Module io.helidon.common

Package io.helidon.common

Class SerializationConfig

java.lang.Object

io.helidon.common.SerializationConfig

public final class SerializationConfig
extends Object

Support for JEP 290 - deserialization filtering. Configuration options mentioned below will differ in Helidon 3.0.0, the following table lists the options:

Configuration Options

system property	2.x default	3.x default	description
PROP_WRONG_CONFIG_ACTION	warn - SerializationConfig.Action.WARN	fail - SerializationConfig.Action.FAIL	What to do if an existing global deserialization filter exists without a global reject-list.
PROP_NO_CONFIG_ACTION	warn - SerializationConfig.Action.WARN	configure - SerializationConfig.Action.CONFIGURE	What to do if there is no global deserialization filter.

Last option (not used by default) is to ignore the problem and do nothing (can be used both with wrong config and no config above).

Deserialization filtering in Helidon

Helidon serialization filter is implemented to support allow-lists, automatically rejecting all classes. Helidon restrictions are only enforced on the global filter.

Custom pattern

To add patterns to the serial filter, use a system property "helidon.serialFilter.pattern". This pattern follows the rules as defined by JDK. Helidon will add reject all as the last pattern if it is not already defined by it.

As an alternative, a file PROPERTY_FILE can be created on the classpath with the following content, to configure filter for a specific library. Do not add a global reject to these patterns!: pattern=oracle.sql.converter.*

Deserialization tracing

A tracing filter can be configured using system property "helidon.serialFilter.trace" to log information messages for each deserialization request.

To discover class patterns needed, set "no config" and "wrong config" actions to warn or ignore, and configure basic tracing.

Options are:

• none to disable tracing (this is the default)
• basic to enable basic tracing (only traces requests for class deserialization)
• full to enable full tracing (including sizes, depth etc.)

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	SerializationConfig.Action	What action to take if there is no global filter configured, or if the configuration is not according to Helidon expectations.
static class	SerializationConfig.Builder	Fluent API builder to customize SerializationConfig.
static class	SerializationConfig.TraceOption	Deserialization tracing options.

Method Summary

Modifier and Type	Method	Description
static SerializationConfig.Builder	builder()	Fluent API builder to configure options programmatically.
void	configure()	Configure deserialization filtering in the current VM.
static void	configureRuntime()	Make sure configuration is as expected.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

builder

public static SerializationConfig.Builder builder()

Fluent API builder to configure options programmatically. To use defaults (or system properties), see configureRuntime().

Returns:

a new builder for SerializationConfig

See Also:

configure()

configureRuntime

public static void configureRuntime()

Make sure configuration is as expected. This is a one-off call to set up global filter.

configure

public void configure()

Configure deserialization filtering in the current VM. Note that the global filter can be configured only once, so make sure this method is invoked as soon as possible. This class keeps static information about the initial configuration, so as long as the configuration is unchanged, this method may be called multiple times.

Throws:

IllegalStateException - in case this method is called multiple times with different configuration.