Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default addition of "org.springframework.integration.history" to trusted packages of DefaultKafkaHeaderMapper #3734

Closed
dsingh-harp opened this issue Mar 2, 2022 · 7 comments · Fixed by #3753
Closed

Default addition of "org.springframework.integration.history" to trusted packages of DefaultKafkaHeaderMapper #3734

dsingh-harp opened this issue Mar 2, 2022 · 7 comments · Fixed by #3753
Labels
in: Kafka type: enhancement
Milestone
6.0 M2

Comments

@dsingh-harp
Copy link

dsingh-harp commented Mar 2, 2022
edited by artembilan
Loading

Expected Behavior

By default, "org.springframework.integration.history" should be available to the trusted package of DefaultKafkaHeaderMapper.

Current Behavior

Message is not getting deserialized due to untrusted package(i.e "org.springframework.integration.history ")

Also raised a stack-overflow question i.e https://stackoverflow.com/questions/71305189/message-history-not-getting-deserialized

Context

What other alternatives have you considered?
Following are the alternatives that i considered
a) Defining a bean instance for DefaultKafkaHeaderMapper with the addTrustedPackages("*")
b) Defining a bean for "MessagingMessageConverter"
c) Setting "MessagingMessageConverter" with header mapper mentioned in a) for "ConcurrentKafkaListenerContainerFactory"

Are you aware of any workarounds?
No
@dsingh-harp dsingh-harp added status: waiting-for-triage The issue need to be evaluated and its future decided type: enhancement labels Mar 2, 2022
@artembilan artembilan added in: Kafka and removed status: waiting-for-triage The issue need to be evaluated and its future decided labels Mar 2, 2022
@artembilan artembilan added this to the 6.0 M2 milestone Mar 2, 2022
@artembilan
Copy link
Member

The JacksonJsonUtils adds this packages as trusted by default:

private static final List<String> TRUSTED_PACKAGES =
				Arrays.asList(
						"java.util",
						"java.lang",
						"org.springframework.messaging.support",
						"org.springframework.integration.support",
						"org.springframework.integration.message",
						"org.springframework.integration.store",
						"org.springframework.integration.history"
				);

So, it looks like a DefaultKafkaHeaderMapper used in the KafkaMessageDrivenChannelAdapter should be supplied with all those Spring Integration specific packages as well.

@dsingh-harp
Copy link
Author

dsingh-harp commented Mar 3, 2022
edited
Loading

ok, I was using version 5.5.7 version. Not aware if things changed in later versions

@artembilan
Copy link
Member

No, nothing changed. I just accepted your request and have plans for the next versions.
If we would have a fix, I would point to that one and close the issue.

For now stay tuned for the next release when the fix will be present!

@artembilan
Copy link
Member

The SubscribableKafkaChannel uses IntegrationRecordMessageListener internally for creating messages from consumer record based on a default RecordMessagingMessageListenerAdapter strategy, which is just default MessagingMessageConverter with a default DefaultKafkaHeaderMapper.
We should apply the same trusted packages for that DefaultKafkaHeaderMapper over here as well.
And expose a setMessageConverter(MessageConverter messageConverter) like we do for KafkaMessageDrivenChannelAdapter.

@dsingh-harp
Copy link
Author

Great! Thanks for considering it.

artembilan added a commit to artembilan/spring-integration that referenced this issue Mar 18, 2022
@artembilan
spring-projectsGH-3734: Support MessageHistory on Kafka deser
540ac90 
Fixes spring-projects#3734

The `MessageHistory` is not in the trusted packages of the `DefaultKafkaHeaderMapper`
therefore it fails when `MessageHistory.read()` is performed.

* Configure default `DefaultKafkaHeaderMapper` in the `SubscribableKafkaChannel`,
`KafkaInboundGateway`, `KafkaMessageDrivenChannelAdapter` and `KafkaMessageSource`
to also trust packages exposed via `JacksonJsonUtils.DEFAULT_TRUSTED_PACKAGES`
which include a `MessageHistory`, too.

