Chapter 3. Using alternative and custom marshaller implementations

Data Grid recommends you use Protobuf-based marshalling with the ProtoStream marshaller so you can take advantage of Ickle queries and use the Data Grid CLI and Console. However, if required, you can use alternative marshallers or a custom marshaller implementation.

3.1. Allowing deserialization of Java classes

For security reasons Data Grid does not allow deserialization of arbitrary Java classes. If you use JavaSerializationMarshaller or GenericJBossMarshaller, you must add your Java classes to a deserialization allow list.

Note

The deserialization allow list applies to the Cache Manager so your Java classes can be deserialized by all caches.

Procedure

  • Add Java classes to the deserialization allow list in the Data Grid configuration or in system properties.

Declarative

<infinispan>
  <cache-container>
    <serialization version="1.0"
                   marshaller="org.infinispan.marshall.TestObjectStreamMarshaller">
      <allow-list>
        <class>org.infinispan.test.data.Person</class>
        <regex>org.infinispan.test.data.*</regex>
      </allow-list>
    </serialization>
  </cache-container>
</infinispan>

System properties

// Specify a comma-separated list of fully qualified class names
-Dinfinispan.deserialization.allowlist.classes=java.time.Instant,com.myclass.Entity

// Specify a regular expression to match classes
-Dinfinispan.deserialization.allowlist.regexps=.*

3.2. Using JBoss Marshalling

JBoss Marshalling is a serialization-based marshalling library and was the default marshaller in previous Data Grid versions but is now deprecated.

Note

JBoss Marshalling is deprecated. You should use it only as a temporary measure while migrating your applications from an older version of Data Grid.

Procedure

  1. Add the infinispan-jboss-marshalling dependency to your classpath.
  2. Configure Data Grid to use the GenericJBossMarshaller.
  3. Add your Java classes to the deserialization allowlist.

Declarative

<serialization marshaller="org.infinispan.jboss.marshalling.commons.GenericJBossMarshaller">
  <allow-list>
    <class>org.infinispan.concrete.SomeClass</class>
    <regex>org.infinispan.example.*</regex>
  </allow-list>
</serialization>

Programmatic

GlobalConfigurationBuilder builder = new GlobalConfigurationBuilder();
builder.serialization()
       .marshaller(new GenericJBossMarshaller())
       .allowList()
       .addRegexps("org.infinispan.example.", "org.infinispan.concrete.SomeClass");

Additional resources

3.3. Using Java serialization

You can use Java serialization with Data Grid to marshall objects that implement the Java Serializable interface.

Tip

Java serialization offers worse performance than ProtoStream marshalling. You should use Java serialization only if there is a strict requirement to do so.

Procedure

  1. Configure Data Grid to use JavaSerializationMarshaller.
  2. Add your Java classes to the deserialization allowlist.

Declarative

<serialization marshaller="org.infinispan.commons.marshall.JavaSerializationMarshaller">
  <allow-list>
    <class>org.infinispan.concrete.SomeClass</class>
    <regex>org.infinispan.example.*</regex>
  </allow-list>
</serialization>

Programmatic

GlobalConfigurationBuilder builder = new GlobalConfigurationBuilder();
builder.serialization()
       .marshaller(new JavaSerializationMarshaller())
       .allowList()
       .addRegexps("org.infinispan.example.", "org.infinispan.concrete.SomeClass");

Additional resources

3.4. Using custom marshallers

Data Grid provides a Marshaller interface that you can implement for custom marshallers.

Tip

Custom marshaller implementations can access a configured access list via the initialize() method, which is called during startup.

Procedure

  1. Implement the Marshaller interface.
  2. Configure Data Grid to use your marshaller.
  3. Add your Java classes to the deserialization allowlist.

Declarative

<serialization marshaller="org.infinispan.example.marshall.CustomMarshaller">
  <allow-list>
    <class>org.infinispan.concrete.SomeClass</class>
    <regex>org.infinispan.example.*</regex>
  </allow-list>
</serialization>

Programmatic

GlobalConfigurationBuilder builder = new GlobalConfigurationBuilder();
builder.serialization()
      .marshaller(new org.infinispan.example.marshall.CustomMarshaller())
      .allowList().addRegexp("org.infinispan.example.*");

Additional resources