285
Author: jimin <[email protected]>
AuthorDate: Mon Feb 5 10:36:07 2024 +0800

    optimize: optimize Hessian Serialize (#6254)
---
 changes/en-us/2.x.md                                   |  2 +-
 changes/zh-cn/2.x.md                                   |  1 +
 .../core/serializer/SerializerSecurityRegistry.java    |  2 +-
 .../seata/serializer/hessian/HessianSerializer.java    | 18 +++++++++---------
 4 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/changes/en-us/2.x.md b/changes/en-us/2.x.md
index 5c741aaae5..ff55d2be6e 100644
--- a/changes/en-us/2.x.md
+++ b/changes/en-us/2.x.md
@@ -81,7 +81,7 @@ Add changes here for all PR submitted to the 2.x branch.
 - [[#6301](https://github.com/apache/incubator-seata/pull/6301)] upgrade 
console frontend dependencies and supported nodejs versions
 - [[#6301](https://github.com/apache/incubator-seata/pull/6312)] add saga 
related io.seata compatible api
 - [[#6313](https://github.com/apache/incubator-seata/pull/6313)] console 
display the version number
-
+- [[#6254](https://github.com/apache/incubator-seata/pull/6254)] optimize 
Hessian Serialize
 
 ### security:
 - [[#6069](https://github.com/apache/incubator-seata/pull/6069)] Upgrade Guava 
dependencies to fix security vulnerabilities
diff --git a/changes/zh-cn/2.x.md b/changes/zh-cn/2.x.md
index d915a24254..4080786277 100644
--- a/changes/zh-cn/2.x.md
+++ b/changes/zh-cn/2.x.md
@@ -79,6 +79,7 @@
 - [[#6301](https://github.com/apache/incubator-seata/pull/6301)] 
升级console前端依赖及支持的nodejs版本
 - [[#6301](https://github.com/apache/incubator-seata/pull/6312)] 
添加saga相关的io.seata兼容性API
 - [[#6313](https://github.com/apache/incubator-seata/pull/6313)] console展示版本号
+- [[#6254](https://github.com/apache/incubator-seata/pull/6254)] 优化Hessian 序列化
 
 
 ### security:
diff --git 
a/core/src/main/java/org/apache/seata/core/serializer/SerializerSecurityRegistry.java
 
b/core/src/main/java/org/apache/seata/core/serializer/SerializerSecurityRegistry.java
index 9cfda82759..3ab82fb4bf 100644
--- 
a/core/src/main/java/org/apache/seata/core/serializer/SerializerSecurityRegistry.java
+++ 
b/core/src/main/java/org/apache/seata/core/serializer/SerializerSecurityRegistry.java
@@ -129,7 +129,7 @@ public class SerializerSecurityRegistry {
     }
 
     private static String[] getDenyClassPatternList() {
-        return new String[] {"javax.naming.InitialContext", "javax.net.ssl.*", 
"com.unboundid.ldap.*"};
+        return new String[] {"javax.naming.InitialContext", "javax.net.ssl.*", 
"com.unboundid.ldap.*", "java.lang.Runtime"};
     }
 
     private static Set<Class<?>> getProtocolType() {
diff --git 
a/serializer/seata-serializer-hessian/src/main/java/org/apache/seata/serializer/hessian/HessianSerializer.java
 
b/serializer/seata-serializer-hessian/src/main/java/org/apache/seata/serializer/hessian/HessianSerializer.java
index 97f5bce290..0bc4ded989 100644
--- 
a/serializer/seata-serializer-hessian/src/main/java/org/apache/seata/serializer/hessian/HessianSerializer.java
+++ 
b/serializer/seata-serializer-hessian/src/main/java/org/apache/seata/serializer/hessian/HessianSerializer.java
@@ -16,32 +16,31 @@
  */
 package org.apache.seata.serializer.hessian;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
 import com.caucho.hessian.io.Hessian2Input;
 import com.caucho.hessian.io.Hessian2Output;
-import com.caucho.hessian.io.SerializerFactory;
 import org.apache.seata.common.loader.LoadLevel;
 import org.apache.seata.core.serializer.Serializer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-
 
 @LoadLevel(name = "HESSIAN")
+@Deprecated
 public class HessianSerializer implements Serializer {
     private static final Logger LOGGER = 
LoggerFactory.getLogger(HessianSerializer.class);
 
     @Override
     public <T> byte[] serialize(T t) {
         byte[] stream = null;
-        SerializerFactory hessian = HessianSerializerFactory.getInstance();
         try {
-            com.caucho.hessian.io.Serializer serializer = 
hessian.getSerializer(t.getClass());
             ByteArrayOutputStream baos = new ByteArrayOutputStream();
             Hessian2Output output = new Hessian2Output(baos);
-            serializer.writeObject(t, output);
+            
output.setSerializerFactory(HessianSerializerFactory.getInstance());
+            output.writeObject(t);
             output.close();
             stream = baos.toByteArray();
         } catch (IOException e) {
@@ -55,7 +54,8 @@ public class HessianSerializer implements Serializer {
         T obj = null;
         try (ByteArrayInputStream is = new ByteArrayInputStream(bytes)) {
             Hessian2Input input = new Hessian2Input(is);
-            obj = (T) input.readObject();
+            input.setSerializerFactory(HessianSerializerFactory.getInstance());
+            obj = (T)input.readObject();
             input.close();
         } catch (IOException e) {
             LOGGER.error("Hessian decode error:{}", e.getMessage(), e);


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to