Example 11 with JavaSerializationFilterConfig
use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.
the class TestFullApplicationContext method testJavaSerializationFilterConfig.
@Test
public void testJavaSerializationFilterConfig() {
JavaSerializationFilterConfig filterConfig = config.getSerializationConfig().getJavaSerializationFilterConfig();
assertNotNull(filterConfig);
assertTrue(filterConfig.isDefaultsDisabled());
ClassFilter blacklist = filterConfig.getBlacklist();
assertNotNull(blacklist);
assertEquals(1, blacklist.getClasses().size());
assertTrue(blacklist.getClasses().contains("com.acme.app.BeanComparator"));
assertEquals(0, blacklist.getPackages().size());
Set<String> prefixes = blacklist.getPrefixes();
assertTrue(prefixes.contains("a.dangerous.package."));
assertTrue(prefixes.contains("justaprefix"));
assertEquals(2, prefixes.size());
ClassFilter whitelist = filterConfig.getWhitelist();
assertNotNull(whitelist);
assertEquals(2, whitelist.getClasses().size());
assertTrue(whitelist.getClasses().contains("java.lang.String"));
assertTrue(whitelist.getClasses().contains("example.Foo"));
assertEquals(2, whitelist.getPackages().size());
assertTrue(whitelist.getPackages().contains("com.acme.app"));
assertTrue(whitelist.getPackages().contains("com.acme.app.subpkg"));
}
Also used :
ClassFilter(com.hazelcast.config.ClassFilter)
JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig)
Test(org.junit.Test)
QuickTest(com.hazelcast.test.annotation.QuickTest)
Example 12 with JavaSerializationFilterConfig
use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.
the class AbstractDomConfigProcessor method fillJavaSerializationFilter.
protected void fillJavaSerializationFilter(final Node node, SerializationConfig serializationConfig) {
JavaSerializationFilterConfig filterConfig = new JavaSerializationFilterConfig();
serializationConfig.setJavaSerializationFilterConfig(filterConfig);
Node defaultsDisabledNode = getNamedItemNode(node, "defaults-disabled");
boolean defaultsDisabled = defaultsDisabledNode != null && getBooleanValue(getTextContent(defaultsDisabledNode));
filterConfig.setDefaultsDisabled(defaultsDisabled);
for (Node child : childElements(node)) {
final String name = cleanNodeName(child);
if (matches("blacklist", name)) {
ClassFilter list = parseClassFilterList(child);
filterConfig.setBlacklist(list);
} else if (matches("whitelist", name)) {
ClassFilter list = parseClassFilterList(child);
filterConfig.setWhitelist(list);
}
}
}
Also used :
ClassFilter(com.hazelcast.config.ClassFilter)
Node(org.w3c.dom.Node)
JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig)
Example 13 with JavaSerializationFilterConfig
use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.
the class MulticastDeserializationTest method createConfig.
private Config createConfig(boolean withFilter) {
Config config = smallInstanceConfig();
if (withFilter) {
JavaSerializationFilterConfig javaSerializationFilterConfig = new JavaSerializationFilterConfig().setDefaultsDisabled(true);
javaSerializationFilterConfig.getBlacklist().addClasses(TestDeserialized.class.getName());
config.getSerializationConfig().setJavaSerializationFilterConfig(javaSerializationFilterConfig);
}
JoinConfig join = config.getNetworkConfig().getJoin();
join.getTcpIpConfig().setEnabled(false);
join.getMulticastConfig().setEnabled(true).setMulticastPort(MULTICAST_PORT).setMulticastGroup(MULTICAST_GROUP).setMulticastTimeToLive(MULTICAST_TTL);
return config;
}
Also used :
TestDeserialized(example.serialization.TestDeserialized)
JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig)
HazelcastTestSupport.smallInstanceConfig(com.hazelcast.test.HazelcastTestSupport.smallInstanceConfig)
JoinConfig(com.hazelcast.config.JoinConfig)
Config(com.hazelcast.config.Config)
JoinConfig(com.hazelcast.config.JoinConfig)
JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig)
Example 14 with JavaSerializationFilterConfig
use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.
the class ExternalizableDeserializationProtectionTest method testExternalizableProtectedOnClient.
