View Javadoc
1   /*
2    *    Copyright 2009-2022 the original author or authors.
3    *
4    *    Licensed under the Apache License, Version 2.0 (the "License");
5    *    you may not use this file except in compliance with the License.
6    *    You may obtain a copy of the License at
7    *
8    *       https://www.apache.org/licenses/LICENSE-2.0
9    *
10   *    Unless required by applicable law or agreed to in writing, software
11   *    distributed under the License is distributed on an "AS IS" BASIS,
12   *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   *    See the License for the specific language governing permissions and
14   *    limitations under the License.
15   */
16  package org.apache.ibatis.io;
17  
18  import java.security.Security;
19  
20  import org.apache.ibatis.logging.Log;
21  import org.apache.ibatis.logging.LogFactory;
22  
23  public final class SerialFilterChecker {
24    private static final Log log = LogFactory.getLog(SerialFilterChecker.class);
25    /* Property key for the JEP-290 serialization filters */
26    private static final String JDK_SERIAL_FILTER = "jdk.serialFilter";
27    private static final boolean SERIAL_FILTER_MISSING;
28    private static boolean firstInvocation = true;
29  
30    static {
31      Object serialFilter;
32      try {
33        Class<?> objectFilterConfig = Class.forName("java.io.ObjectInputFilter$Config");
34        serialFilter = objectFilterConfig.getMethod("getSerialFilter").invoke(null);
35      } catch (ReflectiveOperationException e) {
36        // Java 1.8
37        serialFilter = System.getProperty(JDK_SERIAL_FILTER, Security.getProperty(JDK_SERIAL_FILTER));
38      }
39      SERIAL_FILTER_MISSING = serialFilter == null;
40    }
41  
42    public static void check() {
43      if (firstInvocation && SERIAL_FILTER_MISSING) {
44        firstInvocation = false;
45        log.warn(
46            "As you are using functionality that deserializes object streams, it is recommended to define the JEP-290 serial filter. "
47                + "Please refer to https://docs.oracle.com/pls/topic/lookup?ctx=javase15&id=GUID-8296D8E8-2B93-4B9A-856E-0A65AF9B8C66");
48      }
49    }
50  
51    private SerialFilterChecker() {
52    }
53  }