/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.commons.lang3; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.ObjectStreamClass; import java.io.OutputStream; import java.io.Serializable; import java.util.HashMap; import java.util.Map; import java.util.Objects; /** * Assists with the serialization process and performs additional functionality based * on serialization. * * * *

This class throws exceptions for invalid {@code null} inputs. * Each method documents its behavior in more detail.

* *

#ThreadSafe#

* @since 1.0 */ public class SerializationUtils { /** * Custom specialization of the standard JDK {@link java.io.ObjectInputStream} * that uses a custom {@link ClassLoader} to resolve a class. * If the specified {@link ClassLoader} is not able to resolve the class, * the context classloader of the current thread will be used. * This way, the standard deserialization work also in web-application * containers and application servers, no matter in which of the * {@link ClassLoader} the particular class that encapsulates * serialization/deserialization lives. * *

For more in-depth information about the problem for which this * class here is a workaround, see the JIRA issue LANG-626.

*/ static class ClassLoaderAwareObjectInputStream extends ObjectInputStream { private static final Map> primitiveTypes = new HashMap<>(); static { primitiveTypes.put("byte", byte.class); primitiveTypes.put("short", short.class); primitiveTypes.put("int", int.class); primitiveTypes.put("long", long.class); primitiveTypes.put("float", float.class); primitiveTypes.put("double", double.class); primitiveTypes.put("boolean", boolean.class); primitiveTypes.put("char", char.class); primitiveTypes.put("void", void.class); } private final ClassLoader classLoader; /** * Constructor. * @param in The {@link InputStream}. * @param classLoader classloader to use * @throws IOException if an I/O error occurs while reading stream header. * @see java.io.ObjectInputStream */ ClassLoaderAwareObjectInputStream(final InputStream in, final ClassLoader classLoader) throws IOException { super(in); this.classLoader = classLoader; } /** * Overridden version that uses the parameterized {@link ClassLoader} or the {@link ClassLoader} * of the current {@link Thread} to resolve the class. * @param desc An instance of class {@link ObjectStreamClass}. * @return A {@link Class} object corresponding to {@code desc}. * @throws IOException Any of the usual Input/Output exceptions. * @throws ClassNotFoundException If class of a serialized object cannot be found. */ @Override protected Class resolveClass(final ObjectStreamClass desc) throws IOException, ClassNotFoundException { final String name = desc.getName(); try { return Class.forName(name, false, classLoader); } catch (final ClassNotFoundException ex) { try { return Class.forName(name, false, Thread.currentThread().getContextClassLoader()); } catch (final ClassNotFoundException cnfe) { final Class cls = primitiveTypes.get(name); if (cls != null) { return cls; } throw cnfe; } } } } /** * Deep clone an {@link Object} using serialization. * *

This is many times slower than writing clone methods by hand * on all objects in your object graph. However, for complex object * graphs, or for those that don't support deep cloning this can * be a simple alternative implementation. Of course all the objects * must be {@link Serializable}.

* * @param the type of the object involved * @param object the {@link Serializable} object to clone * @return the cloned object * @throws SerializationException (runtime) if the serialization fails */ public static T clone(final T object) { if (object == null) { return null; } final byte[] objectData = serialize(object); final ByteArrayInputStream bais = new ByteArrayInputStream(objectData); final Class cls = ObjectUtils.getClass(object); try (ClassLoaderAwareObjectInputStream in = new ClassLoaderAwareObjectInputStream(bais, cls.getClassLoader())) { /* * when we serialize and deserialize an object, it is reasonable to assume the deserialized object is of the * same type as the original serialized object */ return cls.cast(in.readObject()); } catch (final ClassNotFoundException | IOException ex) { throw new SerializationException( String.format("%s while reading cloned object data", ex.getClass().getSimpleName()), ex); } } /** * Deserializes a single {@link Object} from an array of bytes. * *

* If the call site incorrectly types the return value, a {@link ClassCastException} is thrown from the call site. * Without Generics in this declaration, the call site must type cast and can cause the same ClassCastException. * Note that in both cases, the ClassCastException is in the call site, not in this method. *

* * @param the object type to be deserialized * @param objectData * the serialized object, must not be null * @return the deserialized object * @throws NullPointerException if {@code objectData} is {@code null} * @throws SerializationException (runtime) if the serialization fails */ public static T deserialize(final byte[] objectData) { Objects.requireNonNull(objectData, "objectData"); return deserialize(new ByteArrayInputStream(objectData)); } /** * Deserializes an {@link Object} from the specified stream. * *

* The stream will be closed once the object is written. This avoids the need for a finally clause, and maybe also * exception handling, in the application code. *

* *

* The stream passed in is not buffered internally within this method. This is the responsibility of your * application if desired. *

* *

* If the call site incorrectly types the return value, a {@link ClassCastException} is thrown from the call site. * Without Generics in this declaration, the call site must type cast and can cause the same ClassCastException. * Note that in both cases, the ClassCastException is in the call site, not in this method. *

* * @param the object type to be deserialized * @param inputStream * the serialized object input stream, must not be null * @return the deserialized object * @throws NullPointerException if {@code inputStream} is {@code null} * @throws SerializationException (runtime) if the serialization fails */ @SuppressWarnings("resource") // inputStream is managed by the caller public static T deserialize(final InputStream inputStream) { Objects.requireNonNull(inputStream, "inputStream"); try (ObjectInputStream in = new ObjectInputStream(inputStream)) { @SuppressWarnings("unchecked") final T obj = (T) in.readObject(); return obj; } catch (final ClassNotFoundException | IOException ex) { throw new SerializationException(ex); } } /** * Performs a serialization roundtrip. Serializes and deserializes the given object, great for testing objects that * implement {@link Serializable}. * * @param * the type of the object involved * @param obj * the object to roundtrip * @return the serialized and deserialized object * @since 3.3 */ @SuppressWarnings("unchecked") // OK, because we serialized a type `T` public static T roundtrip(final T obj) { return (T) deserialize(serialize(obj)); } /** * Serializes an {@link Object} to a byte array for * storage/serialization. * * @param obj the object to serialize to bytes * @return a byte[] with the converted Serializable * @throws SerializationException (runtime) if the serialization fails */ public static byte[] serialize(final Serializable obj) { final ByteArrayOutputStream baos = new ByteArrayOutputStream(512); serialize(obj, baos); return baos.toByteArray(); } /** * Serializes an {@link Object} to the specified stream. * *

The stream will be closed once the object is written. * This avoids the need for a finally clause, and maybe also exception * handling, in the application code.

* *

The stream passed in is not buffered internally within this method. * This is the responsibility of your application if desired.

* * @param obj the object to serialize to bytes, may be null * @param outputStream the stream to write to, must not be null * @throws NullPointerException if {@code outputStream} is {@code null} * @throws SerializationException (runtime) if the serialization fails */ @SuppressWarnings("resource") // outputStream is managed by the caller public static void serialize(final Serializable obj, final OutputStream outputStream) { Objects.requireNonNull(outputStream, "outputStream"); try (ObjectOutputStream out = new ObjectOutputStream(outputStream)) { out.writeObject(obj); } catch (final IOException ex) { throw new SerializationException(ex); } } /** * SerializationUtils instances should NOT be constructed in standard programming. * Instead, the class should be used as {@code SerializationUtils.clone(object)}. * *

This constructor is public to permit tools that require a JavaBean instance * to operate.

* @since 2.0 */ public SerializationUtils() { } }