All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.jboss.resteasy.plugins.providers.SerializableProvider Maven / Gradle / Ivy

The newest version!
package org.jboss.resteasy.plugins.providers;

import javax.ws.rs.Consumes;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.ext.MessageBodyReader;
import javax.ws.rs.ext.MessageBodyWriter;
import javax.ws.rs.ext.Provider;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.lang.annotation.Annotation;
import java.lang.reflect.Type;
import org.jboss.resteasy.resteasy_jaxrs.i18n.*;


/**
 * MessageBodyReader+Writer for serialized java objects.
 * 

* This Provider has been disabled by default because deserializing java objects from untrusted sources is unsafe. * (See http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ * or https://access.redhat.com/security/cve/cve-2015-7501). In case your application uses serialized objects and you trust * your remote REST partners, then you may enable this provider:

    *
  • Either by providing a file "META-INF/services/javax.ws.rs.ext.Providers" with the fully qualified * classname in classpath (See src/main/resources/ for an example. Multiple files in different jars are additive.)
  • *
  • Or register() this Provider at ResteasyProviderFactory or at the jax-rs client.
  • *
* * @author Ron Sigal * @version $Revision: 1.1 $ * * Created Mar 23, 2012 */ @Provider @Produces("application/x-java-serialized-object") @Consumes("application/x-java-serialized-object") @Deprecated public class SerializableProvider implements MessageBodyReader, MessageBodyWriter { public static final MediaType APPLICATION_SERIALIZABLE_TYPE = new MediaType("application", "x-java-serialized-object"); public static final String APPLICATION_SERIALIZABLE = APPLICATION_SERIALIZABLE_TYPE.toString(); public boolean isWriteable(Class type, Type genericType, Annotation[] annotations, MediaType mediaType) { return Serializable.class.isAssignableFrom(type) && APPLICATION_SERIALIZABLE_TYPE.getType().equals(mediaType.getType()) && APPLICATION_SERIALIZABLE_TYPE.getSubtype().equals(mediaType.getSubtype()); } public long getSize(Serializable t, Class type, Type genericType, Annotation[] annotations, MediaType mediaType) { return -1; } public void writeTo(Serializable t, Class type, Type genericType, Annotation[] annotations, MediaType mediaType, MultivaluedMap httpHeaders, OutputStream entityStream) throws IOException, WebApplicationException { LogMessages.LOGGER.debugf("Provider : %s, Method : writeTo", getClass().getName()); BufferedOutputStream bos = new BufferedOutputStream(entityStream); ObjectOutputStream oos = new ObjectOutputStream(bos); oos.writeObject(t); oos.close(); } public boolean isReadable(Class type, Type genericType, Annotation[] annotations, MediaType mediaType) { return Serializable.class.isAssignableFrom(type) && APPLICATION_SERIALIZABLE_TYPE.getType().equals(mediaType.getType()) && APPLICATION_SERIALIZABLE_TYPE.getSubtype().equals(mediaType.getSubtype()); } public Serializable readFrom(Class type, Type genericType, Annotation[] annotations, MediaType mediaType, MultivaluedMap httpHeaders, InputStream entityStream) throws IOException, WebApplicationException { LogMessages.LOGGER.debugf("Provider : %s, Method : readFrom", getClass().getName()); BufferedInputStream bis = new BufferedInputStream(entityStream); ObjectInputStream ois = new ObjectInputStream(bis); try { return Serializable.class.cast(ois.readObject()); } catch (ClassNotFoundException e) { throw new WebApplicationException(e); } } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy