in dubbo-rpc/dubbo-rpc-api/src/main/java/org/apache/dubbo/rpc/filter/GenericFilter.java [87:223]
public Result invoke(Invoker<?> invoker, Invocation inv) throws RpcException {
if ((inv.getMethodName().equals($INVOKE) || inv.getMethodName().equals($INVOKE_ASYNC))
&& inv.getArguments() != null
&& inv.getArguments().length == 3
&& !GenericService.class.isAssignableFrom(invoker.getInterface())) {
String name = ((String) inv.getArguments()[0]).trim();
String[] types = (String[]) inv.getArguments()[1];
Object[] args = (Object[]) inv.getArguments()[2];
try {
Method method = findMethodByMethodSignature(invoker.getInterface(), name, types, inv.getServiceModel());
Class<?>[] params = method.getParameterTypes();
if (args == null) {
args = new Object[params.length];
}
if (types == null) {
types = new String[params.length];
}
if (args.length != types.length) {
throw new RpcException(
"GenericFilter#invoke args.length != types.length, please check your " + "params");
}
String generic = inv.getAttachment(GENERIC_KEY);
if (StringUtils.isBlank(generic)) {
generic = getGenericValueFromRpcContext();
}
if (StringUtils.isEmpty(generic)
|| ProtocolUtils.isDefaultGenericSerialization(generic)
|| ProtocolUtils.isGenericReturnRawResult(generic)) {
try {
args = PojoUtils.realize(args, params, method.getGenericParameterTypes());
} catch (Exception e) {
logger.error(
LoggerCodeConstants.PROTOCOL_ERROR_DESERIALIZE,
"",
"",
"Deserialize generic invocation failed. ServiceKey: "
+ inv.getTargetServiceUniqueName(),
e);
throw new RpcException(e);
}
} else if (ProtocolUtils.isGsonGenericSerialization(generic)) {
args = getGsonGenericArgs(args, method.getGenericParameterTypes());
} else if (ProtocolUtils.isJavaGenericSerialization(generic)) {
Configuration configuration = ApplicationModel.ofNullable(applicationModel)
.modelEnvironment()
.getConfiguration();
if (!configuration.getBoolean(CommonConstants.ENABLE_NATIVE_JAVA_GENERIC_SERIALIZE, false)) {
String notice = "Trigger the safety barrier! "
+ "Native Java Serializer is not allowed by default."
+ "This means currently maybe being attacking by others. "
+ "If you are sure this is a mistake, "
+ "please set `"
+ CommonConstants.ENABLE_NATIVE_JAVA_GENERIC_SERIALIZE + "` enable in configuration! "
+ "Before doing so, please make sure you have configure JEP290 to prevent serialization attack.";
logger.error(CONFIG_FILTER_VALIDATION_EXCEPTION, "", "", notice);
throw new RpcException(new IllegalStateException(notice));
}
for (int i = 0; i < args.length; i++) {
if (byte[].class == args[i].getClass()) {
try (UnsafeByteArrayInputStream is = new UnsafeByteArrayInputStream((byte[]) args[i])) {
args[i] = applicationModel
.getExtensionLoader(Serialization.class)
.getExtension(GENERIC_SERIALIZATION_NATIVE_JAVA)
.deserialize(null, is)
.readObject();
} catch (Exception e) {
throw new RpcException("Deserialize argument [" + (i + 1) + "] failed.", e);
}
} else {
throw new RpcException("Generic serialization [" + GENERIC_SERIALIZATION_NATIVE_JAVA
+ "] only support message type "
+ byte[].class
+ " and your message type is "
+ args[i].getClass());
}
}
} else if (ProtocolUtils.isBeanGenericSerialization(generic)) {
for (int i = 0; i < args.length; i++) {
if (args[i] != null) {
if (args[i] instanceof JavaBeanDescriptor) {
args[i] = JavaBeanSerializeUtil.deserialize((JavaBeanDescriptor) args[i]);
} else {
throw new RpcException("Generic serialization [" + GENERIC_SERIALIZATION_BEAN
+ "] only support message type "
+ JavaBeanDescriptor.class.getName()
+ " and your message type is "
+ args[i].getClass().getName());
}
}
}
} else if (ProtocolUtils.isProtobufGenericSerialization(generic)) {
// as proto3 only accept one protobuf parameter
if (args.length == 1 && args[0] instanceof String) {
try (UnsafeByteArrayInputStream is =
new UnsafeByteArrayInputStream(((String) args[0]).getBytes())) {
args[0] = applicationModel
.getExtensionLoader(Serialization.class)
.getExtension(GENERIC_SERIALIZATION_PROTOBUF)
.deserialize(null, is)
.readObject(method.getParameterTypes()[0]);
} catch (Exception e) {
throw new RpcException("Deserialize argument failed.", e);
}
} else {
throw new RpcException("Generic serialization [" + GENERIC_SERIALIZATION_PROTOBUF
+ "] only support one "
+ String.class.getName() + " argument and your message size is "
+ args.length
+ " and type is" + args[0].getClass().getName());
}
}
RpcInvocation rpcInvocation = new RpcInvocation(
inv.getTargetServiceUniqueName(),
invoker.getUrl().getServiceModel(),
method.getName(),
invoker.getInterface().getName(),
invoker.getUrl().getProtocolServiceKey(),
method.getParameterTypes(),
args,
inv.getObjectAttachments(),
inv.getInvoker(),
inv.getAttributes(),
inv instanceof RpcInvocation ? ((RpcInvocation) inv).getInvokeMode() : null);
return invoker.invoke(rpcInvocation);
} catch (NoSuchMethodException | ClassNotFoundException e) {
throw new RpcException(e.getMessage(), e);
}
}
return invoker.invoke(inv);
}