From 9e2f2069420790004590fa6faa987b39cdc536a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Oct 2021 14:03:00 +0000 Subject: [PATCH 1/3] Bump axon.version from 4.5.3 to 4.5.4 Bumps `axon.version` from 4.5.3 to 4.5.4. Updates `axon-eventsourcing` from 4.5.3 to 4.5.4 - [Release notes](https://github.com/AxonFramework/AxonFramework/releases) - [Changelog](https://github.com/AxonFramework/AxonFramework/blob/master/axon-4-api-changes.md) - [Commits](https://github.com/AxonFramework/AxonFramework/compare/axon-4.5.3...axon-4.5.4) Updates `axon-spring` from 4.5.3 to 4.5.4 - [Release notes](https://github.com/AxonFramework/AxonFramework/releases) - [Changelog](https://github.com/AxonFramework/AxonFramework/blob/master/axon-4-api-changes.md) - [Commits](https://github.com/AxonFramework/AxonFramework/compare/axon-4.5.3...axon-4.5.4) Updates `axon-eventsourcing` from 4.5.3 to 4.5.4 - [Release notes](https://github.com/AxonFramework/AxonFramework/releases) - [Changelog](https://github.com/AxonFramework/AxonFramework/blob/master/axon-4-api-changes.md) - [Commits](https://github.com/AxonFramework/AxonFramework/compare/axon-4.5.3...axon-4.5.4) Updates `axon-spring-boot-starter` from 4.5.3 to 4.5.4 - [Release notes](https://github.com/AxonFramework/AxonFramework/releases) - [Changelog](https://github.com/AxonFramework/AxonFramework/blob/master/axon-4-api-changes.md) - [Commits](https://github.com/AxonFramework/AxonFramework/compare/axon-4.5.3...axon-4.5.4) --- updated-dependencies: - dependency-name: org.axonframework:axon-eventsourcing dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.axonframework:axon-spring dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.axonframework:axon-eventsourcing:tests dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.axonframework:axon-spring-boot-starter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index bc313b7..cc68683 100644 --- a/pom.xml +++ b/pom.xml @@ -47,7 +47,7 @@ UTF-8 - 4.5.3 + 4.5.4 4.3.2 1.7.32 From 01472ae8d03046d790ada8074b89fb7a077173b3 Mon Sep 17 00:00:00 2001 From: Steven van Beelen Date: Mon, 4 Oct 2021 10:01:03 +0200 Subject: [PATCH 2/3] Adjust Serializer wiring - Use a supplier of the Serializer, to ensure XStream isn't on the classpath when users don't want it - Log a warning whenever the defaultSerializer is used, since users should provide their own XStream instance at all times #133 --- .../saga/repository/MongoSagaStore.java | 30 ++++++++++++++----- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/mongo/src/main/java/org/axonframework/extensions/mongo/eventhandling/saga/repository/MongoSagaStore.java b/mongo/src/main/java/org/axonframework/extensions/mongo/eventhandling/saga/repository/MongoSagaStore.java index b5cd16b..061e212 100644 --- a/mongo/src/main/java/org/axonframework/extensions/mongo/eventhandling/saga/repository/MongoSagaStore.java +++ b/mongo/src/main/java/org/axonframework/extensions/mongo/eventhandling/saga/repository/MongoSagaStore.java @@ -26,16 +26,20 @@ import org.axonframework.serialization.Serializer; import org.axonframework.serialization.xml.XStreamSerializer; import org.bson.Document; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import java.lang.invoke.MethodHandles; import java.util.Set; import java.util.TreeSet; +import java.util.function.Supplier; import static com.mongodb.client.model.Projections.include; import static org.axonframework.common.BuilderUtils.assertNonNull; /** - * Implementations of the SagaRepository that stores Sagas and their associations in a Mongo Database. Each Saga and - * its associations is stored as a single document. + * Implementations of the SagaRepository that stores Sagas and their associations in a Mongo Database. Each Saga and its + * associations is stored as a single document. * * @author Jettro Coenradie * @author Allard Buijze @@ -43,21 +47,23 @@ */ public class MongoSagaStore implements SagaStore { + private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); + private final MongoTemplate mongoTemplate; private final Serializer serializer; /** * Instantiate a {@link MongoSagaStore} based on the fields contained in the {@link Builder}. *

