Search in sources :

Example 11 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class TestFullApplicationContext method testJavaSerializationFilterConfig.

@Test
public void testJavaSerializationFilterConfig() {
    JavaSerializationFilterConfig filterConfig = config.getSerializationConfig().getJavaSerializationFilterConfig();
    assertNotNull(filterConfig);
    assertTrue(filterConfig.isDefaultsDisabled());
    ClassFilter blacklist = filterConfig.getBlacklist();
    assertNotNull(blacklist);
    assertEquals(1, blacklist.getClasses().size());
    assertTrue(blacklist.getClasses().contains("com.acme.app.BeanComparator"));
    assertEquals(0, blacklist.getPackages().size());
    Set<String> prefixes = blacklist.getPrefixes();
    assertTrue(prefixes.contains("a.dangerous.package."));
    assertTrue(prefixes.contains("justaprefix"));
    assertEquals(2, prefixes.size());
    ClassFilter whitelist = filterConfig.getWhitelist();
    assertNotNull(whitelist);
    assertEquals(2, whitelist.getClasses().size());
    assertTrue(whitelist.getClasses().contains("java.lang.String"));
    assertTrue(whitelist.getClasses().contains("example.Foo"));
    assertEquals(2, whitelist.getPackages().size());
    assertTrue(whitelist.getPackages().contains("com.acme.app"));
    assertTrue(whitelist.getPackages().contains("com.acme.app.subpkg"));
}
Also used : ClassFilter(com.hazelcast.config.ClassFilter) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) Test(org.junit.Test) QuickTest(com.hazelcast.test.annotation.QuickTest)

Example 12 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class AbstractDomConfigProcessor method fillJavaSerializationFilter.

protected void fillJavaSerializationFilter(final Node node, SerializationConfig serializationConfig) {
    JavaSerializationFilterConfig filterConfig = new JavaSerializationFilterConfig();
    serializationConfig.setJavaSerializationFilterConfig(filterConfig);
    Node defaultsDisabledNode = getNamedItemNode(node, "defaults-disabled");
    boolean defaultsDisabled = defaultsDisabledNode != null && getBooleanValue(getTextContent(defaultsDisabledNode));
    filterConfig.setDefaultsDisabled(defaultsDisabled);
    for (Node child : childElements(node)) {
        final String name = cleanNodeName(child);
        if (matches("blacklist", name)) {
            ClassFilter list = parseClassFilterList(child);
            filterConfig.setBlacklist(list);
        } else if (matches("whitelist", name)) {
            ClassFilter list = parseClassFilterList(child);
            filterConfig.setWhitelist(list);
        }
    }
}
Also used : ClassFilter(com.hazelcast.config.ClassFilter) Node(org.w3c.dom.Node) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig)

Example 13 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class MulticastDeserializationTest method createConfig.

private Config createConfig(boolean withFilter) {
    Config config = smallInstanceConfig();
    if (withFilter) {
        JavaSerializationFilterConfig javaSerializationFilterConfig = new JavaSerializationFilterConfig().setDefaultsDisabled(true);
        javaSerializationFilterConfig.getBlacklist().addClasses(TestDeserialized.class.getName());
        config.getSerializationConfig().setJavaSerializationFilterConfig(javaSerializationFilterConfig);
    }
    JoinConfig join = config.getNetworkConfig().getJoin();
    join.getTcpIpConfig().setEnabled(false);
    join.getMulticastConfig().setEnabled(true).setMulticastPort(MULTICAST_PORT).setMulticastGroup(MULTICAST_GROUP).setMulticastTimeToLive(MULTICAST_TTL);
    return config;
}
Also used : TestDeserialized(example.serialization.TestDeserialized) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) HazelcastTestSupport.smallInstanceConfig(com.hazelcast.test.HazelcastTestSupport.smallInstanceConfig) JoinConfig(com.hazelcast.config.JoinConfig) Config(com.hazelcast.config.Config) JoinConfig(com.hazelcast.config.JoinConfig) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig)

Example 14 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class ExternalizableDeserializationProtectionTest method testExternalizableProtectedOnClient.

