search

apache / dubbo

The java implementation of Apache Dubbo. An RPC and microservice framework.
https://dubbo.apache.org/
Apache License 2.0
40.5k stars 26.43k forks source link

当接口调用传参为对象时引发一个序列化白名单的错误,提示让我把类加入白名单,要怎么操作? #12014

Open CoCoYuYuan opened 1 year ago

CoCoYuYuan commented 1 year ago

我尝试过在网上看其他项目去解决这个问题,但我没有找到可以解决的,问过chatGpt,它们给出来的答案都不生效,所以来请教一下这个我要怎么去设置?是在消费层出现的错误 下面是我消费层关于dubbo的设置,再下面就是消费层的报错信息。

dubbo: application: name: cloud-demo-nacos-order-consumer qos-enable: false registry: address: nacos://localhost:8848

2023-04-04 16:59:36.027 ERROR 10204 --- [lientWorker-4-1] o.a.d.c.u.DefaultSerializeClassChecker : [DUBBO] [Serialization Security] Serialized class org.apache.catalina.connector.RequestFacade is in disallow list. Current mode is WARN, will disallow to deserialize it by default. Please add it into security/serialize.allowlist or follow FAQ to configure it., dubbo version: 3.1.8, current host: 192.168.110.1, error code: 4-21. This may be caused by , go to https://dubbo.apache.org/faq/4/21 to find instructions.