@Test
public void testExternalizableProtectedOnClient() {
JavaSerializationFilterConfig javaSerializationFilterConfig = new JavaSerializationFilterConfig().setDefaultsDisabled(true);
javaSerializationFilterConfig.getBlacklist().addClasses(TestExternalizableDeserialized.class.getName());
Config config = smallInstanceConfig();
hazelcastFactory.newHazelcastInstance(config);
ClientConfig clientConfig1 = new ClientConfig();
HazelcastInstance client1 = hazelcastFactory.newHazelcastClient(clientConfig1);
client1.getMap("test").put("key", new TestExternalizableDeserialized());
// we don't have an index on map, so the value should not be deserialized
assertFalse(TestExternalizableDeserialized.isDeserialized);
// deserialized on client
client1.getMap("test").get("key");
assertTrue(TestExternalizableDeserialized.isDeserialized);
TestExternalizableDeserialized.isDeserialized = false;
ClientConfig clientConfig2 = new ClientConfig();
clientConfig2.getSerializationConfig().setJavaSerializationFilterConfig(javaSerializationFilterConfig);
HazelcastInstance client2 = hazelcastFactory.newHazelcastClient(clientConfig2);
expected.expect(HazelcastSerializationException.class);
client2.getMap("test").get("key");
}
Also used :
TestExternalizableDeserialized(example.serialization.TestExternalizableDeserialized)
HazelcastInstance(com.hazelcast.core.HazelcastInstance)
Config(com.hazelcast.config.Config)
IndexConfig(com.hazelcast.config.IndexConfig)
JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig)
ClientConfig(com.hazelcast.client.config.ClientConfig)
ClientConfig(com.hazelcast.client.config.ClientConfig)
JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig)
QuickTest(com.hazelcast.test.annotation.QuickTest)
Test(org.junit.Test)
Example 15 with JavaSerializationFilterConfig
use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.
the class ClientDeserializationProtectionTest method testDefaultDeserializationFilter_readOnClient.
/**
* <pre>
* When: An untrusted serialized object is stored by member and read from client, the default Whitelist is used.
* Then: Deserialization fails.
* </pre>
*/
@Test
public void testDefaultDeserializationFilter_readOnClient() {
JavaSerializationFilterConfig filterConfig = new JavaSerializationFilterConfig();
Config config = new Config();
config.getSerializationConfig().setJavaSerializationFilterConfig(filterConfig);
HazelcastInstance member = hazelcastFactory.newInstances(config, 1)[0];
ClientConfig clientConfig = new ClientConfig();
clientConfig.getSerializationConfig().setJavaSerializationFilterConfig(filterConfig);
HazelcastInstance client = hazelcastFactory.newHazelcastClient(clientConfig);
member.getMap("test").put("key", new TestDeserialized());
try {
client.getMap("test").get("key");
fail("Deserialization should have failed");
} catch (HazelcastSerializationException e) {
assertFalse(TestDeserialized.isDeserialized);
}
}
Also used :
HazelcastSerializationException(com.hazelcast.nio.serialization.HazelcastSerializationException)
HazelcastInstance(com.hazelcast.core.HazelcastInstance)
TestDeserialized(example.serialization.TestDeserialized)
Config(com.hazelcast.config.Config)
JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig)
ClientConfig(com.hazelcast.client.config.ClientConfig)
ClientConfig(com.hazelcast.client.config.ClientConfig)
JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig)
QuickTest(com.hazelcast.test.annotation.QuickTest)
Test(org.junit.Test)
Aggregations
JavaSerializationFilterConfig (com.hazelcast.config.JavaSerializationFilterConfig)21
Test (org.junit.Test)16
QuickTest (com.hazelcast.test.annotation.QuickTest)15
Config (com.hazelcast.config.Config)9
TestDeserialized (example.serialization.TestDeserialized)9
HazelcastInstance (com.hazelcast.core.HazelcastInstance)8
SerializationClassNameFilter (com.hazelcast.internal.serialization.SerializationClassNameFilter)7
ClientConfig (com.hazelcast.client.config.ClientConfig)6
ClassFilter (com.hazelcast.config.ClassFilter)5
HazelcastSerializationException (com.hazelcast.nio.serialization.HazelcastSerializationException)4
IndexConfig (com.hazelcast.config.IndexConfig)2
TestHazelcastInstanceFactory (com.hazelcast.test.TestHazelcastInstanceFactory)2
TestExternalizableDeserialized (example.serialization.TestExternalizableDeserialized)2
GlobalSerializerConfig (com.hazelcast.config.GlobalSerializerConfig)1
JoinConfig (com.hazelcast.config.JoinConfig)1
SerializationConfig (com.hazelcast.config.SerializationConfig)1
SerializerConfig (com.hazelcast.config.SerializerConfig)1
XMLConfigBuilderTest (com.hazelcast.config.XMLConfigBuilderTest)1
HazelcastTestSupport.smallInstanceConfig (com.hazelcast.test.HazelcastTestSupport.smallInstanceConfig)1
Node (org.w3c.dom.Node)1
