LegendPei opened a new pull request, #7972:
URL: https://github.com/apache/incubator-seata/pull/7972
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Please make sure you have read and understood the contributing
guidelines -->
- [ ] I have read the
[CONTRIBUTING.md](https://github.com/apache/incubator-seata/blob/2.x/CONTRIBUTING.md)
guidelines.
- [ ] I have registered the PR
[changes](https://github.com/apache/incubator-seata/tree/2.x/changes).
### Ⅰ. Describe what this PR did
1. 添加了 JSON 白名单安全机制
2. 新增 JSON 序列化器 SPI :jackson3,fastjson2
3. 将 tcc 默认 json 解析器修改为 jackson
1. Added JSON whitelist security mechanism
2. Added JSON serializer SPI : jackson3, fastjson2
3. Modify the default JSON parser of tcc to jackson
白名单使用方法:
1. 配置方式
application.yml:
seata:
json:
allowlist: com.company.model.,com.company.dto.,com.company.UserPo
application.properties:
seata.json.allowlist=com.company.model.,com.company.dto.,com.company.UserPo
2. 配置规则
xxx. 前缀匹配 `com.company.model.` 匹配该包下所有类
xxx 精确匹配 `com.company.UserPo` 只匹配这一个类
How to use the whitelist:
1. Configuration method:
application.yml:
seata:
json:
allowlist: com.company.model., com.company.dto., com.company.UserPo
application.properties:
seata.json.allowlist=com.company.model.,com.company.dto.,com.company.UserPo2.
2. Configuration rule:
xxx. Prefix matching `com.company.model.` Matches all classes under this
package
xxx Exact matching `com.company.UserPo` Only matches this class
### Ⅱ. Does this pull request fix one issue?
<!-- If that, add "fixes #xxx" below in the next line, for example, fixes
#97. -->
### Ⅲ. Why don't you add test cases (unit test/integration test)?
### Ⅳ. Describe how to verify it
### Ⅴ. Special notes for reviews
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