2023-04-04 16:59:36.041 ERROR 10204 --- [p-nio-88-exec-1] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.apache.dubbo.rpc.RpcException: Failed to invoke the method add in the service com.lc.service.ITestInfoService. Tried 3 times of the providers [192.168.110.1:20880] (1/1) from the registry localhost:8848 on the consumer 192.168.110.1 using the dubbo version 3.1.8. Last error is: Failed to invoke remote method: add, provider: DefaultServiceInstance{serviceName='cloud-provider-service', host='192.168.110.1', port=20880, enabled=true, healthy=true, metadata={dubbo.metadata-service.url-params={"connections":"1","version":"1.0.0","dubbo":"2.0.2","release":"3.1.8","side":"provider","port":"20880","protocol":"dubbo"}, dubbo.endpoints=[{"port":20880,"protocol":"dubbo"}], dubbo.metadata.revision=4d666a0dcbf546a2f9a43c423b9d40fe, dubbo.metadata.storage-type=local, timestamp=1680596517041}}, service{name='com.lc.service.ITestInfoService',group='null',version='null',protocol='dubbo',port='20880',params={check.serializable=true, side=provider, release=3.1.8, methods=add,addBatch,count,count,delete,deleteBack,deleteBatch,deleteBatchBack,get,getBaseMapper,getById,getEntityClass,getMap,getObj,getOne,getOne,ktQuery,ktUpdate,lambdaQuery,lambdaQuery,lambdaUpdate,list,list,listByIds,listByLike,listByMap,listMaps,listMaps,listObjs,listObjs,listObjs,listObjs,page,page,pageByCondition,pageByLike,pageMaps,pageMaps,query,remove,removeBatchByIds,removeBatchByIds,removeBatchByIds,removeBatchByIds,removeById,removeById,removeById,removeByIds,removeByIds,removeByMap,save,saveBatch,saveBatch,saveOrUpdate,saveOrUpdate,saveOrUpdateBatch,saveOrUpdateBatch,update,update,update,update,updateBack,updateBatchById,updateBatchById,updateById, deprecated=false, dubbo=2.0.2, interface=com.lc.service.ITestInfoService, service-name-mapping=true, generic=false, application=cloud-provider-service, background=false, dynamic=true, anyhost=true},}, cause: org.apache.dubbo.remoting.RemotingException: io.netty.handler.codec.EncoderException: java.lang.IllegalArgumentException: [Serialization Security] Serialized class org.apache.catalina.connector.RequestFacade is in disallow list. Current mode is WARN, will disallow to deserialize it by default. Please add it into security/serialize.allowlist or follow FAQ to configure it. io.netty.handler.codec.EncoderException: java.lang.IllegalArgumentException: [Serialization Security] Serialized class org.apache.catalina.connector.RequestFacade is in disallow list. Current mode is WARN, will disallow to deserialize it by default. Please add it into security/serialize.allowlist or follow FAQ to configure it. at io.netty.handler.codec.MessageToByteEncoder.write(MessageToByteEncoder.java:125) at io.netty.channel.AbstractChannelHandlerContext.invokeWrite0(AbstractChannelHandlerContext.java:881) at io.netty.channel.AbstractChannelHandlerContext.invokeWrite(AbstractChannelHandlerContext.java:863) at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:968) at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:856) at io.netty.handler.timeout.IdleStateHandler.write(IdleStateHandler.java:304) at io.netty.channel.AbstractChannelHandlerContext.invokeWrite0(AbstractChannelHandlerContext.java:879) at io.netty.channel.AbstractChannelHandlerContext.invokeWrite(AbstractChannelHandlerContext.java:863) at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:968) at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:856) at io.netty.channel.ChannelDuplexHandler.write(ChannelDuplexHandler.java:115) at org.apache.dubbo.remoting.transport.netty4.NettyClientHandler.write(NettyClientHandler.java:88) at io.netty.channel.AbstractChannelHandlerContext.invokeWrite0(AbstractChannelHandlerContext.java:879) at io.netty.channel.AbstractChannelHandlerContext.invokeWriteAndFlush(AbstractChannelHandlerContext.java:940) at io.netty.channel.AbstractChannelHandlerContext$WriteTask.run(AbstractChannelHandlerContext.java:1247) at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174) at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167) at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:569) at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.IllegalArgumentException: [Serialization Security] Serialized class org.apache.catalina.connector.RequestFacade is in disallow list. Current mode is WARN, will disallow to deserialize it by default. Please add it into security/serialize.allowlist or follow FAQ to configure it. at org.apache.dubbo.common.utils.DefaultSerializeClassChecker.loadClass0(DefaultSerializeClassChecker.java:165) at org.apache.dubbo.common.utils.DefaultSerializeClassChecker.loadClass(DefaultSerializeClassChecker.java:104) at org.apache.dubbo.common.serialize.hessian2.Hessian2SerializerFactory.getDefaultSerializer(Hessian2SerializerFactory.java:49) at com.alibaba.com.caucho.hessian.io.SerializerFactory.getSerializer(SerializerFactory.java:393) at com.alibaba.com.caucho.hessian.io.Hessian2Output.writeObject(Hessian2Output.java:411) at org.apache.dubbo.common.serialize.hessian2.Hessian2ObjectOutput.writeObject(Hessian2ObjectOutput.java:99) at org.apache.dubbo.rpc.protocol.dubbo.DubboCodec.encodeRequestData(DubboCodec.java:208) at org.apache.dubbo.remoting.exchange.codec.ExchangeCodec.encodeRequest(ExchangeCodec.java:261) at org.apache.dubbo.remoting.exchange.codec.ExchangeCodec.encode(ExchangeCodec.java:75) at org.apache.dubbo.rpc.protocol.dubbo.DubboCountCodec.encode(DubboCountCodec.java:47) at org.apache.dubbo.remoting.transport.netty4.NettyCodecAdapter$InternalEncoder.encode(NettyCodecAdapter.java:69) at io.netty.handler.codec.MessageToByteEncoder.write(MessageToByteEncoder.java:107) ... 22 more ] with root cause

