Examples with SerializationClassNameFilter com.hazelcast.internal.serialization.SerializationClassNameFilter used on opensource projects

Search in sources :

Example 1 with SerializationClassNameFilter

use of com.hazelcast.internal.serialization.SerializationClassNameFilter in project hazelcast by hazelcast.

the class DefaultSerializationServiceBuilder method setConfig.

@Override
public SerializationServiceBuilder setConfig(SerializationConfig config) {
    this.config = config;
    if (portableVersion < 0) {
        portableVersion = config.getPortableVersion();
    }
    checkClassDefErrors = config.isCheckClassDefErrors();
    useNativeByteOrder = config.isUseNativeByteOrder();
    byteOrder = config.getByteOrder();
    enableCompression = config.isEnableCompression();
    enableSharedObject = config.isEnableSharedObject();
    allowUnsafe = config.isAllowUnsafe();
    allowOverrideDefaultSerializers = config.isAllowOverrideDefaultSerializers();
    JavaSerializationFilterConfig filterConfig = config.getJavaSerializationFilterConfig();
    classNameFilter = filterConfig == null ? null : new SerializationClassNameFilter(filterConfig);
    compactSerializationConfig = config.getCompactSerializationConfig();
    return this;
}
Also used : SerializationClassNameFilter(com.hazelcast.internal.serialization.SerializationClassNameFilter) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig)

Example 2 with SerializationClassNameFilter

use of com.hazelcast.internal.serialization.SerializationClassNameFilter in project hazelcast by hazelcast.

the class SerializationClassNameFilterTest method testClassNotInWhitelist.

/**
 * <pre>
 * Given: Whitelist is set and defaults are disabled.
 * When: {@link SerializationClassNameFilter#filter(String)} is called for a not whitelisted class.
 * Then: {@link SecurityException} is thrown
 * </pre>
 */
@Test(expected = SecurityException.class)
public void testClassNotInWhitelist() {
    JavaSerializationFilterConfig config = new JavaSerializationFilterConfig().setDefaultsDisabled(true);
    config.getWhitelist().addClasses("java.lang.Test1", "java.lang.Test2", "java.lang.Test3");
    new SerializationClassNameFilter(config).filter("java.lang.Test4");
}
Also used : SerializationClassNameFilter(com.hazelcast.internal.serialization.SerializationClassNameFilter) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 3 with SerializationClassNameFilter

use of com.hazelcast.internal.serialization.SerializationClassNameFilter in project hazelcast by hazelcast.

the class SerializationClassNameFilterTest method testBlacklistPrefix.

/**
 * <pre>
 * Given: Blacklist with prefix is used which overlaps default whitelist.
 * When: {@link SerializationClassNameFilter#filter(String)} is called for a class which fits default whitelist
 *        but it's also blacklisted.
 * Then: {@link SecurityException} is thrown
 * </pre>
 */
@Test(expected = SecurityException.class)
public void testBlacklistPrefix() {
    JavaSerializationFilterConfig config = new JavaSerializationFilterConfig();
    config.getBlacklist().addPrefixes("com.hazelcast.test");
    new SerializationClassNameFilter(config).filter("com.hazelcast.test.Test1");
}
Also used : SerializationClassNameFilter(com.hazelcast.internal.serialization.SerializationClassNameFilter) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 4 with SerializationClassNameFilter

use of com.hazelcast.internal.serialization.SerializationClassNameFilter in project hazelcast by hazelcast.

the class SerializationClassNameFilterTest method testDefaultPass.

/**
 * <pre>
 * Given: Default configuration is used.
 * When: {@link SerializationClassNameFilter#filter(String)} is called for a java.lang class
 * Then: no exception is thrown as the java prefix is in the default whitelist
 * </pre>
 */
@Test
public void testDefaultPass() {
    JavaSerializationFilterConfig config = new JavaSerializationFilterConfig();
    new SerializationClassNameFilter(config).filter("java.lang.Object");
}
Also used : SerializationClassNameFilter(com.hazelcast.internal.serialization.SerializationClassNameFilter) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Example 5 with SerializationClassNameFilter

use of com.hazelcast.internal.serialization.SerializationClassNameFilter in project hazelcast by hazelcast.

the class SerializationClassNameFilterTest method testBlacklistedWithDefaultWhitelist.

/**
 * <pre>
 * Given: Blacklist is used and defaults are enabled.
 * When: {@link SerializationClassNameFilter#filter(String)} is called for a class which is fits default whitelist
 *        but it's also blacklisted.
 * Then: {@link SecurityException} is thrown
 * </pre>
 */
@Test(expected = SecurityException.class)
public void testBlacklistedWithDefaultWhitelist() {
    JavaSerializationFilterConfig config = new JavaSerializationFilterConfig();
    config.getBlacklist().addClasses("java.lang.Test3", "java.lang.Test2", "java.lang.Test1");
    new SerializationClassNameFilter(config).filter("java.lang.Test1");
}
Also used : SerializationClassNameFilter(com.hazelcast.internal.serialization.SerializationClassNameFilter) JavaSerializationFilterConfig(com.hazelcast.config.JavaSerializationFilterConfig) QuickTest(com.hazelcast.test.annotation.QuickTest) Test(org.junit.Test)

Aggregations

JavaSerializationFilterConfig (com.hazelcast.config.JavaSerializationFilterConfig)7 SerializationClassNameFilter (com.hazelcast.internal.serialization.SerializationClassNameFilter)7 QuickTest (com.hazelcast.test.annotation.QuickTest)6 Test (org.junit.Test)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial