Package org.apache.shiro.lang.io

Class XmlSerializer

java.lang.Object
org.apache.shiro.lang.io.XmlSerializer
All Implemented Interfaces:
Serializer
public class XmlSerializer extends Object implements Serializer
Deprecated.
This class should not be used directly because of unsecure XMLEncoder/XMLDecoder usage.
Serializer implementation that uses the JavaBeans XMLEncoder and XMLDecoder to serialize and deserialize, respectively.

NOTE: The JavaBeans XMLEncoder/XMLDecoder only successfully encode/decode objects when they are JavaBeans compatible!

Since:
0.9

  • Constructor Details

    • XmlSerializer

      public XmlSerializer()
      Deprecated.

  • Method Details

    • serialize

      public byte[] serialize(Object source)
      Deprecated.
      Serializes the specified source into a byte[] array by using the XMLEncoder to encode the object out to a ByteArrayOutputStream, where the resulting byte[] array is returned.
      Specified by:
      serialize in interface Serializer
      Parameters:
      source - the Object to convert into a byte[] array.
      Returns:
      the byte[] array representation of the XML encoded output.

    • deserialize

      public Object deserialize(byte[] serialized)
      Deprecated.
      Deserializes the specified serialized source back into an Object by using a ByteArrayInputStream to wrap the argument and then decode this stream via an XMLDecoder, where the readObject call results in the original Object to return.
      Specified by:
      deserialize in interface Serializer
      Parameters:
      serialized - the byte[] array representation of the XML encoded output.
      Returns:
      the original source Object in reconstituted form.