Chapter 3. Using alternative and custom marshaller implementations
Data Grid recommends you use Protobuf-based marshalling with the ProtoStream marshaller so you can take advantage of Ickle queries and use the Data Grid CLI and Console. However, if required, you can use alternative marshallers or a custom marshaller implementation.
3.1. Allowing deserialization of Java classes
For security reasons Data Grid does not allow deserialization of arbitrary Java classes. If you use JavaSerializationMarshaller
or GenericJBossMarshaller
, you must add your Java classes to a deserialization allow list.
The deserialization allow list applies to the Cache Manager so your Java classes can be deserialized by all caches.
Procedure
- Add Java classes to the deserialization allow list in the Data Grid configuration or in system properties.
Declarative
<infinispan> <cache-container> <serialization version="1.0" marshaller="org.infinispan.marshall.TestObjectStreamMarshaller"> <allow-list> <class>org.infinispan.test.data.Person</class> <regex>org.infinispan.test.data.*</regex> </allow-list> </serialization> </cache-container> </infinispan>
System properties
// Specify a comma-separated list of fully qualified class names -Dinfinispan.deserialization.allowlist.classes=java.time.Instant,com.myclass.Entity // Specify a regular expression to match classes -Dinfinispan.deserialization.allowlist.regexps=.*
3.2. Using JBoss Marshalling
JBoss Marshalling is a serialization-based marshalling library and was the default marshaller in previous Data Grid versions but is now deprecated.
JBoss Marshalling is deprecated. You should use it only as a temporary measure while migrating your applications from an older version of Data Grid.
Procedure
-
Add the
infinispan-jboss-marshalling
dependency to your classpath. -
Configure Data Grid to use the
GenericJBossMarshaller
. - Add your Java classes to the deserialization allowlist.
Declarative
<serialization marshaller="org.infinispan.jboss.marshalling.commons.GenericJBossMarshaller"> <allow-list> <class>org.infinispan.concrete.SomeClass</class> <regex>org.infinispan.example.*</regex> </allow-list> </serialization>
Programmatic
GlobalConfigurationBuilder builder = new GlobalConfigurationBuilder(); builder.serialization() .marshaller(new GenericJBossMarshaller()) .allowList() .addRegexps("org.infinispan.example.", "org.infinispan.concrete.SomeClass");
Additional resources
3.3. Using Java serialization
You can use Java serialization with Data Grid to marshall objects that implement the Java Serializable
interface.
Java serialization offers worse performance than ProtoStream marshalling. You should use Java serialization only if there is a strict requirement to do so.
Procedure
-
Configure Data Grid to use
JavaSerializationMarshaller
. - Add your Java classes to the deserialization allowlist.
Declarative
<serialization marshaller="org.infinispan.commons.marshall.JavaSerializationMarshaller"> <allow-list> <class>org.infinispan.concrete.SomeClass</class> <regex>org.infinispan.example.*</regex> </allow-list> </serialization>
Programmatic
GlobalConfigurationBuilder builder = new GlobalConfigurationBuilder(); builder.serialization() .marshaller(new JavaSerializationMarshaller()) .allowList() .addRegexps("org.infinispan.example.", "org.infinispan.concrete.SomeClass");
Additional resources
3.4. Using custom marshallers
Data Grid provides a Marshaller
interface that you can implement for custom marshallers.
Custom marshaller implementations can access a configured access list via the initialize() method, which is called during startup.
Procedure
-
Implement the
Marshaller
interface. - Configure Data Grid to use your marshaller.
- Add your Java classes to the deserialization allowlist.
Declarative
<serialization marshaller="org.infinispan.example.marshall.CustomMarshaller"> <allow-list> <class>org.infinispan.concrete.SomeClass</class> <regex>org.infinispan.example.*</regex> </allow-list> </serialization>
Programmatic
GlobalConfigurationBuilder builder = new GlobalConfigurationBuilder(); builder.serialization() .marshaller(new org.infinispan.example.marshall.CustomMarshaller()) .allowList().addRegexp("org.infinispan.example.*");
Additional resources