allow-java-serialization = off breaks remoting

[Alan Burlison]

I'm using protobuf serialization for my application messages and as
recommended in the docs I also have "allow-java-serialization = false":

https://doc.akka.io/docs/akka/2.5/serialization.html#enable-additional-bindings

"A few types in Akka are, for backwards-compatibility reasons, still
serialized by using Java serializer by default. You can switch them to
using protocol buffers instead by adding the following bindings or set
akka.actor.allow-java-serialization=off, which will make them serialized
using protocol buffers instead."

However if I do the following to get a remote ActorRef:

----------
val remote: ActorSelection ...
:
remote ! Identify
----------

I get the following fatal failure:

[WARN] [SECURITY][02/21/2018 15:44:45.815]
[RITA-akka.remote.default-remote-dispatcher-8]
[DisabledJavaSerializer(akka://RITA)] Outgoing message attempted to use
Java Serialization even though `akka.actor.allow-java-serialization =
off` was set! Message type was: [class akka.actor.ActorSelection$$anon$1]
[ERROR] [02/21/2018 15:44:45.818]
[RITA-akka.remote.default-remote-dispatcher-8] [Encoder(akka://RITA)]
Failed to serialize message [akka.actor.Identify].
(akka.serialization.DisabledJavaSerializer$JavaSerializationException:
Attempted to serialize message using Java serialization while
`akka.actor.allow-java-serialization` was disabled. Check WARNING logs
for more details.)

I'm clearly missing something obvious because what is documented simply
isn't working for me, but I can't figure out what.

Thanks,

--
Alan Burlison
--

[Konrad “ktoso” Malawski]

You’re attempting to send a function.

remote ! Identify  <<< Identify here is wrong

Note that it is a case class, that takes a parameter:

final case class Identify(messageId: Any)

remote ! Identify(“hello”)

should work just fine.

-- 

Cheers,

Konrad 'ktoso' Malawski

Akka @ Lightbend

--
>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ: http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
---
You received this message because you are subscribed to the Google Groups "Akka User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to akka-user+...@googlegroups.com.
To post to this group, send email to akka...@googlegroups.com.
Visit this group at https://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.

[Alan Burlison]

On 21/02/18 15:52, Konrad “ktoso” Malawski wrote:

> You’re attempting to send a function.
>
> remote ! Identify <<< Identify here is wrong
>
> Note that it is a case class, that takes a parameter:
>
> final case class Identify(messageId: Any)
>
> remote ! Identify(“hello”)
>
> should work just fine.

Ahah, my assessment of my stupidity was spot on, thanks ;-)

I had also tried:

remote ! Identify(remote)

but that didn't work either, following your hint:

remote ! Identity(remote.toSerializationFormat)

also works. Is there a list anywhere of what Akka/Scala types have
default protobuf serializers?

On a related note, I enabled "akka.actor.serialize-creators" but that
triggered:

[WARN] [SECURITY][02/21/2018 18:01:29.021] [main]

[DisabledJavaSerializer(akka://RITA)] Outgoing message attempted to use
Java Serialization even though `akka.actor.allow-java-serialization =

off` was set! Message type was: [class java.lang.Class]

which isn't exactly helpful in identifying the error. I suspect it's
cause by the companion object Props creator pattern that's recommended
in the docs, e.g.

object Controller {
def props = Props(new Controller)
}

If I use the

system.actorOf(Props(classOf[MyActor], arg1, arg2))

alternative I get a slightly different error:

> [WARN] [SECURITY][02/21/2018 18:16:18.205] [main] [DisabledJavaSerializer(akka://RITA)] Outgoing message attempted to use Java Serialization even though `akka.actor.allow-java-serialization = off` was set! Message type was: [class akka.actor.ActorSelection$$anon$1]

Doesn't this mean that "akka.actor.serialize-creators" is pretty much
useless in practice?

--
Alan Burlison
--

[Patrik Nordwall]

On Wed, Feb 21, 2018 at 7:18 PM, Alan Burlison <alan.b...@gmail.com> wrote:

On 21/02/18 15:52, Konrad “ktoso” Malawski wrote:

You’re attempting to send a function.

remote ! Identify  <<< Identify here is wrong

Note that it is a case class, that takes a parameter:

final case class Identify(messageId: Any)

remote ! Identify(“hello”)

should work just fine.

Ahah, my assessment of my stupidity was spot on, thanks ;-)

I had also tried:

    remote ! Identify(remote)

but that didn't work either, following your hint:

    remote ! Identity(remote.toSerializationFormat)

also works. Is there a list anywhere of what Akka/Scala types have default protobuf serializers?

