Search in sources :

Example 1 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class DeserializationProtectionTest method assertDeserializationFails.

private void assertDeserializationFails(JavaSerializationFilterConfig javaSerializationFilterConfig, boolean keyOwnedByTarget) {
    TestHazelcastInstanceFactory factory = createHazelcastInstanceFactory(2);
    Config config = new Config();
    config.getSerializationConfig().setJavaSerializationFilterConfig(javaSerializationFilterConfig);
    HazelcastInstance[] instances = factory.newInstances(config);
    String key = generateKeyOwnedBy(instances[keyOwnedByTarget ? 1 : 0]);
    instances[0].getMap("test").put(key, new TestDeserialized());
    try {
        instances[1].getMap("test").get(key);
        fail("Deserialization should have failed");
    } catch (HazelcastSerializationException e) {
        assertFalse(TestDeserialized.isDeserialized);
    }
}
Also used : HazelcastSerializationException(com.hazelcast.nio.serialization.HazelcastSerializationException) HazelcastInstance(com.hazelcast.core.HazelcastInstance) TestDeserialized(example.serialization.TestDeserialized) Config(com.hazelcast.config.Config) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) TestHazelcastInstanceFactory(com.hazelcast.test.TestHazelcastInstanceFactory)

Example 2 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class DeserializationProtectionTest method testClassBlacklisted.

/**
 * <pre>
 * When: Default Whitelist is disabled and classname of the test serialized object is blacklisted.
 * Then: Deserialization fails.
 * </pre>
 */
@Test
public void testClassBlacklisted() {
    ClassFilter blacklist = new ClassFilter().addClasses(TestDeserialized.class.getName());
    JavaSerializationFilterConfig filterConfig = new JavaSerializationFilterConfig().setDefaultsDisabled(true).setBlacklist(blacklist);
    assertDeserializationFails(filterConfig, false);
}
Also used : TestDeserialized(example.serialization.TestDeserialized) ClassFilter(com.hazelcast.config.ClassFilter) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 3 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class AbstractClientConfigBuilderTest method testSerializationConfig.

@Test
public void testSerializationConfig() {
    final SerializationConfig serializationConfig = fullClientConfig.getSerializationConfig();
    assertEquals(3, serializationConfig.getPortableVersion());
    final Map<Integer, String> dsClasses = serializationConfig.getDataSerializableFactoryClasses();
    assertEquals(1, dsClasses.size());
    assertEquals("com.hazelcast.examples.DataSerializableFactory", dsClasses.get(1));
    final Map<Integer, String> pfClasses = serializationConfig.getPortableFactoryClasses();
    assertEquals(1, pfClasses.size());
    assertEquals("com.hazelcast.examples.PortableFactory", pfClasses.get(2));
    final Collection<SerializerConfig> serializerConfigs = serializationConfig.getSerializerConfigs();
    assertEquals(1, serializerConfigs.size());
    final SerializerConfig serializerConfig = serializerConfigs.iterator().next();
    assertEquals("com.hazelcast.examples.DummyType", serializerConfig.getTypeClassName());
    assertEquals("com.hazelcast.examples.SerializerFactory", serializerConfig.getClassName());
    final GlobalSerializerConfig globalSerializerConfig = serializationConfig.getGlobalSerializerConfig();
    assertEquals("com.hazelcast.examples.GlobalSerializerFactory", globalSerializerConfig.getClassName());
    assertEquals(ByteOrder.BIG_ENDIAN, serializationConfig.getByteOrder());
    assertTrue(serializationConfig.isCheckClassDefErrors());
    assertFalse(serializationConfig.isAllowUnsafe());
    assertFalse(serializationConfig.isAllowOverrideDefaultSerializers());
    assertFalse(serializationConfig.isEnableCompression());
    assertTrue(serializationConfig.isEnableSharedObject());
    assertTrue(serializationConfig.isUseNativeByteOrder());
    JavaSerializationFilterConfig javaSerializationFilterConfig = serializationConfig.getJavaSerializationFilterConfig();
    ClassFilter blacklist = javaSerializationFilterConfig.getBlacklist();
    assertEquals(1, blacklist.getClasses().size());
    assertTrue(blacklist.getClasses().contains("com.acme.app.BeanComparator"));
    ClassFilter whitelist = javaSerializationFilterConfig.getWhitelist();
    assertEquals(2, whitelist.getClasses().size());
    assertTrue(whitelist.getClasses().contains("java.lang.String"));
    assertTrue(whitelist.getClasses().contains("example.Foo"));
    assertEquals(2, whitelist.getPackages().size());
    assertTrue(whitelist.getPackages().contains("com.acme.app"));
    assertTrue(whitelist.getPackages().contains("com.acme.app.subpkg"));
    assertEquals(3, whitelist.getPrefixes().size());
    assertTrue(whitelist.getPrefixes().contains("java"));
    assertTrue(whitelist.getPrefixes().contains("["));
    assertTrue(whitelist.getPrefixes().contains("com."));
}
Also used : GlobalSerializerConfig(com.hazelcast.config.GlobalSerializerConfig) SerializerConfig(com.hazelcast.config.SerializerConfig) SerializationConfig(com.hazelcast.config.SerializationConfig) ClassFilter(com.hazelcast.config.ClassFilter) GlobalSerializerConfig(com.hazelcast.config.GlobalSerializerConfig) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) Test(org.junit.Test) XMLConfigBuilderTest(com.hazelcast.config.XMLConfigBuilderTest)

Example 4 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class ClientDeserializationProtectionTest method testClassBlacklisted.

