Hessian whitelist2 (#6486)

Author: chickenlj

dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2ObjectInput.java

@@ -18,6 +18,7 @@
 
 import com.alibaba.com.caucho.hessian.io.Hessian2Input;
 import com.alibaba.dubbo.common.serialize.ObjectInput;
+import com.alibaba.dubbo.common.serialize.hessian2.dubbo.Hessian2FactoryUtil;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -31,7 +32,7 @@ public class Hessian2ObjectInput implements ObjectInput {
 
     public Hessian2ObjectInput(InputStream is) {
         mH2i = new Hessian2Input(is);
-        mH2i.setSerializerFactory(Hessian2SerializerFactory.SERIALIZER_FACTORY);
+        mH2i.setSerializerFactory(Hessian2FactoryUtil.getInstance().getSerializerFactory());
     }
 
     @Override

dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2ObjectOutput.java

@@ -18,6 +18,7 @@
 
 import com.alibaba.com.caucho.hessian.io.Hessian2Output;
 import com.alibaba.dubbo.common.serialize.ObjectOutput;
+import com.alibaba.dubbo.common.serialize.hessian2.dubbo.Hessian2FactoryUtil;
 
 import java.io.IOException;
 import java.io.OutputStream;
@@ -30,7 +31,7 @@ public class Hessian2ObjectOutput implements ObjectOutput {
 
     public Hessian2ObjectOutput(OutputStream os) {
         mH2o = new Hessian2Output(os);
-        mH2o.setSerializerFactory(Hessian2SerializerFactory.SERIALIZER_FACTORY);
+        mH2o.setSerializerFactory(Hessian2FactoryUtil.getInstance().getSerializerFactory());
     }
 
     @Override

dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/Hessian2SerializerFactory.java

@@ -17,38 +17,10 @@
 package com.alibaba.dubbo.common.serialize.hessian2;
 
 import com.alibaba.com.caucho.hessian.io.SerializerFactory;
-import com.alibaba.dubbo.common.utils.ConfigUtils;
-import com.alibaba.dubbo.common.utils.StringUtils;
 
 public class Hessian2SerializerFactory extends SerializerFactory {
-    private static final String WHITELIST = "dubbo.application.hessian2.whitelist";
-    private static final String ALLOW = "dubbo.application.hessian2.allow";
-    private static final String DENY = "dubbo.application.hessian2.deny";
 
-    public static final SerializerFactory SERIALIZER_FACTORY;
-
-    /**
-     * see https://github.com/ebourg/hessian/commit/cf851f5131707891e723f7f6a9718c2461aed826
-     */
-    static {
-        SERIALIZER_FACTORY = new Hessian2SerializerFactory();
-        String whiteList = ConfigUtils.getProperty(WHITELIST);
-        if ("true".equals(whiteList)) {
-            SERIALIZER_FACTORY.getClassFactory().setWhitelist(true);
-            String allowPattern = ConfigUtils.getProperty(ALLOW);
-            if (StringUtils.isNotEmpty(allowPattern)) {
-                SERIALIZER_FACTORY.getClassFactory().allow(allowPattern);
-            }
-        } else {
-            SERIALIZER_FACTORY.getClassFactory().setWhitelist(false);
-            String denyPattern = ConfigUtils.getProperty(DENY);
-            if (StringUtils.isNotEmpty(denyPattern)) {
-                SERIALIZER_FACTORY.getClassFactory().deny(denyPattern);
-            }
-        }
-    }
-
-    private Hessian2SerializerFactory() {
+    public Hessian2SerializerFactory() {
     }
 
     @Override

dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/AbstractHessian2FactoryInitializer.java

@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.dubbo.common.serialize.hessian2.dubbo;
+
+import com.alibaba.com.caucho.hessian.io.SerializerFactory;
+
+public abstract class AbstractHessian2FactoryInitializer implements Hessian2FactoryInitializer {
+    private static SerializerFactory SERIALIZER_FACTORY;
+
+    @Override
+    public SerializerFactory getSerializerFactory() {
+        if (SERIALIZER_FACTORY != null) {
+            return SERIALIZER_FACTORY;
+        }
+        synchronized (this) {
+            SERIALIZER_FACTORY = createSerializerFactory();
+        }
+        return SERIALIZER_FACTORY;
+    }
+
+    protected abstract SerializerFactory createSerializerFactory();
+}

dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/DefaultHessian2FactoryInitializer.java

