diff options
author | Andrew Vuong <akvuong@google.com> | 2023-02-22 21:15:09 +0000 |
---|---|---|
committer | Andrew Vuong <akvuong@google.com> | 2023-02-22 21:15:09 +0000 |
commit | 03558f0eecbc5e068b27549c630fe651b2790369 (patch) | |
tree | 8e1380b130c548b03135010a952574030e77ada9 /src/main/java/org/apache/commons/lang3/SerializationUtils.java | |
parent | 2a77099c93be7bbf4d56b677d968bfca258b558f (diff) | |
parent | ff344be6c0384630de66ca1a0f5955e41c32a627 (diff) | |
download | apache-commons-lang-03558f0eecbc5e068b27549c630fe651b2790369.tar.gz |
Merge of apache-commons-lang from aosp/masteraml_tz4_332714010
Bug: 262898801
Test: mma
Change-Id: Iececf3217858e41a98f4379f9b96bebcc926a95d
Diffstat (limited to 'src/main/java/org/apache/commons/lang3/SerializationUtils.java')
-rw-r--r-- | src/main/java/org/apache/commons/lang3/SerializationUtils.java | 281 |
1 files changed, 281 insertions, 0 deletions
diff --git a/src/main/java/org/apache/commons/lang3/SerializationUtils.java b/src/main/java/org/apache/commons/lang3/SerializationUtils.java new file mode 100644 index 000000000..b608b7dca --- /dev/null +++ b/src/main/java/org/apache/commons/lang3/SerializationUtils.java @@ -0,0 +1,281 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.commons.lang3; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.io.ObjectStreamClass; +import java.io.OutputStream; +import java.io.Serializable; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +/** + * Assists with the serialization process and performs additional functionality based + * on serialization. + * + * <ul> + * <li>Deep clone using serialization + * <li>Serialize managing finally and IOException + * <li>Deserialize managing finally and IOException + * </ul> + * + * <p>This class throws exceptions for invalid {@code null} inputs. + * Each method documents its behavior in more detail.</p> + * + * <p>#ThreadSafe#</p> + * @since 1.0 + */ +public class SerializationUtils { + + /** + * Custom specialization of the standard JDK {@link java.io.ObjectInputStream} + * that uses a custom {@link ClassLoader} to resolve a class. + * If the specified {@link ClassLoader} is not able to resolve the class, + * the context classloader of the current thread will be used. + * This way, the standard deserialization work also in web-application + * containers and application servers, no matter in which of the + * {@link ClassLoader} the particular class that encapsulates + * serialization/deserialization lives. + * + * <p>For more in-depth information about the problem for which this + * class here is a workaround, see the JIRA issue LANG-626.</p> + */ + static class ClassLoaderAwareObjectInputStream extends ObjectInputStream { + private static final Map<String, Class<?>> primitiveTypes = + new HashMap<>(); + + static { + primitiveTypes.put("byte", byte.class); + primitiveTypes.put("short", short.class); + primitiveTypes.put("int", int.class); + primitiveTypes.put("long", long.class); + primitiveTypes.put("float", float.class); + primitiveTypes.put("double", double.class); + primitiveTypes.put("boolean", boolean.class); + primitiveTypes.put("char", char.class); + primitiveTypes.put("void", void.class); + } + + private final ClassLoader classLoader; + + /** + * Constructor. + * @param in The {@link InputStream}. + * @param classLoader classloader to use + * @throws IOException if an I/O error occurs while reading stream header. + * @see java.io.ObjectInputStream + */ + ClassLoaderAwareObjectInputStream(final InputStream in, final ClassLoader classLoader) throws IOException { + super(in); + this.classLoader = classLoader; + } + + /** + * Overridden version that uses the parameterized {@link ClassLoader} or the {@link ClassLoader} + * of the current {@link Thread} to resolve the class. + * @param desc An instance of class {@link ObjectStreamClass}. + * @return A {@link Class} object corresponding to {@code desc}. + * @throws IOException Any of the usual Input/Output exceptions. + * @throws ClassNotFoundException If class of a serialized object cannot be found. + */ + @Override + protected Class<?> resolveClass(final ObjectStreamClass desc) throws IOException, ClassNotFoundException { + final String name = desc.getName(); + try { + return Class.forName(name, false, classLoader); + } catch (final ClassNotFoundException ex) { + try { + return Class.forName(name, false, Thread.currentThread().getContextClassLoader()); + } catch (final ClassNotFoundException cnfe) { + final Class<?> cls = primitiveTypes.get(name); + if (cls != null) { + return cls; + } + throw cnfe; + } + } + } + + } + + /** + * Deep clone an {@link Object} using serialization. + * + * <p>This is many times slower than writing clone methods by hand + * on all objects in your object graph. However, for complex object + * graphs, or for those that don't support deep cloning this can + * be a simple alternative implementation. Of course all the objects + * must be {@link Serializable}.