* Verify in some integration Kafka tests to be sure that `MessageHistory` is
deserialized properly in the transferred headers
* Rework some tests to use `@EmbeddedKafka` instead of `@BeforeAll/@AfterAll`

**Cherry-pick to `5.5.x`**
@artembilan artembilan mentioned this issue Mar 18, 2022
Merged
artembilan added a commit to artembilan/spring-integration that referenced this issue Mar 18, 2022
@artembilan
spring-projectsGH-3734: Support MessageHistory on Kafka deser
c830820 
Fixes spring-projects#3734

The `MessageHistory` is not in the trusted packages of the `DefaultKafkaHeaderMapper`
therefore it fails when `MessageHistory.read()` is performed.

* Configure default `DefaultKafkaHeaderMapper` in the `SubscribableKafkaChannel`,
`KafkaInboundGateway`, `KafkaMessageDrivenChannelAdapter` and `KafkaMessageSource`
to also trust packages exposed via `JacksonJsonUtils.DEFAULT_TRUSTED_PACKAGES`
which include a `MessageHistory`, too.

* Verify in some integration Kafka tests to be sure that `MessageHistory` is
deserialized properly in the transferred headers
* Rework some tests to use `@EmbeddedKafka` instead of `@BeforeAll/@AfterAll`

**Cherry-pick to `5.5.x`**
garyrussell pushed a commit that referenced this issue Mar 22, 2022
@artembilan @garyrussell
GH-3734: Support MessageHistory on Kafka deser
d5501d8 
Fixes #3734

The `MessageHistory` is not in the trusted packages of the `DefaultKafkaHeaderMapper`
therefore it fails when `MessageHistory.read()` is performed.

* Configure default `DefaultKafkaHeaderMapper` in the `SubscribableKafkaChannel`,
`KafkaInboundGateway`, `KafkaMessageDrivenChannelAdapter` and `KafkaMessageSource`
to also trust packages exposed via `JacksonJsonUtils.DEFAULT_TRUSTED_PACKAGES`
which include a `MessageHistory`, too.

* Verify in some integration Kafka tests to be sure that `MessageHistory` is
deserialized properly in the transferred headers
* Rework some tests to use `@EmbeddedKafka` instead of `@BeforeAll/@AfterAll`

**Cherry-pick to `5.5.x`**
garyrussell pushed a commit that referenced this issue Mar 22, 2022
@artembilan @garyrussell
GH-3734: Support MessageHistory on Kafka deser
eec3e95 
Fixes #3734

The `MessageHistory` is not in the trusted packages of the `DefaultKafkaHeaderMapper`
therefore it fails when `MessageHistory.read()` is performed.

* Configure default `DefaultKafkaHeaderMapper` in the `SubscribableKafkaChannel`,
`KafkaInboundGateway`, `KafkaMessageDrivenChannelAdapter` and `KafkaMessageSource`
to also trust packages exposed via `JacksonJsonUtils.DEFAULT_TRUSTED_PACKAGES`
which include a `MessageHistory`, too.

* Verify in some integration Kafka tests to be sure that `MessageHistory` is
deserialized properly in the transferred headers
* Rework some tests to use `@EmbeddedKafka` instead of `@BeforeAll/@AfterAll`

**Cherry-pick to `5.5.x`**
@pmahony893
Copy link

Changing Arrays.asList to List.of breaks this for Java 8, which is listed as a compatible version in the docs.

@garyrussell
Copy link
Contributor

This is a known issue; fixed in the next release; you can fall back to 5.5.9 as a work around.

#3761 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in: Kafka type: enhancement
Projects
None yet
Milestone
6.0 M2
Development

Successfully merging a pull request may close this issue.

GH-3734: Support MessageHistory on Kafka deser artembilan/spring-integration
4 participants
@garyrussell @artembilan @pmahony893 @dsingh-harp