Search in sources :

Example 6 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class SerializationClassNameFilterTest method testBlacklistPrefix.

/**
 * <pre>
 * Given: Blacklist with prefix is used which overlaps default whitelist.
 * When: {@link SerializationClassNameFilter#filter(String)} is called for a class which fits default whitelist
 *        but it's also blacklisted.
 * Then: {@link SecurityException} is thrown
 * </pre>
 */
@Test(expected = SecurityException.class)
public void testBlacklistPrefix() {
    JavaSerializationFilterConfig config = new JavaSerializationFilterConfig();
    config.getBlacklist().addPrefixes("com.hazelcast.test");
    new SerializationClassNameFilter(config).filter("com.hazelcast.test.Test1");
}
Also used : SerializationClassNameFilter(com.hazelcast.internal.serialization.SerializationClassNameFilter) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 7 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class SerializationClassNameFilterTest method testDefaultPass.

/**
 * <pre>
 * Given: Default configuration is used.
 * When: {@link SerializationClassNameFilter#filter(String)} is called for a java.lang class
 * Then: no exception is thrown as the java prefix is in the default whitelist
 * </pre>
 */
@Test
public void testDefaultPass() {
    JavaSerializationFilterConfig config = new JavaSerializationFilterConfig();
    new SerializationClassNameFilter(config).filter("java.lang.Object");
}
Also used : SerializationClassNameFilter(com.hazelcast.internal.serialization.SerializationClassNameFilter) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 8 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class SerializationClassNameFilterTest method testBlacklistedWithDefaultWhitelist.

/**
 * <pre>
 * Given: Blacklist is used and defaults are enabled.
 * When: {@link SerializationClassNameFilter#filter(String)} is called for a class which is fits default whitelist
 *        but it's also blacklisted.
 * Then: {@link SecurityException} is thrown
 * </pre>
 */
@Test(expected = SecurityException.class)
public void testBlacklistedWithDefaultWhitelist() {
    JavaSerializationFilterConfig config = new JavaSerializationFilterConfig();
    config.getBlacklist().addClasses("java.lang.Test3", "java.lang.Test2", "java.lang.Test1");
    new SerializationClassNameFilter(config).filter("java.lang.Test1");
}
Also used : SerializationClassNameFilter(com.hazelcast.internal.serialization.SerializationClassNameFilter) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 9 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class DeserializationProtectionTest method testClassBlacklisted.

/**
 * <pre>
 * When: Default Whitelist is disabled and classname of the test serialized object is blacklisted.
 * Then: Deserialization fails.
 * </pre>
 */
@Test
public void testClassBlacklisted() {
    ClassFilter blacklist = new ClassFilter().addClasses(TestDeserialized.class.getName());
    JavaSerializationFilterConfig filterConfig = new JavaSerializationFilterConfig().setDefaultsDisabled(true).setBlacklist(blacklist);
    assertDeserializationFails(filterConfig, false);
}
Also used : TestDeserialized(example.serialization.TestDeserialized) ClassFilter(com.hazelcast.config.ClassFilter) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 10 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class DeserializationProtectionTest method assertDeserializationFails.

private void assertDeserializationFails(JavaSerializationFilterConfig javaSerializationFilterConfig, boolean keyOwnedByTarget) {
    TestHazelcastInstanceFactory factory = createHazelcastInstanceFactory(2);
    Config config = new Config();
    config.getSerializationConfig().setJavaSerializationFilterConfig(javaSerializationFilterConfig);
    HazelcastInstance[] instances = factory.newInstances(config);
    String key = generateKeyOwnedBy(instances[keyOwnedByTarget ? 1 : 0]);
    instances[0].getMap("test").put(key, new TestDeserialized());
    try {
        instances[1].getMap("test").get(key);
        fail("Deserialization should have failed");
    } catch (HazelcastSerializationException e) {
        assertFalse(TestDeserialized.isDeserialized);
    }
}
Also used : HazelcastSerializationException(com.hazelcast.nio.serialization.HazelcastSerializationException) HazelcastInstance(com.hazelcast.core.HazelcastInstance) TestDeserialized(example.serialization.TestDeserialized) Config(com.hazelcast.config.Config) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) TestHazelcastInstanceFactory(com.hazelcast.test.TestHazelcastInstanceFactory)

Aggregations

JavaSerializationFilterConfig (com.hazelcast.config.JavaSerializationFilterConfig)21 Test (org.junit.Test)16 QuickTest (com.hazelcast.test.annotation.QuickTest)15 Config (com.hazelcast.config.Config)9 TestDeserialized (example.serialization.TestDeserialized)9 HazelcastInstance (com.hazelcast.core.HazelcastInstance)8 SerializationClassNameFilter (com.hazelcast.internal.serialization.SerializationClassNameFilter)7 ClientConfig (com.hazelcast.client.config.ClientConfig)6 ClassFilter (com.hazelcast.config.ClassFilter)5 HazelcastSerializationException (com.hazelcast.nio.serialization.HazelcastSerializationException)4 IndexConfig (com.hazelcast.config.IndexConfig)2 TestHazelcastInstanceFactory (com.hazelcast.test.TestHazelcastInstanceFactory)2 TestExternalizableDeserialized (example.serialization.TestExternalizableDeserialized)2 GlobalSerializerConfig (com.hazelcast.config.GlobalSerializerConfig)1 JoinConfig (com.hazelcast.config.JoinConfig)1 SerializationConfig (com.hazelcast.config.SerializationConfig)1 SerializerConfig (com.hazelcast.config.SerializerConfig)1 XMLConfigBuilderTest (com.hazelcast.config.XMLConfigBuilderTest)1 HazelcastTestSupport.smallInstanceConfig (com.hazelcast.test.HazelcastTestSupport.smallInstanceConfig)1 Node (org.w3c.dom.Node)1