Questions about Checker in the new version

[pandalee99]

Recently, I've been working on sofa-rpc incorporating fury, and the version I've been using is 0.1.0, which has a feature that requires whitelisted classes to be registered. From the results, its seems to be the same i make this:

clazz = Class.forName(className);
fury.register(clazz);

But in the new version(0.1.1), I found checker So, I thought about changing the code to:

AllowListChecker checker = new AllowListChecker(AllowListChecker.CheckLevel.STRICT);
fury.getClassResolver().setClassChecker(checker);
checker.allowClass(className);

but I have a few questions: 1, compared with the native way to register, checker will have any characteristics 2, compared with the two, which efficiency will be better? Because checker implementations can be too complex

[chaokunyang]

@pandalee99 Good question.

Which to use

register need be consistent between all processes, otherwise the deserialization will thown error. For axample, if you have objects of class A and B for serialziation, and process 1 for serialization, process 2 for deserialization. If process1 register A and B, but process 2 only A, then the deserialiation in process2 will fail.

It's easy to keep consistent between processes if all process are in your control such as spark/flink jobs. Register is suitable for such cases.

But if you use sofa/dubbo services, different services may have different register order and registered classes. All services will upgreade independently. In such cases, deserialization may raise exception. checker should be used for such cases whose registerd classses are different between serialization and deserialization process.

efficiency

Register is more efficient than class checker, because it write classname as an id. For services, we suggest to register common system classes, and let checker to check user classes.

[pandalee99]

Good idea, thanks