Update log level for serialization check (#12903)

2023-08-16 10:53:43 +08:00 · 2023-08-16 10:53:43 +08:00 · 4dbd31ebb1
parent ceae48e9c4
commit 4dbd31ebb1
2 changed files with 5 additions and 5 deletions
--- a/dubbo-common/src/main/java/org/apache/dubbo/common/utils/DefaultSerializeClassChecker.java
+++ b/dubbo-common/src/main/java/org/apache/dubbo/common/utils/DefaultSerializeClassChecker.java
@ -159,7 +159,7 @@ public class DefaultSerializeClassChecker implements AllowClassNotifyListener {
                    "Current mode is `WARN`, will disallow to deserialize it by default. " +
                    "Please add it into security/serialize.allowlist or follow FAQ to configure it.";
                if (serializeSecurityManager.getWarnedClasses().add(className)) {
-                    logger.error(PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "", msg);
+                    logger.warn(PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "", msg);
                }

                throw new IllegalArgumentException(msg);
@ -180,7 +180,7 @@ public class DefaultSerializeClassChecker implements AllowClassNotifyListener {
                    "Current mode is `WARN`, will disallow to deserialize it by default. " +
                    "Please add it into security/serialize.allowlist or follow FAQ to configure it.";
                if (serializeSecurityManager.getWarnedClasses().add(className)) {
-                    logger.error(PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "", msg);
+                    logger.warn(PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "", msg);
                }

                throw new IllegalArgumentException(msg);
@ -189,7 +189,7 @@ public class DefaultSerializeClassChecker implements AllowClassNotifyListener {

        Class<?> clazz = ClassUtils.forName(className, classLoader);
        if (serializeSecurityManager.getWarnedClasses().add(className)) {
-            logger.error(PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "",
+            logger.warn(PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "",
                "[Serialization Security] Serialized class " + className + " is not in allow list. " +
                    "Current mode is `WARN`, will allow to deserialize it by default. " +
                    "Dubbo will set to `STRICT` mode by default in the future. " +
--- a/dubbo-serialization/dubbo-serialization-fastjson2/src/main/java/org/apache/dubbo/common/serialize/fastjson2/Fastjson2SecurityManager.java
+++ b/dubbo-serialization/dubbo-serialization-fastjson2/src/main/java/org/apache/dubbo/common/serialize/fastjson2/Fastjson2SecurityManager.java
@ -122,7 +122,7 @@ public class Fastjson2SecurityManager implements AllowClassNotifyListener {
            Class<?> localClass = loadClassDirectly(typeName);
            if (localClass != null) {
                if (status == SerializeCheckStatus.WARN && serializeSecurityManager.getWarnedClasses().add(typeName)) {
-                    logger.error(PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "",
+                    logger.warn(PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "",
                        "[Serialization Security] Serialized class " + localClass.getName() + " is not in allow list. " +
                            "Current mode is `WARN`, will allow to deserialize it by default. " +
                            "Dubbo will set to `STRICT` mode by default in the future. " +
@ -152,7 +152,7 @@ public class Fastjson2SecurityManager implements AllowClassNotifyListener {
                    "Current mode is `WARN`, will disallow to deserialize it by default. " +
                    "Please add it into security/serialize.allowlist or follow FAQ to configure it.";
                if (serializeSecurityManager.getWarnedClasses().add(typeName)) {
-                    logger.error(PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "", msg);
+                    logger.warn(PROTOCOL_UNTRUSTED_SERIALIZE_CLASS, "", "", msg);
                }
            }