Search for serialization-bindings in reference.conf, which you find here: https://doc.akka.io/docs/akka/current/general/configuration.html#listing-of-the-reference-configuration

 

On a related note, I enabled "akka.actor.serialize-creators" but that triggered:

[WARN] [SECURITY][02/21/2018 18:01:29.021] [main] [DisabledJavaSerializer(akka://RITA)] Outgoing message attempted to use Java Serialization even though `akka.actor.allow-java-serialization = off` was set! Message type was: [class java.lang.Class]

which isn't exactly helpful in identifying the error. I suspect it's cause by the companion object Props creator pattern that's recommended in the docs, e.g.

    object Controller {
      def props = Props(new Controller)
    }

If I use the

    system.actorOf(Props(classOf[MyActor], arg1, arg2))

alternative I get a slightly different error:

[WARN] [SECURITY][02/21/2018 18:16:18.205] [main] [DisabledJavaSerializer(akka://RITA)] Outgoing message attempted to use Java Serialization even though `akka.actor.allow-java-serialization = off` was set! Message type was: [class akka.actor.ActorSelection$$anon$1]

Doesn't this mean that "akka.actor.serialize-creators" is pretty much useless in practice?

Serailization of Props and its parameters are only needed for the remote deployment feature and that is something that we in general don't encourage (so much anymore).

akka.actor.serialize-creators = on and akka.actor.serialize-messages = on are testing facilities that are a bit too blunt in practice, since there are typically many messages and Props that are only intended to be used locally and doesn't have to be serializable. Even though Akka actors have location transparency as one of its core traits you typically design your system with local and possibly remote actors in mind.

That said, if you anyway want to use these testing tools anyway you have to provide serializers for everything or mark things with NoSerializationVerificationNeeded.

/Patrik

 

--
Alan Burlison
--

--

     Read the docs: http://akka.io/docs/
     Check the FAQ: http://doc.akka.io/docs/akka/current/additional/faq.html
     Search the archives: https://groups.google.com/group/akka-user

--- You received this message because you are subscribed to the Google Groups "Akka User List" group.

To unsubscribe from this group and stop receiving emails from it, send an email to akka-user+unsubscribe@googlegroups.com.

To post to this group, send email to akka...@googlegroups.com.
Visit this group at https://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.

--

Patrik Nordwall
Akka Tech Lead
Lightbend -  Reactive apps on the JVM
Twitter: @patriknw

[Alan Burlison]

On 21/02/18 19:14, Patrik Nordwall wrote:

> Search for serialization-bindings in reference.conf, which you find here:
> https://doc.akka.io/docs/akka/current/general/configuration.html#listing-of-the-reference-configuration

Thanks, that's very helpful - I had looked in there before but hadn't
picked up that there are multiple serialization-bindings in there.

> Serailization of Props and its parameters are only needed for the remote
> deployment feature and that is something that we in general don't encourage
> (so much anymore).
>
> akka.actor.serialize-creators = on and akka.actor.serialize-messages = on
> are testing facilities that are a bit too blunt in practice, since there
> are typically many messages and Props that are only intended to be used
> locally and doesn't have to be serializable. Even though Akka actors have
> location transparency as one of its core traits you typically design your
> system with local and possibly remote actors in mind.

Yes, that makes sense, thanks for the explanation.

> That said, if you anyway want to use these testing tools anyway you have to
> provide serializers for everything or mark things
> with NoSerializationVerificationNeeded.

That's interesting I didn't realise you could tag things to exclude, thanks.

--
Alan Burlison
--

[Patrik Nordwall]

On Thu, Feb 22, 2018 at 12:34 AM, Alan Burlison <alan.b...@gmail.com> wrote:

On 21/02/18 19:14, Patrik Nordwall wrote:

Search for serialization-bindings in reference.conf, which you find here:
https://doc.akka.io/docs/akka/current/general/configuration.html#listing-of-the-reference-configuration

Thanks, that's very helpful - I had looked in there before but hadn't picked up that there are multiple serialization-bindings in there.

yes, different modules/libraries can contribute to serialization-bindings, and so can application.conf in the end user applications

 

Serailization of Props and its parameters are only needed for the remote
deployment feature and that is something that we in general don't encourage
(so much anymore).

akka.actor.serialize-creators = on and akka.actor.serialize-messages = on
are testing facilities that are a bit too blunt in practice, since there
are typically many messages and Props that are only intended to be used
locally and doesn't have to be serializable. Even though Akka actors have
location transparency as one of its core traits you typically design your
system with local and possibly remote actors in mind.

Yes, that makes sense, thanks for the explanation.

That said, if you anyway want to use these testing tools anyway you have to
provide serializers for everything or mark things
with NoSerializationVerificationNeeded.

That's interesting I didn't realise you could tag things to exclude, thanks.

--
Alan Burlison
--

--

     Read the docs: http://akka.io/docs/
     Check the FAQ: http://doc.akka.io/docs/akka/current/additional/faq.html
     Search the archives: https://groups.google.com/group/akka-user

--- You received this message because you are subscribed to the Google Groups "Akka User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to akka-user+unsubscribe@googlegroups.com.
To post to this group, send email to akka...@googlegroups.com.
Visit this group at https://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.