GEODE-7334: do not Jackson libraries from outside of the war file except Jackson annotations (#4225)
* remove jackson-annotation.jar from war
* limit all other jackson classes to be loaded by the web apps classloader.
diff --git a/boms/geode-all-bom/src/test/resources/expected-pom.xml b/boms/geode-all-bom/src/test/resources/expected-pom.xml
index 258cde1..1b84c16 100644
--- a/boms/geode-all-bom/src/test/resources/expected-pom.xml
+++ b/boms/geode-all-bom/src/test/resources/expected-pom.xml
@@ -488,6 +488,18 @@
<scope>compile</scope>
</dependency>
<dependency>
+ <groupId>com.fasterxml.jackson.datatype</groupId>
+ <artifactId>jackson-datatype-joda</artifactId>
+ <version>2.9.8</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>joda-time</groupId>
+ <artifactId>joda-time</artifactId>
+ <version>2.9.8</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.10.0</version>
diff --git a/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy b/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
index 04c8a99..2a2819f 100644
--- a/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
+++ b/buildSrc/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy
@@ -159,6 +159,8 @@
api(group: 'redis.clients', name: 'jedis', version: '2.9.0')
api(group: 'xerces', name: 'xercesImpl', version: '2.12.0')
api(group: 'com.arakelian', name: 'java-jq', version: '0.10.1')
+ api(group: 'com.fasterxml.jackson.datatype', name: 'jackson-datatype-joda', version: '2.9.8')
+ api(group: 'joda-time', name: 'joda-time', version: '2.9.8')
}
}
diff --git a/geode-assembly/build.gradle b/geode-assembly/build.gradle
index 0919541..89d8061 100755
--- a/geode-assembly/build.gradle
+++ b/geode-assembly/build.gradle
@@ -217,6 +217,9 @@
integrationTestRuntime('io.swagger:swagger-annotations')
+ // these two modules are for testing only
+ integrationTestRuntime('com.fasterxml.jackson.datatype:jackson-datatype-joda')
+ integrationTestRuntime('joda-time:joda-time')
distributedTestImplementation(project(':geode-logging'))
diff --git a/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityPostProcessorTest.java b/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityPostProcessorTest.java
index d7db2a5..8bb5ee1 100644
--- a/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityPostProcessorTest.java
+++ b/geode-assembly/src/integrationTest/java/org/apache/geode/rest/internal/web/RestSecurityPostProcessorTest.java
@@ -60,8 +60,7 @@
@BeforeClass
public static void before() throws Exception {
- Region region =
- serverStarter.getCache().createRegionFactory(RegionShortcut.REPLICATE).create("customers");
+ Region region = serverStarter.createRegion(RegionShortcut.REPLICATE, "customers");
region.put("1", new Customer(1L, "John", "Doe", "555555555"));
region.put("2", new Customer(2L, "Richard", "Roe", "222533554"));
region.put("3", new Customer(3L, "Jane", "Doe", "555223333"));
@@ -80,8 +79,8 @@
.hasContentType(MediaType.APPLICATION_JSON_UTF8_VALUE)
.getJsonObject();
- assertEquals("*********", jsonNode.get("socialSecurityNumber").asText());
- assertEquals(1L, jsonNode.get("customerId").asLong());
+ assertEquals("*********", jsonNode.get("ssn").asText());
+ assertEquals(1L, jsonNode.get("id").asLong());
// Try with super-user
jsonNode =
@@ -89,8 +88,8 @@
.hasStatusCode(200)
.hasContentType(MediaType.APPLICATION_JSON_UTF8_VALUE)
.getJsonObject();
- assertEquals("555555555", jsonNode.get("socialSecurityNumber").asText());
- assertEquals(1L, jsonNode.get("customerId").asLong());
+ assertEquals("555555555", jsonNode.get("ssn").asText());
+ assertEquals(1L, jsonNode.get("id").asLong());
}
// Test multiple keys
@@ -106,11 +105,11 @@
final int length = customers.size();
assertEquals(2, length);
JsonNode customer = customers.get(0);
- assertEquals("*********", customer.get("socialSecurityNumber").asText());
- assertEquals(1, customer.get("customerId").asLong());
+ assertEquals("*********", customer.get("ssn").asText());
+ assertEquals(1, customer.get("id").asLong());
customer = customers.get(1);
- assertEquals("*********", customer.get("socialSecurityNumber").asText());
- assertEquals(3, customer.get("customerId").asLong());
+ assertEquals("*********", customer.get("ssn").asText());
+ assertEquals(3, customer.get("id").asLong());
