public final class SerializationConfig extends Object
Support for JEP 290 - deserialization filtering. Configuration options mentioned below will differ in Helidon 3.0.0, the following table lists the options:
Configuration Options system property 2.x default 3.x default description
What to do if an existing global deserialization filter exists without a global reject-list.
What to do if there is no global deserialization filter.
ignorethe problem and do nothing (can be used both with wrong config and no config above).
Deserialization filtering in HelidonHelidon serialization filter is implemented to support allow-lists, automatically rejecting all classes. Helidon restrictions are only enforced on the global filter.
Custom patternTo add patterns to the serial filter, use a system property "helidon.serialFilter.pattern". This pattern follows the rules as defined by JDK. Helidon will add reject all as the last pattern if it is not already defined by it.
As an alternative, a file
PROPERTY_FILEcan be created on the classpath with the following content, to configure filter for a specific library. Do not add a global reject to these patterns!:
Deserialization tracingA tracing filter can be configured using system property "helidon.serialFilter.trace" to log information messages for each deserialization request.
To discover class patterns needed, set "no config" and "wrong config" actions to warn or ignore, and configureOptions are:
noneto disable tracing (this is the default)
basicto enable basic tracing (only traces requests for class deserialization)
fullto enable full tracing (including sizes, depth etc.)
Nested Class Summary
Nested Classes Modifier and Type Class Description
SerializationConfig.ActionWhat action to take if there is no global filter configured, or if the configuration is not according to Helidon expectations.
SerializationConfig.BuilderFluent API builder to customize
SerializationConfig.TraceOptionDeserialization tracing options.
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description
builder()Fluent API builder to configure options programmatically.
configure()Configure deserialization filtering in the current VM.
configureRuntime()Make sure configuration is as expected.
public static SerializationConfig.Builder builder()Fluent API builder to configure options programmatically. To use defaults (or system properties), see
public static void configureRuntime()Make sure configuration is as expected. This is a one-off call to set up global filter.
public void configure()Configure deserialization filtering in the current VM. Note that the global filter can be configured only once, so make sure this method is invoked as soon as possible. This class keeps static information about the initial configuration, so as long as the configuration is unchanged, this method may be called multiple times.
IllegalStateException- in case this method is called multiple times with different configuration.