org.apache.dubbo.remoting.RemotingException: io.netty.handler.codec.EncoderException: java.lang.IllegalArgumentException: [Serialization Security] Serialized class org.apache.catalina.connector.RequestFacade is in disallow list. Current mode is WARN, will disallow to deserialize it by default. Please add it into security/serialize.allowlist or follow FAQ to configure it. io.netty.handler.codec.EncoderException: java.lang.IllegalArgumentException: [Serialization Security] Serialized class org.apache.catalina.connector.RequestFacade is in disallow list. Current mode is WARN, will disallow to deserialize it by default. Please add it into security/serialize.allowlist or follow FAQ to configure it. at io.netty.handler.codec.MessageToByteEncoder.write(MessageToByteEncoder.java:125) at io.netty.channel.AbstractChannelHandlerContext.invokeWrite0(AbstractChannelHandlerContext.java:881) at io.netty.channel.AbstractChannelHandlerContext.invokeWrite(AbstractChannelHandlerContext.java:863) at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:968) at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:856) at io.netty.handler.timeout.IdleStateHandler.write(IdleStateHandler.java:304) at io.netty.channel.AbstractChannelHandlerContext.invokeWrite0(AbstractChannelHandlerContext.java:879) at io.netty.channel.AbstractChannelHandlerContext.invokeWrite(AbstractChannelHandlerContext.java:863) at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:968) at io.netty.channel.AbstractChannelHandlerContext.write(AbstractChannelHandlerContext.java:856) at io.netty.channel.ChannelDuplexHandler.write(ChannelDuplexHandler.java:115) at org.apache.dubbo.remoting.transport.netty4.NettyClientHandler.write(NettyClientHandler.java:88) at io.netty.channel.AbstractChannelHandlerContext.invokeWrite0(AbstractChannelHandlerContext.java:879) at io.netty.channel.AbstractChannelHandlerContext.invokeWriteAndFlush(AbstractChannelHandlerContext.java:940) at io.netty.channel.AbstractChannelHandlerContext$WriteTask.run(AbstractChannelHandlerContext.java:1247) at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174) at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167) at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:569) at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.IllegalArgumentException: [Serialization Security] Serialized class org.apache.catalina.connector.RequestFacade is in disallow list. Current mode is WARN, will disallow to deserialize it by default. Please add it into security/serialize.allowlist or follow FAQ to configure it. at org.apache.dubbo.common.utils.DefaultSerializeClassChecker.loadClass0(DefaultSerializeClassChecker.java:165) at org.apache.dubbo.common.utils.DefaultSerializeClassChecker.loadClass(DefaultSerializeClassChecker.java:104) at org.apache.dubbo.common.serialize.hessian2.Hessian2SerializerFactory.getDefaultSerializer(Hessian2SerializerFactory.java:49) at com.alibaba.com.caucho.hessian.io.SerializerFactory.getSerializer(SerializerFactory.java:393) at com.alibaba.com.caucho.hessian.io.Hessian2Output.writeObject(Hessian2Output.java:411) at org.apache.dubbo.common.serialize.hessian2.Hessian2ObjectOutput.writeObject(Hessian2ObjectOutput.java:99) at org.apache.dubbo.rpc.protocol.dubbo.DubboCodec.encodeRequestData(DubboCodec.java:208) at org.apache.dubbo.remoting.exchange.codec.ExchangeCodec.encodeRequest(ExchangeCodec.java:261) at org.apache.dubbo.remoting.exchange.codec.ExchangeCodec.encode(ExchangeCodec.java:75) at org.apache.dubbo.rpc.protocol.dubbo.DubboCountCodec.encode(DubboCountCodec.java:47) at org.apache.dubbo.remoting.transport.netty4.NettyCodecAdapter$InternalEncoder.encode(NettyCodecAdapter.java:69) at io.netty.handler.codec.MessageToByteEncoder.write(MessageToByteEncoder.java:107) ... 22 more