@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.dubbo.common.serialize.hessian2.dubbo;
+
+import com.alibaba.com.caucho.hessian.io.SerializerFactory;
+import com.alibaba.dubbo.common.serialize.hessian2.Hessian2SerializerFactory;
+
+public class DefaultHessian2FactoryInitializer extends AbstractHessian2FactoryInitializer {
+    @Override
+    protected SerializerFactory createSerializerFactory() {
+        return new Hessian2SerializerFactory();
+    }
+}

dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/Hessian2FactoryInitializer.java

@@ -0,0 +1,25 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.dubbo.common.serialize.hessian2.dubbo;
+
+import com.alibaba.com.caucho.hessian.io.SerializerFactory;
+import com.alibaba.dubbo.common.extension.SPI;
+
+@SPI("default")
+public interface Hessian2FactoryInitializer {
+    SerializerFactory getSerializerFactory();
+}

dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/Hessian2FactoryUtil.java

@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.dubbo.common.serialize.hessian2.dubbo;
+
+import com.alibaba.dubbo.common.extension.ExtensionLoader;
+import com.alibaba.dubbo.common.utils.ConfigUtils;
+import com.alibaba.dubbo.common.utils.StringUtils;
+
+public class Hessian2FactoryUtil {
+    static String WHITELIST = "dubbo.application.hessian2.whitelist";
+    static String ALLOW = "dubbo.application.hessian2.allow";
+    static String DENY = "dubbo.application.hessian2.deny";
+    static ExtensionLoader<Hessian2FactoryInitializer> loader = ExtensionLoader.getExtensionLoader(Hessian2FactoryInitializer.class);
+
+    public static Hessian2FactoryInitializer getInstance() {
+        String whitelist = ConfigUtils.getProperty(WHITELIST);
+        if (StringUtils.isNotEmpty(whitelist)) {
+            return loader.getExtension("whitelist");
+        }
+        return loader.getDefaultExtension();
+    }
+}

dubbo-serialization/dubbo-serialization-hessian2/src/main/java/com/alibaba/dubbo/common/serialize/hessian2/dubbo/WhitelistHessian2FactoryInitializer.java

@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.dubbo.common.serialize.hessian2.dubbo;
+
+import com.alibaba.com.caucho.hessian.io.SerializerFactory;
+import com.alibaba.dubbo.common.serialize.hessian2.Hessian2SerializerFactory;
+import com.alibaba.dubbo.common.utils.ConfigUtils;
+import com.alibaba.dubbo.common.utils.StringUtils;
+
+import static com.alibaba.dubbo.common.serialize.hessian2.dubbo.Hessian2FactoryUtil.ALLOW;
+import static com.alibaba.dubbo.common.serialize.hessian2.dubbo.Hessian2FactoryUtil.DENY;
+import static com.alibaba.dubbo.common.serialize.hessian2.dubbo.Hessian2FactoryUtil.WHITELIST;
+
+/**
+ * see https://github.com/ebourg/hessian/commit/cf851f5131707891e723f7f6a9718c2461aed826
+ */
+public class WhitelistHessian2FactoryInitializer extends AbstractHessian2FactoryInitializer {
+
+    @Override
+    public SerializerFactory createSerializerFactory() {
+        SerializerFactory serializerFactory = new Hessian2SerializerFactory();
+        String whiteList = ConfigUtils.getProperty(WHITELIST);
+        if ("true".equals(whiteList)) {
+            serializerFactory.getClassFactory().setWhitelist(true);
+            String allowPattern = ConfigUtils.getProperty(ALLOW);
+            if (StringUtils.isNotEmpty(allowPattern)) {
+                serializerFactory.getClassFactory().allow(allowPattern);
+            }
+        } else {
+            serializerFactory.getClassFactory().setWhitelist(false);
+            String denyPattern = ConfigUtils.getProperty(DENY);
+            if (StringUtils.isNotEmpty(denyPattern)) {
+                serializerFactory.getClassFactory().deny(denyPattern);
+            }
+        }
+        return serializerFactory;
+    }
+
+}

dubbo-serialization/dubbo-serialization-hessian2/src/main/resources/META-INF/dubbo/internal/com.alibaba.dubbo.common.serialize.hessian2.dubbo.Hessian2FactoryInitializer

@@ -0,0 +1,2 @@
+default=com.alibaba.dubbo.common.serialize.hessian2.dubbo.DefaultHessian2FactoryInitializer
+whitelist=com.alibaba.dubbo.common.serialize.hessian2.dubbo.WhitelistHessian2FactoryInitializer