hessian dependency conflict

funky-eyes commented 7 months ago

Your question

seata 2.0使用了sofa-jraft做raft的集群部署,sofa-jraft使用了bolt做通信,当使用间接使用bolt进行rpc集群间通信时,由于seata所依赖的hessian版本为4.0.63,而sofa-bolt使用的是4.0.3 由于依赖冲突导致了无法正常使用相关功能,并且seata社区后续将会移除不再维护且漏洞较多的hessian,请问bolt社区这方面是否有相关替代产品计划,比如改用kryo,或者fury? 目前seata侧通过实现了个自定义的序列化器来处理该问题,但由于hessian是默认序列化器,在staic方法块中被加载,导致一定会触发异常,请问目前有什么好的办法能解决该问题吗?

Caused by: java.lang.InstantiationException: com.caucho.hessian.io.StackTraceElementDeserializer
    at java.lang.Class.newInstance(Class.java:427)
    at com.caucho.hessian.io.ContextSerializerFactory.init(ContextSerializerFactory.java:322)
    ... 22 common frames omitted
Caused by: java.lang.NoSuchMethodException: com.caucho.hessian.io.StackTraceElementDeserializer.<init>()
    at java.lang.Class.getConstructor0(Class.java:3082)
    at java.lang.Class.newInstance(Class.java:412)
    ... 23 common frames omitted
<==

Your scenes

describe your use scenes (why need this feature)

Your advice

describe the advice or solution you'd like

Environment

SOFABolt version:
JVM version (e.g. java -version):
OS version (e.g. uname -a):
Maven version:
IDE version:

funky-eyes commented 7 months ago

4.0.63

public class StackTraceElementDeserializer extends JavaDeserializer {
  public StackTraceElementDeserializer(FieldDeserializer2Factory fieldFactory)
  {
    super(StackTraceElement.class, fieldFactory);
  }

  @Override
  protected Constructor<?> getConstructor(Class<?> cl)
  {
    return null;
  }

  @Override
  protected Object instantiate()
    throws Exception
  {
    return new StackTraceElement("", "", "", 0);
  }
}

4.0.3

public class StackTraceElementDeserializer extends JavaDeserializer {
    public StackTraceElementDeserializer()
    {
        super(StackTraceElement.class);
    }

    @Override
    protected Object instantiate()
        throws Exception
    {
        return new StackTraceElement("", "", "", 0);
    }
}

chuailiwu commented 6 months ago

没理解为啥会有依赖冲突，hession版本可以在你的项目指定版本的

funky-eyes commented 6 months ago

没理解为啥会有依赖冲突，hession版本可以在你的项目指定版本的

sofa-bolt不支持高版本，我需要特地为他降级

funky-eyes commented 6 months ago

项目是开源社区共同维护，针对依赖版本问题无法由我个人决定，所以最好是可以互相兼容，不过这个pr合并了后应该没有问题了，我们自行扩展了jackson的实现，请问下有大概的发版日期吗？

chuailiwu commented 6 months ago

1.6.7 已经发布了，可以用这个版本

funky-eyes commented 6 months ago

谢谢

sofastack / sofa-bolt