at org.apache.dubbo.remoting.exchange.support.DefaultFuture.doReceived(DefaultFuture.java:224) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.remoting.exchange.support.DefaultFuture.received(DefaultFuture.java:186) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.remoting.exchange.support.DefaultFuture.received(DefaultFuture.java:174) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.remoting.exchange.support.header.HeaderExchangeHandler.handleResponse(HeaderExchangeHandler.java:62) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.remoting.exchange.support.header.HeaderExchangeHandler.received(HeaderExchangeHandler.java:183) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.remoting.transport.DecodeHandler.received(DecodeHandler.java:53) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.remoting.transport.dispatcher.ChannelEventRunnable.run(ChannelEventRunnable.java:62) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.common.threadpool.ThreadlessExecutor$RunnableWrapper.run(ThreadlessExecutor.java:184) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.common.threadpool.ThreadlessExecutor.waitAndDrain(ThreadlessExecutor.java:103) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.AsyncRpcResult.get(AsyncRpcResult.java:194) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.protocol.AbstractInvoker.waitForResultIfSync(AbstractInvoker.java:266) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.protocol.AbstractInvoker.invoke(AbstractInvoker.java:186) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.listener.ListenerInvokerWrapper.invoke(ListenerInvokerWrapper.java:71) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.protocol.ReferenceCountInvokerWrapper.invoke(ReferenceCountInvokerWrapper.java:78) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.cluster.support.AbstractClusterInvoker.invokeWithContext(AbstractClusterInvoker.java:379) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.cluster.support.FailoverClusterInvoker.doInvoke(FailoverClusterInvoker.java:81) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.cluster.support.AbstractClusterInvoker.invoke(AbstractClusterInvoker.java:341) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.cluster.router.RouterSnapshotFilter.invoke(RouterSnapshotFilter.java:46) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:327) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.monitor.support.MonitorFilter.invoke(MonitorFilter.java:100) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:327) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.protocol.dubbo.filter.FutureFilter.invoke(FutureFilter.java:52) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:327) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.cluster.filter.support.ConsumerClassLoaderFilter.invoke(ConsumerClassLoaderFilter.java:40) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:327) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.cluster.filter.support.ConsumerContextFilter.invoke(ConsumerContextFilter.java:120) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:327) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CallbackRegistrationInvoker.invoke(FilterChainBuilder.java:194) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.cluster.support.wrapper.AbstractCluster$ClusterFilterInvoker.invoke(AbstractCluster.java:92) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.cluster.support.wrapper.MockClusterInvoker.invoke(MockClusterInvoker.java:103) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.registry.client.migration.MigrationInvoker.invoke(MigrationInvoker.java:282) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.proxy.InvocationUtil.invoke(InvocationUtil.java:57) ~[dubbo-3.1.8.jar:3.1.8]
at org.apache.dubbo.rpc.proxy.InvokerInvocationHandler.invoke(InvokerInvocationHandler.java:75) ~[dubbo-3.1.8.jar:3.1.8]
at com.lc.service.ITestInfoServiceDubboProxy10.add(ITestInfoServiceDubboProxy10.java) ~[classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_221]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_221]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_221]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_221]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) ~[spring-aop-5.3.26.jar:5.3.26]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208) ~[spring-aop-5.3.26.jar:5.3.26]
at com.sun.proxy.$Proxy149.add(Unknown Source) ~[na:na]
at com.lc.controller.TestInfoController.add(TestInfoController.java:52) ~[classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_221]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_221]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_221]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_221]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) ~[spring-web-5.3.26.jar:5.3.26]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150) ~[spring-web-5.3.26.jar:5.3.26]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117) ~[spring-webmvc-5.3.26.jar:5.3.26]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895) ~[spring-webmvc-5.3.26.jar:5.3.26]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808) ~[spring-webmvc-5.3.26.jar:5.3.26]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-5.3.26.jar:5.3.26]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1072) ~[spring-webmvc-5.3.26.jar:5.3.26]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:965) ~[spring-webmvc-5.3.26.jar:5.3.26]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.3.26.jar:5.3.26]
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909) ~[spring-webmvc-5.3.26.jar:5.3.26]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:528) ~[tomcat-embed-core-9.0.73.jar:4.0.FR]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.3.26.jar:5.3.26]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:596) ~[tomcat-embed-core-9.0.73.jar:4.0.FR]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-embed-websocket-9.0.73.jar:9.0.73]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at com.github.xiaoymin.knife4j.spring.filter.SecurityBasicAuthFilter.doFilter(SecurityBasicAuthFilter.java:87) ~[knife4j-spring-3.0.3.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-5.3.26.jar:5.3.26]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.26.jar:5.3.26]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.26.jar:5.3.26]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.26.jar:5.3.26]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.26.jar:5.3.26]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.26.jar:5.3.26]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96) ~[spring-boot-actuator-2.7.10.jar:2.7.10]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.26.jar:5.3.26]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.26.jar:5.3.26]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.26.jar:5.3.26]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) ~[tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) [tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492) [tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) [tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) [tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:389) [tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) [tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926) [tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791) [tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-embed-core-9.0.73.jar:9.0.73]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.73.jar:9.0.73]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_221]
CoCoYuYuan commented 1 year ago

我也观察了dubbo内的文档,可是只是提到了要security/serialize.allowlist 资源文件中声明您所使用的类名,Dubbo 将自动将其加载到安全列表中这么操作,没具体演示应该怎么弄,所以我很困惑

AlbumenJ commented 1 year ago

在resources 目录下创建 security/serialize.allowlist 文件,将你需要序列化的类填进去

CoCoYuYuan commented 1 year ago

我尝试了几种文件创建如: image 如: image 如: image

重新启动后还是一样的错误,文件里面的值我填充的是 com.lc.entity.TestInfo 请告知该如何弄,这让我很困惑

在resources 目录下创建 security/serialize.allowlist 文件,将你需要序列化的类填进去

AlbumenJ commented 1 year ago

image

CoCoYuYuan commented 1 year ago

image 添加了 image 可是还是提示一样错误,是我的依赖没有给对吗?我已经被这个东西弄晕了

CoCoYuYuan commented 1 year ago

或者有没有demo解决了这个问题的,我去参考解决下

liufeiyu1002 commented 1 year ago

resource/security/serialize.allowlist 这样吧。。 resource 下新建一个文件夹security 然后在 security 文件夹下新建 serialize.allowlist文件

