shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lhazlew...@apache.org
Subject svn commit: r1214564 - in /shiro/trunk/core/src/main/java/org/apache/shiro/io: ClassResolvingObjectInputStream.java DefaultSerializer.java
Date Wed, 14 Dec 2011 23:58:47 GMT
Author: lhazlewood
Date: Wed Dec 14 23:58:46 2011
New Revision: 1214564

URL: http://svn.apache.org/viewvc?rev=1214564&view=rev
Log:
SHIRO-334 - added initial implementation per issue description.

Added:
    shiro/trunk/core/src/main/java/org/apache/shiro/io/ClassResolvingObjectInputStream.java
Modified:
    shiro/trunk/core/src/main/java/org/apache/shiro/io/DefaultSerializer.java

Added: shiro/trunk/core/src/main/java/org/apache/shiro/io/ClassResolvingObjectInputStream.java
URL: http://svn.apache.org/viewvc/shiro/trunk/core/src/main/java/org/apache/shiro/io/ClassResolvingObjectInputStream.java?rev=1214564&view=auto
==============================================================================
--- shiro/trunk/core/src/main/java/org/apache/shiro/io/ClassResolvingObjectInputStream.java
(added)
+++ shiro/trunk/core/src/main/java/org/apache/shiro/io/ClassResolvingObjectInputStream.java
Wed Dec 14 23:58:46 2011
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.io;
+
+import org.apache.shiro.util.ClassUtils;
+import org.apache.shiro.util.UnknownClassException;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.ObjectInputStream;
+import java.io.ObjectStreamClass;
+
+/**
+ * Enables correct ClassLoader lookup in various environments (e.g. JEE Servers, etc).
+ *
+ * @since 1.2
+ * @see <a href="https://issues.apache.org/jira/browse/SHIRO-334">SHIRO-334</a>
+ */
+public class ClassResolvingObjectInputStream extends ObjectInputStream {
+
+    public ClassResolvingObjectInputStream(InputStream inputStream) throws IOException {
+        super(inputStream);
+    }
+
+    /**
+     * Resolves an {@link ObjectStreamClass} by delegating to Shiro's 
+     * {@link ClassUtils#forName(String)} utility method, which is known to work in all ClassLoader
environments.
+     * 
+     * @param osc the ObjectStreamClass to resolve the class name.
+     * @return the discovered class
+     * @throws IOException never - declaration retained for subclass consistency
+     * @throws ClassNotFoundException if the class could not be found in any known ClassLoader
+     */
+    @Override
+    protected Class<?> resolveClass(ObjectStreamClass osc) throws IOException, ClassNotFoundException
{
+        try {
+            return ClassUtils.forName(osc.getName());
+        } catch (UnknownClassException e) {
+            throw new ClassNotFoundException("Unable to load ObjectStreamClass [" + osc +
"]: ", e);
+        }
+    }
+}

Modified: shiro/trunk/core/src/main/java/org/apache/shiro/io/DefaultSerializer.java
URL: http://svn.apache.org/viewvc/shiro/trunk/core/src/main/java/org/apache/shiro/io/DefaultSerializer.java?rev=1214564&r1=1214563&r2=1214564&view=diff
==============================================================================
--- shiro/trunk/core/src/main/java/org/apache/shiro/io/DefaultSerializer.java (original)
+++ shiro/trunk/core/src/main/java/org/apache/shiro/io/DefaultSerializer.java Wed Dec 14 23:58:46
2011
@@ -72,7 +72,7 @@ public class DefaultSerializer<T> implem
         ByteArrayInputStream bais = new ByteArrayInputStream(serialized);
         BufferedInputStream bis = new BufferedInputStream(bais);
         try {
-            ObjectInputStream ois = new ObjectInputStream(bis);
+            ObjectInputStream ois = new ClassResolvingObjectInputStream(bis);
             @SuppressWarnings({"unchecked"})
             T deserialized = (T) ois.readObject();
             ois.close();



Mime
View raw message