-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IOException will be thrown if the data type is java.time.LocalTime #1449
Comments
com.alipay.sofa.rpc.core.exception.SofaRpcException: com.alipay.remoting.exception.SerializationException: java.io.IOException: Class com.caucho.hessian.io.java8.LocalDateHandle is in blacklist.
at com.alipay.sofa.rpc.transport.bolt.BoltClientTransport.convertToRpcException(BoltClientTransport.java:344)
at com.alipay.sofa.rpc.transport.bolt.BoltClientTransport.syncSend(BoltClientTransport.java:259)
at com.alipay.sofa.rpc.client.AbstractCluster.doSendMsg(AbstractCluster.java:613)
at com.alipay.sofa.rpc.client.AbstractCluster.sendMsg(AbstractCluster.java:584)
at com.alipay.sofa.rpc.filter.ConsumerInvoker.invoke(ConsumerInvoker.java:63)
at com.alipay.sofa.rpc.filter.ConsumerCustomHeaderFilter.invoke(ConsumerCustomHeaderFilter.java:47)
at com.alipay.sofa.rpc.filter.FilterInvoker.invoke(FilterInvoker.java:100)
at com.alipay.sofa.rpc.filter.PressureMarkTransformFilter.invoke(PressureMarkTransformFilter.java:63)
at com.alipay.sofa.rpc.filter.FilterInvoker.invoke(FilterInvoker.java:100)
at io.opentelemetry.javaagent.instrumentation.sofarpc.SofaRpcServerFilter.invoke(SofaRpcServerFilter.java:44)
at io.opentelemetry.javaagent.instrumentation.sofarpc.OpenTelemetryFilter.invoke(OpenTelemetryFilter.java:28)
at com.alipay.sofa.rpc.filter.FilterInvoker.invoke(FilterInvoker.java:100)
...
Caused by: java.io.IOException: Class com.caucho.hessian.io.java8.LocalDateHandle is in blacklist.
at com.alipay.hessian.NameBlackListFilter.resolve(NameBlackListFilter.java:158)
at com.alipay.hessian.ClassNameResolver.resolve(ClassNameResolver.java:99)
at com.caucho.hessian.io.SerializerFactory.getSerializer(SerializerFactory.java:190)
... 130 common frames omitted 相同问题: SOFARPC version:5.13.1 能否指导一下如何“本地配置自定义blacklist” 给予上游同步一些准备时间; |
It appears that there is overridden logic you may use. Lines 50 to 73 in 7150804
|
@nobodyiam 谢谢老师 @Test
public void overrideBlackList() {
List<String> origin = buildOriginList();
BlackAndWhiteListFileLoader.overrideBlackList(origin, "-*");
Assert.assertTrue(origin.size() == 0);
origin = buildOriginList();
BlackAndWhiteListFileLoader.overrideBlackList(origin, "!*");
Assert.assertTrue(origin.size() == 0);
origin = buildOriginList();
BlackAndWhiteListFileLoader.overrideBlackList(origin, "-default");
Assert.assertTrue(origin.size() == 0);
origin = buildOriginList();
BlackAndWhiteListFileLoader.overrideBlackList(origin, "!default");
Assert.assertTrue(origin.size() == 0);
origin = buildOriginList();
BlackAndWhiteListFileLoader.overrideBlackList(origin, "-*,-com.xxx");
Assert.assertTrue(origin.size() == 0);
origin = buildOriginList();
BlackAndWhiteListFileLoader.overrideBlackList(origin, "aaa,-*,-com.xxx");
Assert.assertTrue(origin.size() == 1);
origin = buildOriginList();
BlackAndWhiteListFileLoader.overrideBlackList(origin, "-*,aaa");
Assert.assertTrue(origin.size() == 1);
origin = buildOriginList();
BlackAndWhiteListFileLoader.overrideBlackList(origin, "-com.xxx");
Assert.assertTrue(origin.size() == 2);
origin = buildOriginList();
BlackAndWhiteListFileLoader.overrideBlackList(origin, "-com.xxx,-com.yyy");
Assert.assertTrue(origin.size() == 1);
origin = buildOriginList();
BlackAndWhiteListFileLoader.overrideBlackList(origin, "com.xxx,-com.yyy");
Assert.assertTrue(origin.size() == 2);
origin = buildOriginList();
BlackAndWhiteListFileLoader.overrideBlackList(origin, "com.aaa,-com.yyy");
// ...
} |
@nobodyiam 老师看到关联项目一直有在做安全相关处理,支持只定义也在其中,Fix hessian sec issue for 4 #33 ,但又一下几个问题请教:
不好意思看到了:https://github.com/sofastack/sofa-rpc/security 另外补充几个: |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Your question
When the data type is 'java.time.LocalTime', 'com.caucho.hessian.io.java8.LocalTimeHandle' will be blacklisted and then throw an IOException. Do I need to customize the parsing for Java 8 time types?
Your scenes
Because there are many entity types in my project that use java.time.LocalTime, but looking at the source code for com.alipay.sofa:hession, there is also serialization and parsing of Java 8. I don't understand why it has to be added to the blacklist again.
I really hope I can get your help, thank you.
Your advice
I hope to be able to use the serialization parser of Java 8 type that comes with com.alipay.sofa:hession.
Environment
The text was updated successfully, but these errors were encountered: