org.apache.commons.collections.functors.InstantiateTransformer Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of commons-collections Show documentation
Show all versions of commons-collections Show documentation
Types that extend and augment the Java Collections Framework.
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.commons.collections.functors;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import org.apache.commons.collections.FunctorException;
import org.apache.commons.collections.Transformer;
/**
* Transformer implementation that creates a new object instance by reflection.
*
* WARNING: from v3.2.2 onwards this class will throw an
* {@link UnsupportedOperationException} when trying to serialize or
* de-serialize an instance to prevent potential remote code execution exploits.
*
* In order to re-enable serialization support for {@code InstantiateTransformer}
* the following system property can be used (via -Dproperty=true):
*
* org.apache.commons.collections.enableUnsafeSerialization
*
*
* @since Commons Collections 3.0
* @version $Revision: 1713845 $ $Date: 2015-11-11 15:02:16 +0100 (Wed, 11 Nov 2015) $
*
* @author Stephen Colebourne
*/
public class InstantiateTransformer implements Transformer, Serializable {
/** The serial version */
private static final long serialVersionUID = 3786388740793356347L;
/** Singleton instance that uses the no arg constructor */
public static final Transformer NO_ARG_INSTANCE = new InstantiateTransformer();
/** The constructor parameter types */
private final Class[] iParamTypes;
/** The constructor arguments */
private final Object[] iArgs;
/**
* Transformer method that performs validation.
*
* @param paramTypes the constructor parameter types
* @param args the constructor arguments
* @return an instantiate transformer
*/
public static Transformer getInstance(Class[] paramTypes, Object[] args) {
if (((paramTypes == null) && (args != null))
|| ((paramTypes != null) && (args == null))
|| ((paramTypes != null) && (args != null) && (paramTypes.length != args.length))) {
throw new IllegalArgumentException("Parameter types must match the arguments");
}
if (paramTypes == null || paramTypes.length == 0) {
return NO_ARG_INSTANCE;
} else {
paramTypes = (Class[]) paramTypes.clone();
args = (Object[]) args.clone();
}
return new InstantiateTransformer(paramTypes, args);
}
/**
* Constructor for no arg instance.
*/
private InstantiateTransformer() {
super();
iParamTypes = null;
iArgs = null;
}
/**
* Constructor that performs no validation.
* Use getInstance
if you want that.
*
* @param paramTypes the constructor parameter types, not cloned
* @param args the constructor arguments, not cloned
*/
public InstantiateTransformer(Class[] paramTypes, Object[] args) {
super();
iParamTypes = paramTypes;
iArgs = args;
}
/**
* Transforms the input Class object to a result by instantiation.
*
* @param input the input object to transform
* @return the transformed result
*/
public Object transform(Object input) {
try {
if (input instanceof Class == false) {
throw new FunctorException(
"InstantiateTransformer: Input object was not an instanceof Class, it was a "
+ (input == null ? "null object" : input.getClass().getName()));
}
Constructor con = ((Class) input).getConstructor(iParamTypes);
return con.newInstance(iArgs);
} catch (NoSuchMethodException ex) {
throw new FunctorException("InstantiateTransformer: The constructor must exist and be public ");
} catch (InstantiationException ex) {
throw new FunctorException("InstantiateTransformer: InstantiationException", ex);
} catch (IllegalAccessException ex) {
throw new FunctorException("InstantiateTransformer: Constructor must be public", ex);
} catch (InvocationTargetException ex) {
throw new FunctorException("InstantiateTransformer: Constructor threw an exception", ex);
}
}
/**
* Overrides the default writeObject implementation to prevent
* serialization (see COLLECTIONS-580).
*/
private void writeObject(ObjectOutputStream os) throws IOException {
FunctorUtils.checkUnsafeSerialization(InstantiateTransformer.class);
os.defaultWriteObject();
}
/**
* Overrides the default readObject implementation to prevent
* de-serialization (see COLLECTIONS-580).
*/
private void readObject(ObjectInputStream is) throws ClassNotFoundException, IOException {
FunctorUtils.checkUnsafeSerialization(InstantiateTransformer.class);
is.defaultReadObject();
}
}