Examples with JavaSerializationFilterConfig com.hazelcast.config.JavaSerializationFilterConfig used on opensource projects

Search in sources :

Example 16 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class ClientDeserializationProtectionTest method testClassWhitelisted.

/**
 * <pre>
 * When: Deserialization filtering is enabled and classname of test object is whitelisted.
 * Then: The deserialization is possible.
 * </pre>
 */
@Test
public void testClassWhitelisted() {
    JavaSerializationFilterConfig filterConfig = new JavaSerializationFilterConfig();
    filterConfig.getWhitelist().addClasses(TestDeserialized.class.getName());
    Config config = new Config();
    config.getSerializationConfig().setJavaSerializationFilterConfig(filterConfig);
    HazelcastInstance member = hazelcastFactory.newInstances(config, 1)[0];
    ClientConfig clientConfig = new ClientConfig();
    clientConfig.getSerializationConfig().setJavaSerializationFilterConfig(filterConfig);
    HazelcastInstance client = hazelcastFactory.newHazelcastClient(clientConfig);
    member.getMap("test").put("key", new TestDeserialized());
    assertNotNull(client.getMap("test").get("key"));
    assertTrue(TestDeserialized.isDeserialized);
}
Also used : TestDeserialized(example.serialization.TestDeserialized) HazelcastInstance(com.hazelcast.core.HazelcastInstance) Config(com.hazelcast.config.Config) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) ClientConfig(com.hazelcast.client.config.ClientConfig) ClientConfig(com.hazelcast.client.config.ClientConfig) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 17 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class ClientDeserializationProtectionTest method testDefaultDeserializationFilter_readOnMember.

/**
 * <pre>
 * When: An untrusted serialized object is stored from client and read from member, the default Whitelist is used.
 * Then: Deserialization fails.
 * </pre>
 */
@Test
public void testDefaultDeserializationFilter_readOnMember() {
    JavaSerializationFilterConfig filterConfig = new JavaSerializationFilterConfig();
    Config config = new Config();
    config.getSerializationConfig().setJavaSerializationFilterConfig(filterConfig);
    HazelcastInstance member = hazelcastFactory.newInstances(config, 1)[0];
    ClientConfig clientConfig = new ClientConfig();
    clientConfig.getSerializationConfig().setJavaSerializationFilterConfig(filterConfig);
    HazelcastInstance client = hazelcastFactory.newHazelcastClient(clientConfig);
    client.getMap("test").put("key", new TestDeserialized());
    try {
        member.getMap("test").get("key");
        fail("Deserialization should have failed");
    } catch (HazelcastSerializationException e) {
        assertFalse(TestDeserialized.isDeserialized);
    }
}
Also used : HazelcastSerializationException(com.hazelcast.nio.serialization.HazelcastSerializationException) HazelcastInstance(com.hazelcast.core.HazelcastInstance) TestDeserialized(example.serialization.TestDeserialized) Config(com.hazelcast.config.Config) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) ClientConfig(com.hazelcast.client.config.ClientConfig) ClientConfig(com.hazelcast.client.config.ClientConfig) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 18 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class DeserializationProtectionTest method testClassWhitelisted.

/**
 * <pre>
 * When: Deserialization filtering is enabled and classname of test object is whitelisted.
 * Then: The deserialization is possible.
 * </pre>
 */
@Test
public void testClassWhitelisted() {
    JavaSerializationFilterConfig filterConfig = new JavaSerializationFilterConfig();
    filterConfig.getWhitelist().addClasses(TestDeserialized.class.getName());
    assertDeserializationPass(filterConfig);
}
Also used : TestDeserialized(example.serialization.TestDeserialized) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 19 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class DeserializationProtectionTest method assertDeserializationPass.

private void assertDeserializationPass(JavaSerializationFilterConfig filterConfig) {
    Config config = new Config();
    config.getSerializationConfig().setJavaSerializationFilterConfig(filterConfig);
    TestHazelcastInstanceFactory factory = createHazelcastInstanceFactory(2);
    HazelcastInstance[] instances = factory.newInstances(config);
    instances[0].getMap("test").put("a", new TestDeserialized());
    assertNotNull(instances[1].getMap("test").get("a"));
    assertTrue(TestDeserialized.isDeserialized);
}
Also used : HazelcastInstance(com.hazelcast.core.HazelcastInstance) TestDeserialized(example.serialization.TestDeserialized) Config(com.hazelcast.config.Config) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) TestHazelcastInstanceFactory(com.hazelcast.test.TestHazelcastInstanceFactory)

Example 20 with JavaSerializationFilterConfig

use of com.hazelcast.config.JavaSerializationFilterConfig in project hazelcast by hazelcast.

the class SerializationClassNameFilterTest method testPackageInWhitelist.

/**
 * <pre>
 * Given: Whitelist is set.
 * When: {@link SerializationClassNameFilter#filter(String)} is called for a class which has whitelisted package.
 * Then: no exception is thrown
 * </pre>
 */
@Test
public void testPackageInWhitelist() {
    JavaSerializationFilterConfig config = new JavaSerializationFilterConfig();
    config.getWhitelist().addPackages("com.whitelisted");
    new SerializationClassNameFilter(config).filter("com.whitelisted.Test2");
}
Also used : SerializationClassNameFilter(com.hazelcast.internal.serialization.SerializationClassNameFilter) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Aggregations

JavaSerializationFilterConfig (com.hazelcast.config.JavaSerializationFilterConfig)21 Test (org.junit.Test)16 QuickTest (com.hazelcast.test.annotation.QuickTest)15 Config (com.hazelcast.config.Config)9 TestDeserialized (example.serialization.TestDeserialized)9 HazelcastInstance (com.hazelcast.core.HazelcastInstance)8 SerializationClassNameFilter (com.hazelcast.internal.serialization.SerializationClassNameFilter)7 ClientConfig (com.hazelcast.client.config.ClientConfig)6 ClassFilter (com.hazelcast.config.ClassFilter)5 HazelcastSerializationException (com.hazelcast.nio.serialization.HazelcastSerializationException)4 IndexConfig (com.hazelcast.config.IndexConfig)2 TestHazelcastInstanceFactory (com.hazelcast.test.TestHazelcastInstanceFactory)2 TestExternalizableDeserialized (example.serialization.TestExternalizableDeserialized)2 GlobalSerializerConfig (com.hazelcast.config.GlobalSerializerConfig)1 JoinConfig (com.hazelcast.config.JoinConfig)1 SerializationConfig (com.hazelcast.config.SerializationConfig)1 SerializerConfig (com.hazelcast.config.SerializerConfig)1 XMLConfigBuilderTest (com.hazelcast.config.XMLConfigBuilderTest)1 HazelcastTestSupport.smallInstanceConfig (com.hazelcast.test.HazelcastTestSupport.smallInstanceConfig)1 Node (org.w3c.dom.Node)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial