Hi,
We are running into an issue with serialization security in Ignite 2.5.0 with
whitelisting enabled. We start the cache inside an application in embedded
mode. The cache is partitioned with read through/write behind enabled. I am
getting the below exception while working with the cache. Note that this does
not happen always.
2020-08-04 14:05:38.482 [sys-#41] ERROR
ignite.internal.processors.continuous.GridContinuousProcessor - Failed to
process message (ignoring): GridContinuousMessage [type=MSG_EVT_NOTIFICATION,
routineId=e6f15316-b9c4-4316-878f-188401f64acf, data=null, futId=null]
org.apache.ignite.IgniteCheckedException: Deserialization of class
org.apache.ignite.util.deque.FastSizeDeque is disallowed.
at
org.apache.ignite.internal.util.IgniteUtils.unmarshal(IgniteUtils.java:9968)
[dmipDPC.jar:?]
at
org.apache.ignite.internal.processors.continuous.GridContinuousProcessor$7.onMessage(GridContinuousProcessor.java:266)
[dmipDPC.jar:?]
at
org.apache.ignite.internal.managers.communication.GridIoManager.invokeListener(GridIoManager.java:1556)
[dmipDPC.jar:?]
at
org.apache.ignite.internal.managers.communication.GridIoManager.processRegularMessage0(GridIoManager.java:1184)
[dmipDPC.jar:?]
at
org.apache.ignite.internal.managers.communication.GridIoManager.access$4200(GridIoManager.java:125)
[dmipDPC.jar:?]
at
org.apache.ignite.internal.managers.communication.GridIoManager$9.run(GridIoManager.java:1091)
[dmipDPC.jar:?]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[?:1.8.0_231]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[?:1.8.0_231]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_231]
Caused by: java.lang.RuntimeException: Deserialization of class
org.apache.ignite.util.deque.FastSizeDeque is disallowed.
at
org.apache.ignite.internal.util.IgniteUtils.forName(IgniteUtils.java:8606)
~[dmipDPC.jar:?]
at
org.apache.ignite.internal.MarshallerContextImpl.getClass(MarshallerContextImpl.java:349)
~[dmipDPC.jar:?]
at
org.apache.ignite.internal.binary.BinaryContext.descriptorForTypeId(BinaryContext.java:688)
~[dmipDPC.jar:?]
at
org.apache.ignite.internal.binary.BinaryReaderExImpl.deserialize0(BinaryReaderExImpl.java:1755)
~[dmipDPC.jar:?]
at
org.apache.ignite.internal.binary.BinaryReaderExImpl.deserialize(BinaryReaderExImpl.java:1714)
~[dmipDPC.jar:?]
at
org.apache.ignite.internal.binary.GridBinaryMarshaller.deserialize(GridBinaryMarshaller.java:310)
~[dmipDPC.jar:?]
at
org.apache.ignite.internal.binary.BinaryMarshaller.unmarshal0(BinaryMarshaller.java:99)
~[dmipDPC.jar:?]
at
org.apache.ignite.marshaller.AbstractNodeNameAwareMarshaller.unmarshal(AbstractNodeNameAwareMarshaller.java:82)
~[dmipDPC.jar:?]
at
org.apache.ignite.internal.util.IgniteUtils.unmarshal(IgniteUtils.java:9962)
[dmipDPC.jar:?]
... 8 more
I looked at org.apache.ignite.internal.IgniteKernal#classWhiteList and it loads
the META-INF/classnames.txt and META-INF/classnames-jdk.txt files before
loading the user configured whitelist classes file. I don't see the mention of
org.apache.ignite.util.deque.FastSizeDeque class in the META-INF/classnames.txt
file. Is this a bug within Ignite?
Thanks,
Pradeep V.B.
This email and any files transmitted with it are confidential, proprietary and
intended solely for the individual or entity to whom they are addressed. If you
have received this email in error please delete it immediately.