/**
 * <pre>
 * When: Default Whitelist is disabled and classname of the test serialized object is blacklisted. The object is read from client.
 * Then: Deserialization fails.
 * </pre>
 */
@Test
public void testClassBlacklisted() {
    ClassFilter blacklist = new ClassFilter().addClasses(TestDeserialized.class.getName());
    JavaSerializationFilterConfig filterConfig = new JavaSerializationFilterConfig().setDefaultsDisabled(true).setBlacklist(blacklist);
    Config config = new Config();
    config.getSerializationConfig().setJavaSerializationFilterConfig(filterConfig);
    HazelcastInstance member = hazelcastFactory.newInstances(config, 1)[0];
    ClientConfig clientConfig = new ClientConfig();
    clientConfig.getSerializationConfig().setJavaSerializationFilterConfig(filterConfig);
    HazelcastInstance client = hazelcastFactory.newHazelcastClient(clientConfig);
    member.getMap("test").put("key", new TestDeserialized());
    try {
        client.getMap("test").get("key");
        fail("Deserialization should have failed");
    } catch (HazelcastSerializationException e) {
        assertFalse(TestDeserialized.isDeserialized);
    }
}
Also used : HazelcastSerializationException(com.hazelcast.nio.serialization.HazelcastSerializationException) TestDeserialized(example.serialization.TestDeserialized) HazelcastInstance(com.hazelcast.core.HazelcastInstance) ClassFilter(com.hazelcast.config.ClassFilter) Config(com.hazelcast.config.Config) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) ClientConfig(com.hazelcast.client.config.ClientConfig) ClientConfig(com.hazelcast.client.config.ClientConfig) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 5 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class ExternalizableDeserializationProtectionTest method testExternalizableProtectedOnMember.

@Test
public void testExternalizableProtectedOnMember() {
    JavaSerializationFilterConfig javaSerializationFilterConfig = new JavaSerializationFilterConfig().setDefaultsDisabled(true);
    javaSerializationFilterConfig.getBlacklist().addClasses(TestExternalizableDeserialized.class.getName());
    Config config = smallInstanceConfig();
    config.getSerializationConfig().setJavaSerializationFilterConfig(javaSerializationFilterConfig);
    // the index will force deserialization
    config.getMapConfig("test").addIndexConfig(new IndexConfig(IndexType.HASH, "name"));
    hazelcastFactory.newHazelcastInstance(config);
    HazelcastInstance client = hazelcastFactory.newHazelcastClient();
    expected.expect(HazelcastSerializationException.class);
    client.getMap("test").put("key", new TestExternalizableDeserialized());
}
Also used : TestExternalizableDeserialized(example.serialization.TestExternalizableDeserialized) IndexConfig(com.hazelcast.config.IndexConfig) HazelcastInstance(com.hazelcast.core.HazelcastInstance) Config(com.hazelcast.config.Config) IndexConfig(com.hazelcast.config.IndexConfig) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) ClientConfig(com.hazelcast.client.config.ClientConfig) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Aggregations

JavaSerializationFilterConfig (com.hazelcast.config.JavaSerializationFilterConfig)21 Test (org.junit.Test)16 QuickTest (com.hazelcast.test.annotation.QuickTest)15 Config (com.hazelcast.config.Config)9 TestDeserialized (example.serialization.TestDeserialized)9 HazelcastInstance (com.hazelcast.core.HazelcastInstance)8 SerializationClassNameFilter (com.hazelcast.internal.serialization.SerializationClassNameFilter)7 ClientConfig (com.hazelcast.client.config.ClientConfig)6 ClassFilter (com.hazelcast.config.ClassFilter)5 HazelcastSerializationException (com.hazelcast.nio.serialization.HazelcastSerializationException)4 IndexConfig (com.hazelcast.config.IndexConfig)2 TestHazelcastInstanceFactory (com.hazelcast.test.TestHazelcastInstanceFactory)2 TestExternalizableDeserialized (example.serialization.TestExternalizableDeserialized)2 GlobalSerializerConfig (com.hazelcast.config.GlobalSerializerConfig)1 JoinConfig (com.hazelcast.config.JoinConfig)1 SerializationConfig (com.hazelcast.config.SerializationConfig)1 SerializerConfig (com.hazelcast.config.SerializerConfig)1 XMLConfigBuilderTest (com.hazelcast.config.XMLConfigBuilderTest)1 HazelcastTestSupport.smallInstanceConfig (com.hazelcast.test.HazelcastTestSupport.smallInstanceConfig)1 Node (org.w3c.dom.Node)1