@Test
public void testExternalizableProtectedOnClient() {
    JavaSerializationFilterConfig javaSerializationFilterConfig = new JavaSerializationFilterConfig().setDefaultsDisabled(true);
    javaSerializationFilterConfig.getBlacklist().addClasses(TestExternalizableDeserialized.class.getName());
    Config config = smallInstanceConfig();
    hazelcastFactory.newHazelcastInstance(config);
    ClientConfig clientConfig1 = new ClientConfig();
    HazelcastInstance client1 = hazelcastFactory.newHazelcastClient(clientConfig1);
    client1.getMap("test").put("key", new TestExternalizableDeserialized());
    // we don't have an index on map, so the value should not be deserialized
    assertFalse(TestExternalizableDeserialized.isDeserialized);
    // deserialized on client
    client1.getMap("test").get("key");
    assertTrue(TestExternalizableDeserialized.isDeserialized);
    TestExternalizableDeserialized.isDeserialized = false;
    ClientConfig clientConfig2 = new ClientConfig();
    clientConfig2.getSerializationConfig().setJavaSerializationFilterConfig(javaSerializationFilterConfig);
    HazelcastInstance client2 = hazelcastFactory.newHazelcastClient(clientConfig2);
    expected.expect(HazelcastSerializationException.class);
    client2.getMap("test").get("key");
}
Also used : TestExternalizableDeserialized(example.serialization.TestExternalizableDeserialized) HazelcastInstance(com.hazelcast.core.HazelcastInstance) Config(com.hazelcast.config.Config) IndexConfig(com.hazelcast.config.IndexConfig) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) ClientConfig(com.hazelcast.client.config.ClientConfig) ClientConfig(com.hazelcast.client.config.ClientConfig) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 15 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class ClientDeserializationProtectionTest method testDefaultDeserializationFilter_readOnClient.

/**
 * <pre>
 * When: An untrusted serialized object is stored by member and read from client, the default Whitelist is used.
 * Then: Deserialization fails.
 * </pre>
 */
@Test
public void testDefaultDeserializationFilter_readOnClient() {
    JavaSerializationFilterConfig filterConfig = new JavaSerializationFilterConfig();
    Config config = new Config();
    config.getSerializationConfig().setJavaSerializationFilterConfig(filterConfig);
    HazelcastInstance member = hazelcastFactory.newInstances(config, 1)[0];
    ClientConfig clientConfig = new ClientConfig();
    clientConfig.getSerializationConfig().setJavaSerializationFilterConfig(filterConfig);
    HazelcastInstance client = hazelcastFactory.newHazelcastClient(clientConfig);
    member.getMap("test").put("key", new TestDeserialized());
    try {
        client.getMap("test").get("key");
        fail("Deserialization should have failed");
    } catch (HazelcastSerializationException e) {
        assertFalse(TestDeserialized.isDeserialized);
    }
}
Also used : HazelcastSerializationException(com.hazelcast.nio.serialization.HazelcastSerializationException) HazelcastInstance(com.hazelcast.core.HazelcastInstance) TestDeserialized(example.serialization.TestDeserialized) Config(com.hazelcast.config.Config) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) ClientConfig(com.hazelcast.client.config.ClientConfig) ClientConfig(com.hazelcast.client.config.ClientConfig) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Aggregations

JavaSerializationFilterConfig (com.hazelcast.config.JavaSerializationFilterConfig)21 Test (org.junit.Test)16 QuickTest (com.hazelcast.test.annotation.QuickTest)15 Config (com.hazelcast.config.Config)9 TestDeserialized (example.serialization.TestDeserialized)9 HazelcastInstance (com.hazelcast.core.HazelcastInstance)8 SerializationClassNameFilter (com.hazelcast.internal.serialization.SerializationClassNameFilter)7 ClientConfig (com.hazelcast.client.config.ClientConfig)6 ClassFilter (com.hazelcast.config.ClassFilter)5 HazelcastSerializationException (com.hazelcast.nio.serialization.HazelcastSerializationException)4 IndexConfig (com.hazelcast.config.IndexConfig)2 TestHazelcastInstanceFactory (com.hazelcast.test.TestHazelcastInstanceFactory)2 TestExternalizableDeserialized (example.serialization.TestExternalizableDeserialized)2 GlobalSerializerConfig (com.hazelcast.config.GlobalSerializerConfig)1 JoinConfig (com.hazelcast.config.JoinConfig)1 SerializationConfig (com.hazelcast.config.SerializationConfig)1 SerializerConfig (com.hazelcast.config.SerializerConfig)1 XMLConfigBuilderTest (com.hazelcast.config.XMLConfigBuilderTest)1 HazelcastTestSupport.smallInstanceConfig (com.hazelcast.test.HazelcastTestSupport.smallInstanceConfig)1 Node (org.w3c.dom.Node)1