Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Helidon JEP290 filter should merge with already programmatically configured one #6919

Closed
danielkec opened this issue May 29, 2023 · 2 comments
Closed

Helidon JEP290 filter should merge with already programmatically configured one #6919

danielkec opened this issue May 29, 2023 · 2 comments
Assignees
@tomas-langer
Labels
bug Something isn't working P2 security
Milestone
4.0.0-M2

Comments

@danielkec
Copy link
Contributor

Right now, if 3rd party library sets serialization filter over official API before Helidon sets its own, Helidons configuration is ignored.

Environment Details

  • Helidon Version: 3.x, 4.x
@m0mus m0mus added the security label May 30, 2023
@m0mus m0mus added P2 bug Something isn't working labels May 30, 2023
@tomas-langer
Copy link
Member

I have just tried with Helidon 3 and it fails as expected:
in main of my quickstart:

ObjectInputFilter filter = ObjectInputFilter.Config.createFilter("io.examples.helidon.nima.TheType");
ObjectInputFilter.Config.setSerialFilter(filter);

When I start webserver:

Exception in thread "main" java.lang.IllegalStateException: Custom JDK Serialization Filter is not configured to reject all classes. Helidon can only run with allow-list. Please add '!*' as the last pattern.
	at io.helidon.common.SerializationConfig.handleBadFilter(SerializationConfig.java:283)
	at io.helidon.common.SerializationConfig.validateExistingFilter(SerializationConfig.java:254)
	at io.helidon.common.SerializationConfig.doConfigure(SerializationConfig.java:217)
	at io.helidon.common.SerializationConfig.configureDefaults(SerializationConfig.java:138)
	at io.helidon.common.SerializationConfig.configureRuntime(SerializationConfig.java:129)
	at io.helidon.webserver.NettyWebServer.start(NettyWebServer.java:218)
	at me.tomas.se.quickstart.Main.startServer(Main.java:57)

@tomas-langer
Copy link
Member

tomas-langer commented Jun 22, 2023
edited
Loading

In helidon 4, we do not configureRuntime from Níma webserver, that needs to be added

@tomas-langer tomas-langer mentioned this issue Aug 8, 2023
Merged
@tomas-langer tomas-langer added this to the 4.0.0-M2 milestone Aug 8, 2023
@m0mus m0mus added this to Backlog Aug 12, 2024
@m0mus m0mus moved this to Closed in Backlog Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tomas-langer tomas-langer

Labels
bug Something isn't working P2 security
Projects
Backlog
Archived in project
Milestone
4.0.0-M2
Development

No branches or pull requests
3 participants
@danielkec @m0mus @tomas-langer