1. 技术文章
  2. Spring Kafka: JsonDeserializer doesn't pick up TRUSTED_PACKAGE config

Spring Kafka: JsonDeserializer doesn't pick up TRUSTED_PACKAGE config

生来就可爱ヽ(ⅴ<●) 提交于 2020-12-06 15:48:49

问题


I just want to check if it's known behavior or I'm doing something wrong.

I configuring producer and consumer with custom type mapping using JsonDeserializer.

Consumer fails with 

org.apache.kafka.common.errors.SerializationException: Error deserializing key/value for partition ticket-1 at offset 1. If needed, please seek past the record to continue consumption.
Caused by: java.lang.IllegalArgumentException: The class 'createTicket' is not in the trusted packages: [java.util, java.lang]. If you believe this class is safe to deserialize, please provide its name. If the serialization is only done by a trusted source, you can also enable trust all (*).

Consumer factory config

props.put(JsonDeserializer.TRUSTED_PACKAGES, "*");
props.put(JsonDeserializer.TYPE_MAPPINGS, "createTicket:com.example.application.domain.command.CreateTicket, createTicketCommand:com.example.application.domain.command.CreateTicketCommand");

Producer factory config

props.put(JsonSerializer.TYPE_MAPPINGS,
              "createTicket:com.example.application.domain.command.CreateTicket, createTicketCommand:com.example.application.domain.command.CreateTicketCommand");

I tested with stable and M3 versions. Full runnable example https://github.com/gAmUssA/spring-kafka-question-from-chat


回答1:


The problem is that you actually don't configure the JsonDeserializer.

JsonDeserializer.TYPE_MAPPINGS are to be passed to JsonDeserializer directly, not to ConsumerFactory. Your code should look like

        JsonDeserializer<Object> jsonDeserializer = new JsonDeserializer<>();
        Map<String, Object> deserProps = new HashMap<>();
        deserProps.put(JsonDeserializer.TYPE_MAPPINGS,
                "createTicket:com.example.application.domain.command.CreateTicket, createTicketCommand:com.example.application.domain.command.CreateTicketCommand");

//mind this `false` -- they have different modes for key and value deserializers
        jsonDeserializer.configure(deserProps, false);
        return new DefaultKafkaConsumerFactory<>(props, new StringDeserializer(),
                jsonDeserializer);

(On my machine, it works without any TRUSTED_PACKAGES setting)



来源:https://stackoverflow.com/questions/60582666/spring-kafka-jsondeserializer-doesnt-pick-up-trusted-package-config

标签
spring-kafka
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!