Removing, deprecating and replacing usage of black/whitelist (#29254)

akka-remote/src/main/scala/akka/remote/serialization/ProtobufSerializer.scala

@@ -47,9 +47,9 @@ class ProtobufSerializer(val system: ExtendedActorSystem) extends BaseSerializer
   private val parsingMethodBindingRef = new AtomicReference[Map[Class[_], Method]](Map.empty)
   private val toByteArrayMethodBindingRef = new AtomicReference[Map[Class[_], Method]](Map.empty)
 
-  private val whitelistClassNames: Set[String] = {
+  private val allowedClassNames: Set[String] = {
     import akka.util.ccompat.JavaConverters._
-    system.settings.config.getStringList("akka.serialization.protobuf.whitelist-class").asScala.toSet
+    system.settings.config.getStringList("akka.serialization.protobuf.allowed-classes").asScala.toSet
   }
 
   // This must lazy otherwise it will deadlock the ActorSystem creation
@@ -110,18 +110,18 @@ class ProtobufSerializer(val system: ExtendedActorSystem) extends BaseSerializer
   }
 
   private def checkAllowedClass(clazz: Class[_]): Unit = {
-    if (!isInWhitelist(clazz)) {
+    if (!isInAllowList(clazz)) {
       val warnMsg = s"Can't deserialize object of type [${clazz.getName}] in [${getClass.getName}]. " +
-        "Only classes that are whitelisted are allowed for security reasons. " +
-        "Configure whitelist with akka.actor.serialization-bindings or " +
-        "akka.serialization.protobuf.whitelist-class"
+        "Only classes that are on the allow list are allowed for security reasons. " +
+        "Configure allowed classes with akka.actor.serialization-bindings or " +
+        "akka.serialization.protobuf.allowed-classes"
       log.warning(LogMarker.Security, warnMsg)
       throw new IllegalArgumentException(warnMsg)
     }
   }
 
   /**
-   * Using the `serialization-bindings` as source for the whitelist.
+   * Using the `serialization-bindings` as source for the allowed classes.
    * Note that the intended usage of serialization-bindings is for lookup of
    * serializer when serializing (`toBinary`). For deserialization (`fromBinary`) the serializer-id is
    * used for selecting serializer.
@@ -130,13 +130,13 @@ class ProtobufSerializer(val system: ExtendedActorSystem) extends BaseSerializer
    *
    * If an old class is removed from `serialization-bindings` when it's not used for serialization
    * but still used for deserialization (e.g. rolling update with serialization changes) it can
-   * be allowed by specifying in `akka.protobuf.whitelist-class`.
+   * be allowed by specifying in `akka.protobuf.allowed-classes`.
    *
    * That is also possible when changing a binding from a ProtobufSerializer to another serializer (e.g. Jackson)
    * and still bind with the same class (interface).
    */
-  private def isInWhitelist(clazz: Class[_]): Boolean = {
-    isBoundToProtobufSerializer(clazz) || isInWhitelistClassName(clazz)
+  private def isInAllowList(clazz: Class[_]): Boolean = {
+    isBoundToProtobufSerializer(clazz) || isInAllowListClassName(clazz)
   }
 
   private def isBoundToProtobufSerializer(clazz: Class[_]): Boolean = {
@@ -148,9 +148,9 @@ class ProtobufSerializer(val system: ExtendedActorSystem) extends BaseSerializer
     }
   }
 
-  private def isInWhitelistClassName(clazz: Class[_]): Boolean = {
-    whitelistClassNames(clazz.getName) ||
-    whitelistClassNames(clazz.getSuperclass.getName) ||
-    clazz.getInterfaces.exists(c => whitelistClassNames(c.getName))
+  private def isInAllowListClassName(clazz: Class[_]): Boolean = {
+    allowedClassNames(clazz.getName) ||
+    allowedClassNames(clazz.getSuperclass.getName) ||
+    clazz.getInterfaces.exists(c => allowedClassNames(c.getName))
   }
 }