Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.lang.io;
020
021import java.beans.XMLDecoder;
022import java.beans.XMLEncoder;
023import java.io.BufferedInputStream;
024import java.io.BufferedOutputStream;
025import java.io.ByteArrayInputStream;
026import java.io.ByteArrayOutputStream;
027
028/**
029 * Serializer implementation that uses the JavaBeans
030 * {@link java.beans.XMLEncoder XMLEncoder} and {@link java.beans.XMLDecoder XMLDecoder} to serialize
031 * and deserialize, respectively.
032 * <p/>
033 * <b>NOTE:</b> The JavaBeans XMLEncoder/XMLDecoder only successfully encode/decode objects when they are
034 * JavaBeans compatible!
035 *
036 * @since 0.9
037 * @deprecated This class should not be used directly because of unsecure XMLEncoder/XMLDecoder usage.
038 */
039@Deprecated(forRemoval = true)
040public class XmlSerializer implements Serializer {
041
042    /**
043     * Serializes the specified <code>source</code> into a byte[] array by using the
044     * {@link java.beans.XMLEncoder XMLEncoder} to encode the object out to a
045     * {@link java.io.ByteArrayOutputStream ByteArrayOutputStream}, where the resulting byte[] array is returned.
046     *
047     * @param source the Object to convert into a byte[] array.
048     * @return the byte[] array representation of the XML encoded output.
049     */
050    public byte[] serialize(Object source) {
051        if (source == null) {
052            String msg = "argument cannot be null.";
053            throw new IllegalArgumentException(msg);
054        }
055
056        ByteArrayOutputStream bos = new ByteArrayOutputStream();
057        XMLEncoder encoder = new XMLEncoder(new BufferedOutputStream(bos));
058        encoder.writeObject(source);
059        encoder.close();
060
061        return bos.toByteArray();
062    }
063
064    /**
065     * Deserializes the specified <code>serialized</code> source back into an Object by using a
066     * {@link java.io.ByteArrayInputStream ByteArrayInputStream} to wrap the argument and then decode this
067     * stream via an {@link java.beans.XMLDecoder XMLDecoder}, where the
068     * {@link java.beans.XMLDecoder#readObject() readObject} call results in the original Object to return.
069     *
070     * @param serialized the byte[] array representation of the XML encoded output.
071     * @return the original source Object in reconstituted form.
072     */
073    public Object deserialize(byte[] serialized) {
074        if (serialized == null) {
075            throw new IllegalArgumentException("Argument cannot be null.");
076        }
077        ByteArrayInputStream bis = new ByteArrayInputStream(serialized);
078        XMLDecoder decoder = new XMLDecoder(new BufferedInputStream(bis));
079        Object o = decoder.readObject();
080        decoder.close();
081        return o;
082    }
083}