- * Will assert that the {@link MongoTemplate} is not {@code null}, and will throw an - * {@link AxonConfigurationException} if it is {@code null}. + * Will assert that the {@link MongoTemplate} is not {@code null}, and will throw an {@link + * AxonConfigurationException} if it is {@code null}. * * @param builder the {@link Builder} used to instantiate a {@link MongoSagaStore} instance */ protected MongoSagaStore(Builder builder) { builder.validate(); this.mongoTemplate = builder.mongoTemplate; - this.serializer = builder.serializer; + this.serializer = builder.serializer.get(); } /** @@ -156,7 +162,7 @@ private String getSagaTypeName(Class sagaType) { public static class Builder { private MongoTemplate mongoTemplate; - private Serializer serializer = XStreamSerializer.builder().build(); + private Supplier serializer; /** * Sets the {@link MongoTemplate} providing access to the collections. @@ -178,7 +184,7 @@ public Builder mongoTemplate(MongoTemplate mongoTemplate) { */ public Builder serializer(Serializer serializer) { assertNonNull(serializer, "Serializer may not be null"); - this.serializer = serializer; + this.serializer = () -> serializer; return this; } @@ -199,6 +205,16 @@ public MongoSagaStore build() { */ protected void validate() throws AxonConfigurationException { assertNonNull(mongoTemplate, "The MongoTemplate is a hard requirement and should be provided"); + if (serializer == null) { + logger.warn( + "The default XStreamSerializer is used, whereas it is strongly recommended to configure" + + " the security context of the XStream instance.", + new AxonConfigurationException( + "A default XStreamSerializer is used, without specifying the security context" + ) + ); + serializer = XStreamSerializer::defaultSerializer; + } } } } From 245d05dd5a7cf24d319b06e048f29cb655a26ef2 Mon Sep 17 00:00:00 2001 From: Steven van Beelen Date: Mon, 4 Oct 2021 10:07:51 +0200 Subject: [PATCH 3/3] Fix test Add XStream instance to XStreamSerializer construction per new requirement #133 --- .../mongo/eventsourcing/tokenstore/MongoTokenStoreTest.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mongo/src/test/java/org/axonframework/extensions/mongo/eventsourcing/tokenstore/MongoTokenStoreTest.java b/mongo/src/test/java/org/axonframework/extensions/mongo/eventsourcing/tokenstore/MongoTokenStoreTest.java index b6c21aa..55d29cd 100644 --- a/mongo/src/test/java/org/axonframework/extensions/mongo/eventsourcing/tokenstore/MongoTokenStoreTest.java +++ b/mongo/src/test/java/org/axonframework/extensions/mongo/eventsourcing/tokenstore/MongoTokenStoreTest.java @@ -19,6 +19,7 @@ import com.mongodb.client.ListIndexesIterable; import com.mongodb.client.MongoCollection; import com.mongodb.client.MongoCursor; +import com.thoughtworks.xstream.XStream; import org.axonframework.eventhandling.GlobalSequenceTrackingToken; import org.axonframework.eventhandling.TrackingToken; import org.axonframework.eventhandling.tokenstore.TokenStore; @@ -276,7 +277,9 @@ void testConcurrentAccess() throws Exception { @Test void testStoreAndFetchTokenResultsInTheSameTokenWithXStreamSerializer() { TokenStore tokenStore = MongoTokenStore.builder() - .serializer(XStreamSerializer.builder().build()) + .serializer(XStreamSerializer.builder() + .xStream(new XStream()) + .build()) .mongoTemplate(mongoTemplate) .claimTimeout(claimTimeout) .contentType(contentType)