[serialization]Abstract JSON serialization and use gson as default #1739
Conversation
…fault json serializing/deserializing library. - Add new SPI interface `JsonSerializer` and `JsonDeserializer` - The default implementation adapts to `gson` and `fastjson` (gson prior) - `gson` can be excluded manually from dependency tree if use custom implementation - Add a popular implementation `sentinel-serialization-jackson` Signed-off-by: Jason Joo <hblzxsj@163.com>
…ds) in gson - Update sentinel-demo-cluster-server-alone to demonstrate an example using fastjson in serialization
jasonjoo2010
force-pushed
the
serialization
branch
from
6c0345c to
3614396
Compare
jasonjoo2010
changed the title
sczyh30
added
kind/refactor
|
hello,when does this fix will release? |
| @Override | ||
| public String serialize(Object obj) { | ||
| if (obj == null) { | ||
| return "null"; | ||
| } | ||
| try { | ||
| return this.adaption.serialize(obj); | ||
| } catch (Exception e) { | ||
| } | ||
| return null; | ||
| } | ||
|
|
||
| @Override | ||
| public <T> T deserialize(String str, Type type) { | ||
| if (StringUtil.isBlank(str)) { | ||
| return null; | ||
| } | ||
| try { | ||
| return this.adaption.deserialize(str, type); | ||
| } catch (Exception e) { | ||
| } | ||
| return null; | ||
| } |
There was a problem hiding this comment.
When serialize and deserialize the exception is ignored, do we need to throw an exception to remind the user to know or record the error log? The same is in JacksonTransformer class.
There was a problem hiding this comment.
Here just keep the dealing strategy for backward compatibility. (null when failed in most scenarios)
So some logs are needed or a runtime exception should be introduced?
There was a problem hiding this comment.
I suggest both throw runtime exception and record error log. Although the exception will be occur in rare case, maybe never, but since we catch the Exception, why not do nothing. If exception occurred, user may want to know what happened. If it's sure that we don't need to deal with it here, suggest adding some comments.
There was a problem hiding this comment.
If throw runtime exception, it will affect some test cases.Or just record log? I feel acceptable to ignore the exception,just a thought of it for reference, it's up to you.
| public String serialize(Object obj) throws Exception { | ||
| return (String)METHOD_TO_JSON_STRING.invoke(CLASS, obj); | ||
| } | ||
|
|
||
| @SuppressWarnings("unchecked") | ||
| @Override | ||
| public <T> T deserialize(String str, Type type) throws Exception { | ||
| return (T)METHOD_PARSE_OBJECT_BY_TYPE.invoke(CLASS, str, type, null); | ||
| } |
There was a problem hiding this comment.
Serialization and deserialization methods called by reflection in FastjsonAdaption and GsonAdaption. Another way is that, the fastjson and gson depenency can be with provided scope, and we can use their class and method calls directly. Which way do you think is better? @jasonjoo2010 @sczyh30
| public DefaultTransformer() { | ||
| List<Adaption> adaptions = Arrays.asList( | ||
| new GsonAdaption(), | ||
| new FastjsonAdaption() | ||
| ); |
There was a problem hiding this comment.
Jackson seems more widely used, Gson as the default first choice may need to be discussed.
sentinel-serialization-jackson is a separate module, why not JasksonAdaption, will it be more convenient to use? Or GsonAdaption, FastjsonAdaption -> sentinel-serialization-gson, sentinel-serialization-fastjson module, it may be a special consideration, but it seems that there are not uniform implementation.
| import com.google.gson.JsonSerializationContext; | ||
| import com.google.gson.JsonSerializer; | ||
|
|
||
| class DateTypeAdapter implements JsonSerializer<Date>, JsonDeserializer<Date> { |
There was a problem hiding this comment.
GsonDateTypeAdapter may be a better name, or add separate package for gson and fastjson fallback.
|
Hi, @jasonjoo2010. I have some question about this design.
|
Hi Lu First let's skip the first point you mentioned and go over the second point directly. Come back to the first point not in java but in many languages they are two interfaces(eg. golang). You even can only customize one of them instead of both which make more sense. In the other hand you must name it something new if you want to combine them together. So it's not a big deal I think. |
|
|
|
Due to this PR's inactivity and the unsigned CLA, we are temporarily closing it. Feel free to create a new PR if you still intend to contribute after addressing the CLA requirement. |
7 participants
Describe what this PR does / why we need it
Though sentinel-core doesn't need json serialization, but in most sentinel modules (adaption, datasource, etc.) they use fastjson for serializing/deserializing json strings.
Unfortunately there are more and more versions of fastjson which were found vulnerable and users must follow the latest patches or versions. If not their application may become weak and easy to attack.
In the other hand JSON serializing is a common need. So most projects have their own way to do that. In this scene it's not necessary to introduce a new one if sentinel can use existing, compatible serializing library in project.
This PR will enable user letting sentinel to use gson / fastjson / jackson or their own implementation through SPI protocol.
Does this pull request fix one issue?
#1522
Describe how you did it
Introduce a new module
sentinel-serializationand takegsonas default json serializing/deserializing library.JsonSerializerandJsonDeserializergsonandfastjson(gson prior)gsoncan be excluded manually from dependency tree if use custom implementationsentinel-serialization-jacksonDescribe how to verify it
Depends.
Special notes for reviews
A wide regressing test may be necessary.