CoCoYuYuan commented 1 year ago

我重新的创建了一下这些文件 如果是这样的话那似乎没生效? image

liufeiyu1002 commented 1 year ago

你的日志里 有这个开头的么 。。Read serialize allow list from

CoCoYuYuan commented 1 year ago

你的日志里 有这个开头的么 。。Read serialize allow list from

有的,启动完成后共有6处以Read serialize allow list from开头的数据, 2023-04-04 22:11:15.528 INFO 19992 --- [ main] o.a.d.c.u.SerializeSecurityConfigurator : [DUBBO] Read serialize allow list from file:/E:/workspace/new/cloud-immigrant/lc-consumer/lc-consumer-mobileProgram/target/classes/security/serialize.allowlist, dubbo version: 3.1.8, current host: 192.168.31.50 2023-04-04 22:11:15.529 INFO 19992 --- [ main] o.a.d.c.u.SerializeSecurityConfigurator : [DUBBO] Read serialize allow list from jar:file:/E:/development/Maven/newmaven/org/apache/dubbo/dubbo/3.1.8/dubbo-3.1.8.jar!/security/serialize.allowlist, dubbo version: 3.1.8, current host: 192.168.31.50

2023-04-04 22:11:15.588 INFO 19992 --- [ main] o.a.d.c.u.SerializeSecurityConfigurator : [DUBBO] Read serialize allow list from file:/E:/workspace/new/cloud-immigrant/lc-consumer/lc-consumer-mobileProgram/target/classes/security/serialize.allowlist, dubbo version: 3.1.8, current host: 192.168.31.50 2023-04-04 22:11:15.588 INFO 19992 --- [ main] o.a.d.c.u.SerializeSecurityConfigurator : [DUBBO] Read serialize allow list from jar:file:/E:/development/Maven/newmaven/org/apache/dubbo/dubbo/3.1.8/dubbo-3.1.8.jar!/security/serialize.allowlist, dubbo version: 3.1.8, current host: 192.168.31.50

2023-04-04 22:11:15.598 INFO 19992 --- [ main] o.a.d.c.u.SerializeSecurityConfigurator : [DUBBO] Read serialize allow list from file:/E:/workspace/new/cloud-immigrant/lc-consumer/lc-consumer-mobileProgram/target/classes/security/serialize.allowlist, dubbo version: 3.1.8, current host: 192.168.31.50 2023-04-04 22:11:15.598 INFO 19992 --- [ main] o.a.d.c.u.SerializeSecurityConfigurator : [DUBBO] Read serialize allow list from jar:file:/E:/development/Maven/newmaven/org/apache/dubbo/dubbo/3.1.8/dubbo-3.1.8.jar!/security/serialize.allowlist, dubbo version: 3.1.8, current host: 192.168.31.50

这么看上去是生效了的,不过我不清楚为什么还会报错

AlbumenJ commented 1 year ago

2023-04-04 22:11:15.528 INFO 19992 --- [ main] o.a.d.c.u.SerializeSecurityConfigurator : [DUBBO] Read serialize allow list from file:/E:/workspace/new/cloud-immigrant/lc-consumer/lc-consumer-mobileProgram/target/classes/security/serialize.allowlist, dubbo version: 3.1.8, current host: 192.168.31.50

3.1.x 版本的序列化校验不会导致调用报错的,麻烦把具体报错栈给贴一下

pinker-god commented 1 year ago

@AlbumenJ 同求,这个问题怎么解决?我3.2.2 还存在这个问题。 原因是我用了父类,子类,然后子类就反序列化不回来了,报不安全

AlbumenJ commented 1 year ago

https://cn.dubbo.apache.org/zh-cn/overview/mannual/java-sdk/advanced-features-and-usage/security/class-check/

penghcn commented 4 weeks ago

参考这个https://github.com/apache/dubbo/issues/13381,建议添加java参数-Ddubbo.application.serialize-check-status=WARN