Skip to content

Please add java.util.Locale to the list of trusted classes. #3786

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ptahchiev opened this issue Sep 29, 2020 · 1 comment
Closed

Please add java.util.Locale to the list of trusted classes. #3786

ptahchiev opened this issue Sep 29, 2020 · 1 comment
Labels
status: superseded Issues that are superseded by other issues type: enhancement

Comments

@ptahchiev
Copy link

I get the following exception whenever I try to run my jobs:

Caused by: java.lang.IllegalArgumentException: The class with java.util.Locale and name of java.util.Locale is not trusted. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or a custom ObjectMapper. If the serialization is only done by a trusted source, you can also enable default typing.
	at org.springframework.batch.core.repository.dao.Jackson2ExecutionContextStringSerializer$TrustedTypeIdResolver.typeFromId(Jackson2ExecutionContextStringSerializer.java:329)
	at com.fasterxml.jackson.databind.jsontype.impl.TypeDeserializerBase._findDeserializer(TypeDeserializerBase.java:156)
	at com.fasterxml.jackson.databind.jsontype.impl.AsArrayTypeDeserializer._deserialize(AsArrayTypeDeserializer.java:97)
	at com.fasterxml.jackson.databind.jsontype.impl.AsArrayTypeDeserializer.deserializeTypedFromArray(AsArrayTypeDeserializer.java:53)
	at com.fasterxml.jackson.databind.jsontype.impl.AsPropertyTypeDeserializer.deserializeTypedFromAny(AsPropertyTypeDeserializer.java:191)
	at com.fasterxml.jackson.databind.deser.std.UntypedObjectDeserializer$Vanilla.deserializeWithType(UntypedObjectDeserializer.java:712)
	at com.fasterxml.jackson.databind.deser.std.MapDeserializer._readAndBindStringKeyMap(MapDeserializer.java:529)
	... 156 more

and it seems like there's a list of trusted classes here:
https://github.com/spring-projects/spring-batch/blob/master/spring-batch-core/src/main/java/org/springframework/batch/core/repository/dao/Jackson2ExecutionContextStringSerializer.java#L243

Would be great if java.util.Locale was part of the trusted classes.
@ptahchiev ptahchiev added status: waiting-for-triage Issues that we did not analyse yet type: feature labels Sep 29, 2020
@fmbenhassine fmbenhassine added this to the 4.3.0 milestone Oct 1, 2020
@fmbenhassine fmbenhassine added type: enhancement and removed status: waiting-for-triage Issues that we did not analyse yet type: feature labels Oct 1, 2020
@fmbenhassine
Copy link
Contributor

Instead of adding individual classes on demand like here, we are going to provide a mechanism to extend the base list of trusted classes as described in #3765. BTW, I used this use case to test the new approach here.

So I'm closing this issue in favor of #3765 .

@fmbenhassine fmbenhassine removed this from the 4.3.0 milestone Oct 9, 2020
@fmbenhassine fmbenhassine added the status: superseded Issues that are superseded by other issues label Jan 5, 2021
@fmbenhassine fmbenhassine mentioned this issue Jan 25, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: superseded Issues that are superseded by other issues type: enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fmbenhassine @ptahchiev