}
@Test
@@ -124,8 +123,8 @@
final int length = customers.size();
for (int index = 0; index < length; ++index) {
JsonNode customer = customers.get(index);
- assertEquals("*********", customer.get("socialSecurityNumber").asText());
- assertEquals((long) index + 1, customer.get("customerId").asLong());
+ assertEquals("*********", customer.get("ssn").asText());
+ assertEquals((long) index + 1, customer.get("id").asLong());
}
}
@@ -141,8 +140,8 @@
final int length = jsonArray.size();
for (int index = 0; index < length; ++index) {
JsonNode customer = jsonArray.get(index);
- assertEquals("*********", customer.get("socialSecurityNumber").asText());
- assertEquals((long) index + 1, customer.get("customerId").asLong());
+ assertEquals("*********", customer.get("ssn").asText());
+ assertEquals((long) index + 1, customer.get("id").asLong());
}
}
@@ -172,7 +171,7 @@
assertTrue(jsonArray.size() == 1);
JsonNode customer = jsonArray.get(0);
- assertEquals("*********", customer.get("socialSecurityNumber").asText());
- assertEquals(1L, customer.get("customerId").asLong());
+ assertEquals("*********", customer.get("ssn").asText());
+ assertEquals(1L, customer.get("id").asLong());
}
}
diff --git a/geode-assembly/src/integrationTest/resources/expected_jars.txt b/geode-assembly/src/integrationTest/resources/expected_jars.txt
index 8240782..c2d800f 100644
--- a/geode-assembly/src/integrationTest/resources/expected_jars.txt
+++ b/geode-assembly/src/integrationTest/resources/expected_jars.txt
@@ -34,8 +34,6 @@
jackson-annotations
jackson-core
jackson-databind
-jackson-module-paranamer
-jackson-module-scala
jansi
javax.activation
javax.activation-api
@@ -75,11 +73,9 @@
mx4j-remote
mx4j-tools
netty-all
-paranamer
protobuf-java
ra.jar
rmiio
-scala-library
shiro-cache
shiro-config-core
shiro-config-ogdl
diff --git a/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java b/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java
index a50b3b2..fd89033 100644
--- a/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java
+++ b/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java
@@ -181,6 +181,12 @@
webapp.setContextPath(webAppContext);
webapp.setWar(warFilePath.toString());
webapp.setParentLoaderPriority(false);
+
+ // GEODE-7334: load all jackson classes from war file except jackson annotations
+ webapp.getSystemClasspathPattern().add("com.fasterxml.jackson.annotation.");
+ webapp.getServerClasspathPattern().add("com.fasterxml.jackson.",
+ "-com.fasterxml.jackson.annotation.");
+
webapp.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false");
webapp.addAliasCheck(new AllowSymLinkAliasChecker());
diff --git a/geode-web-api/build.gradle b/geode-web-api/build.gradle
index b141a5e..77dfa87 100644
--- a/geode-web-api/build.gradle
+++ b/geode-web-api/build.gradle
@@ -24,8 +24,9 @@
jar.enabled = false
dependencies {
- compile(platform(project(':boms:geode-all-bom')))
- compileOnly(platform(project(':boms:geode-all-bom')))
+ compile(platform(project(':boms:geode-all-bom'))){
+ exclude module: "jackson-annotations"
+ }
compileOnly(project(':geode-core'))
compileOnly(project(':geode-logging'))
@@ -37,16 +38,26 @@
compile('commons-fileupload:commons-fileupload') {
exclude module: 'commons-io'
}
- compile('com.fasterxml.jackson.core:jackson-annotations')
+ // jackson-annotations must be accessed from the geode classloader and not the webapp
+ compileOnly('com.fasterxml.jackson.core:jackson-annotations')
compile('com.fasterxml.jackson.core:jackson-core')
- compile('com.fasterxml.jackson.core:jackson-databind')
- compile('com.fasterxml.jackson.module:jackson-module-scala_2.10')
+ compile('com.fasterxml.jackson.core:jackson-databind'){
+ exclude module: 'jackson-annotations'
+ }
+
+ compileOnly('com.fasterxml.jackson.module:jackson-module-scala_2.10')
+ compileOnly('io.swagger:swagger-annotations')
+
compile('io.springfox:springfox-swagger2') {
exclude module: 'slf4j-api'
+ exclude module: 'jackson-annotations'
+ exclude module: 'swagger-annotations'
}
+
compile('io.springfox:springfox-swagger-ui') {
exclude module: 'slf4j-api'
}
+
compile('org.springframework:spring-beans')
compile('org.springframework.security:spring-security-core')
compile('org.springframework.security:spring-security-web')