</p> + * + * @param <T> the type of the object involved + * @param object the {@link Serializable} object to clone + * @return the cloned object + * @throws SerializationException (runtime) if the serialization fails + */ + public static <T extends Serializable> T clone(final T object) { + if (object == null) { + return null; + } + final byte[] objectData = serialize(object); + final ByteArrayInputStream bais = new ByteArrayInputStream(objectData); + + final Class<T> cls = ObjectUtils.getClass(object); + try (ClassLoaderAwareObjectInputStream in = new ClassLoaderAwareObjectInputStream(bais, cls.getClassLoader())) { + /* + * when we serialize and deserialize an object, it is reasonable to assume the deserialized object is of the + * same type as the original serialized object + */ + return cls.cast(in.readObject()); + + } catch (final ClassNotFoundException | IOException ex) { + throw new SerializationException( + String.format("%s while reading cloned object data", ex.getClass().getSimpleName()), ex); + } + } + + /** + * Deserializes a single {@link Object} from an array of bytes. + * + * <p> + * If the call site incorrectly types the return value, a {@link ClassCastException} is thrown from the call site. + * Without Generics in this declaration, the call site must type cast and can cause the same ClassCastException. + * Note that in both cases, the ClassCastException is in the call site, not in this method. + * </p> + * + * @param <T> the object type to be deserialized + * @param objectData + * the serialized object, must not be null + * @return the deserialized object + * @throws NullPointerException if {@code objectData} is {@code null} + * @throws SerializationException (runtime) if the serialization fails + */ + public static <T> T deserialize(final byte[] objectData) { + Objects.requireNonNull(objectData, "objectData"); + return deserialize(new ByteArrayInputStream(objectData)); + } + + /** + * Deserializes an {@link Object} from the specified stream. + * + * <p> + * The stream will be closed once the object is written. This avoids the need for a finally clause, and maybe also + * exception handling, in the application code. + * </p> + * + * <p> + * The stream passed in is not buffered internally within this method. This is the responsibility of your + * application if desired. + * </p> + * + * <p> + * If the call site incorrectly types the return value, a {@link ClassCastException} is thrown from the call site. + * Without Generics in this declaration, the call site must type cast and can cause the same ClassCastException. + * Note that in both cases, the ClassCastException is in the call site, not in this method. + * </p> + * + * @param <T> the object type to be deserialized + * @param inputStream + * the serialized object input stream, must not be null + * @return the deserialized object + * @throws NullPointerException if {@code inputStream} is {@code null} + * @throws SerializationException (runtime) if the serialization fails + */ + @SuppressWarnings("resource") // inputStream is managed by the caller + public static <T> T deserialize(final InputStream inputStream) { + Objects.requireNonNull(inputStream, "inputStream"); + try (ObjectInputStream in = new ObjectInputStream(inputStream)) { + @SuppressWarnings("unchecked") + final T obj = (T) in.readObject(); + return obj; + } catch (final ClassNotFoundException | IOException ex) { + throw new SerializationException(ex); + } + } + + /** + * Performs a serialization roundtrip. Serializes and deserializes the given object, great for testing objects that + * implement {@link Serializable}. + * + * @param <T> + * the type of the object involved + * @param obj + * the object to roundtrip + * @return the serialized and deserialized object + * @since 3.3 + */ + @SuppressWarnings("unchecked") // OK, because we serialized a type `T` + public static <T extends Serializable> T roundtrip(final T obj) { + return (T) deserialize(serialize(obj)); + } + + /** + * Serializes an {@link Object} to a byte array for + * storage/serialization. + * + * @param obj the object to serialize to bytes + * @return a byte[] with the converted Serializable + * @throws SerializationException (runtime) if the serialization fails + */ + public static byte[] serialize(final Serializable obj) { + final ByteArrayOutputStream baos = new ByteArrayOutputStream(512); + serialize(obj, baos); + return baos.toByteArray(); + } + + /** + * Serializes an {@link Object} to the specified stream. + * + * <p>The stream will be closed once the object is written. + * This avoids the need for a finally clause, and maybe also exception + * handling, in the application code.</p> + * + * <p>The stream passed in is not buffered internally within this method. + * This is the responsibility of your application if desired.</p> + * + * @param obj the object to serialize to bytes, may be null + * @param outputStream the stream to write to, must not be null + * @throws NullPointerException if {@code outputStream} is {@code null} + * @throws SerializationException (runtime) if the serialization fails + */ + @SuppressWarnings("resource") // outputStream is managed by the caller + public static void serialize(final Serializable obj, final OutputStream outputStream) { + Objects.requireNonNull(outputStream, "outputStream"); + try (ObjectOutputStream out = new ObjectOutputStream(outputStream)) { + out.writeObject(obj); + } catch (final IOException ex) { + throw new SerializationException(ex); + } + } + + /** + * SerializationUtils instances should NOT be constructed in standard programming. + * Instead, the class should be used as {@code SerializationUtils.clone(object)}. + * + * <p>This constructor is public to permit tools that require a JavaBean instance + * to operate.</p> + * @since 2.0 + */ + public SerializationUtils() { + } + +} |