Java tutorial
/* * Copyright 2008 Google Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); you may not * use this file except in compliance with the License. You may obtain a copy of * the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations under * the License. */ package com.google.gwt.user.server.rpc.impl; import com.google.gwt.user.client.rpc.IsSerializable; import com.google.gwt.user.client.rpc.SerializationException; import com.google.gwt.user.server.rpc.SerializationPolicy; import java.io.Serializable; import java.util.Arrays; import java.util.HashSet; import java.util.Set; /** * A serialization policy compatible with GWT 1.3.3 RPC. This is used when no * serialization policy file is present. * * <p> * The set of allowed types are: * </p> * <ol> * <li>Primitives</li> * <li>Types assignable to {@link IsSerializable}</li> * <li>Types with custom field serializers</li> * <li>Arrays of the above types</li> * </ol> * <p> * Types that derive from {@link Serializable} but do not meet any of the above * criteria may not be serialized as leaf types. However, their fields may be * serialized as super types of a legal type. * </p> */ public class LegacySerializationPolicy extends SerializationPolicy implements TypeNameObfuscator { private static final String ELISION_ERROR = "Type name elision in RPC " + "payloads is only supported if the RPC whitelist file is used."; /** * Many JRE types would appear to be {@link Serializable} on the server. * However, clients would not see these types as being {@link Serializable} * due to mismatches between the GWT JRE emulation and the real JRE. As a * workaround, this blacklist specifies a list of problematic types which * should be seen as not implementing {@link Serializable} for the purpose * matching the client's expectations. Note that a type on this list may still * be serializable via a custom serializer. */ private static final Class<?>[] JRE_BLACKLIST = { java.lang.ArrayStoreException.class, java.lang.AssertionError.class, java.lang.Boolean.class, java.lang.Byte.class, java.lang.Character.class, java.lang.Class.class, java.lang.ClassCastException.class, java.lang.Double.class, java.lang.Error.class, java.lang.Float.class, java.lang.IllegalArgumentException.class, java.lang.IllegalStateException.class, java.lang.IndexOutOfBoundsException.class, java.lang.Integer.class, java.lang.Long.class, java.lang.NegativeArraySizeException.class, java.lang.NullPointerException.class, java.lang.Number.class, java.lang.NumberFormatException.class, java.lang.Short.class, java.lang.StackTraceElement.class, java.lang.String.class, java.lang.StringBuffer.class, java.lang.StringIndexOutOfBoundsException.class, java.lang.UnsupportedOperationException.class, java.util.ArrayList.class, java.util.ConcurrentModificationException.class, java.util.Date.class, java.util.EmptyStackException.class, java.util.EventObject.class, java.util.HashMap.class, java.util.HashSet.class, java.util.MissingResourceException.class, java.util.NoSuchElementException.class, java.util.Stack.class, java.util.TooManyListenersException.class, java.util.Vector.class }; private static final Set<Class<?>> JRE_BLACKSET = new HashSet<Class<?>>(Arrays.asList(JRE_BLACKLIST)); private static final LegacySerializationPolicy sInstance = new LegacySerializationPolicy(); public static LegacySerializationPolicy getInstance() { return sInstance; } /** * Singleton. */ private LegacySerializationPolicy() { } /** * Implemented to fail with a useful error message. */ public final String getClassNameForTypeId(String id) throws SerializationException { throw new SerializationException(ELISION_ERROR); } /** * Implemented to fail with a useful error message. */ public final String getTypeIdForClass(Class<?> clazz) throws SerializationException { throw new SerializationException(ELISION_ERROR); } @Override public boolean shouldDeserializeFields(Class<?> clazz) { return isFieldSerializable(clazz); } @Override public boolean shouldSerializeFields(Class<?> clazz) { return isFieldSerializable(clazz); } @Override public void validateDeserialize(Class<?> clazz) throws SerializationException { if (!isInstantiable(clazz)) { throw new SerializationException("Type '" + clazz.getName() + "' was not assignable to '" + IsSerializable.class.getName() + "' and did not have a custom field serializer. " + "For security purposes, this type will not be deserialized."); } } @Override public void validateSerialize(Class<?> clazz) throws SerializationException { if (!isInstantiable(clazz)) { throw new SerializationException("Type '" + clazz.getName() + "' was not assignable to '" + IsSerializable.class.getName() + "' and did not have a custom field serializer." + "For security purposes, this type will not be serialized."); } } /** * Field serializable types are primitives, {@line IsSerializable}, * {@link Serializable}, types with custom serializers, and any arrays of * those types. */ private boolean isFieldSerializable(Class<?> clazz) { if (isInstantiable(clazz)) { return true; } if (Serializable.class.isAssignableFrom(clazz)) { return !JRE_BLACKSET.contains(clazz); } return false; } /** * Instantiable types are primitives, {@line IsSerializable}, types with * custom serializers, and any arrays of those types. Merely * {@link Serializable} types cannot be instantiated or serialized directly * (only as super types of legacy serializable types). */ private boolean isInstantiable(Class<?> clazz) { if (clazz.isPrimitive()) { return true; } if (clazz.isArray()) { return isInstantiable(clazz.getComponentType()); } if (IsSerializable.class.isAssignableFrom(clazz)) { return true; } return SerializabilityUtil.hasCustomFieldSerializer(clazz) != null; } }