org.apache.commons.io.serialization.ValidatingObjectInputStream Java Examples
The following examples show how to use
org.apache.commons.io.serialization.ValidatingObjectInputStream.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: RyaDetailsSerializer.java From rya with Apache License 2.0 | 5 votes |
|
/**
* Deserializes an instance of {@link RyaDetails}.
*
* @param bytes - The serialized for of a {@link RyaDetails}. (not null)
* @return The deserialized object.
*/
public RyaDetails deserialize(final byte[] bytes) throws SerializationException {
requireNonNull(bytes);
try (final ByteArrayInputStream stream = new ByteArrayInputStream(bytes); //
final ValidatingObjectInputStream vois = new ValidatingObjectInputStream(stream)
//// this is how you find classes that you missed in the accept list
// { @Override protected void invalidClassNameFound(String className) throws java.io.InvalidClassException {
// System.out.println("vois.accept(" + className + ".class, ");};};
) {
vois.accept(RyaDetails.class,
com.google.common.base.Optional.class, //
java.util.Date.class, //
java.lang.Enum.class);
vois.accept("com.google.common.base.Present", //
"com.google.common.base.Absent", //
"com.google.common.collect.ImmutableMap$SerializedForm", //
"com.google.common.collect.ImmutableBiMap$SerializedForm", //
"com.google.common.collect.ImmutableList$SerializedForm", //
"[Ljava.lang.Object;");
vois.accept(Pattern.compile("org\\.apache\\.rya\\.api\\.instance\\.RyaDetails.*"));
final Object o = vois.readObject();
if (!(o instanceof RyaDetails)) {
throw new SerializationException("Wrong type of object was deserialized. Class: " + o.getClass().getName());
}
return (RyaDetails) o;
} catch (final ClassNotFoundException | IOException e) {
throw new SerializationException("Could not deserialize an instance of RyaDetails.", e);
}
}
Example #2
| Source File: VisibilityBindingSetSerDe.java From rya with Apache License 2.0 | 5 votes |
|
/**
* Deserializes a {@link VisibilityBindingSet} from a {@link Bytes} object.
*
* @param bytes - The bytes that will be deserialized. (not null)
* @return The deserialized object.
* @throws Exception A problem was encountered while deserializing the object.
*/
public VisibilityBindingSet deserialize(final Bytes bytes) throws Exception {
requireNonNull(bytes);
try (final ValidatingObjectInputStream vois = new ValidatingObjectInputStream(new ByteArrayInputStream(bytes.toArray()))) {
// Perform input validation. Only the following classes are allowed to be deserialized.
vois.accept(
VisibilityBindingSet.class,
java.lang.Byte.class,
java.lang.Double.class,
java.lang.Float.class,
java.lang.Integer.class,
java.lang.Long.class,
java.lang.Number.class,
java.lang.Short.class,
java.math.BigDecimal.class,
java.math.BigInteger.class,
java.util.LinkedHashMap.class,
java.util.HashMap.class,
org.apache.rya.api.model.BindingSetDecorator.class,
org.eclipse.rdf4j.query.impl.SimpleBinding.class,
org.eclipse.rdf4j.model.impl.SimpleIRI.class,
org.eclipse.rdf4j.model.impl.SimpleLiteral.class,
org.eclipse.rdf4j.model.impl.IntegerLiteral.class,
org.eclipse.rdf4j.model.impl.DecimalLiteral.class,
org.eclipse.rdf4j.model.impl.NumericLiteral.class,
org.eclipse.rdf4j.query.AbstractBindingSet.class,
org.eclipse.rdf4j.query.algebra.evaluation.QueryBindingSet.class,
org.eclipse.rdf4j.query.impl.MapBindingSet.class
);
vois.accept("[B");
final Object o = vois.readObject();
if(o instanceof VisibilityBindingSet) {
return (VisibilityBindingSet) o;
} else {
throw new Exception("Deserialized Object is not a VisibilityBindingSet. Was: " + o.getClass());
}
}
}
Example #3
| Source File: SchemaWritable.java From rya with Apache License 2.0 | 5 votes |
|
@Override
public void readFields(DataInput in) throws IOException {
int size = in.readInt();
if (size < 1)
throw new Error("De-serializtion failed, count is less than one.");
byte[] bytes = new byte[size];
in.readFully(bytes);
// ObjectInputStream stream = new ObjectInputStream(new ByteArrayInputStream(bytes));
try (final ByteArrayInputStream bais = new ByteArrayInputStream(bytes); //
final ValidatingObjectInputStream vois = new ValidatingObjectInputStream(bais)
// this is how you find classes that you missed in the vois.accept() list, below.
// { @Override protected void invalidClassNameFound(String className) throws java.io.InvalidClassException {
// System.out.println("vois.accept(" + className + ".class, ");};};
) {
// this is a (hopefully) complete list of classes involved in a Schema to be serialized.
// if a useful class is missing, throws an InvalidClassException.
vois.accept(java.util.ArrayList.class, //
org.apache.rya.reasoning.OwlProperty.class, //
java.util.HashSet.class, //
org.apache.rya.reasoning.OwlClass.class, //
org.eclipse.rdf4j.model.impl.SimpleIRI.class, //
org.eclipse.rdf4j.model.impl.SimpleBNode.class);
try {
Iterable<?> propList = (Iterable<?>) vois.readObject();
Iterable<?> classList = (Iterable<?>) vois.readObject();
for (Object p : propList) {
OwlProperty prop = (OwlProperty) p;
properties.put(prop.getURI(), prop);
}
for (Object c : classList) {
OwlClass owlClass = (OwlClass) c;
classes.put(owlClass.getURI(), owlClass);
}
}
catch (ClassNotFoundException e) {
throw new Error("While reading a schema object.");
}
}
}
Example #4
| Source File: AbstractService.java From olingo-odata4 with Apache License 2.0 | 5 votes |
|
/**
* Wraps a specified {@link InputStream} into a {@link ValidatingObjectInputStream}
* which allowed only a limited set of classes for deserialization.
* The method calls {@link #getAllowedClasses()} to get a set of classes
* which allowed for deserialization.
*
* @param is The input stream to be wrapped.
* @return An instance of {@link ValidatingObjectInputStream}.
* @throws IOException If something went wrong.
*/
private ObjectInputStream createObjectInputStream(InputStream is) throws IOException {
ValidatingObjectInputStream vois = new ValidatingObjectInputStream(is);
Set<String> allowedClasses = new HashSet<>();
allowedClasses.addAll(DEFAULT_ALLOWED_CLASSES);
allowedClasses.addAll(getAllowedClasses());
for (String clazz : allowedClasses) {
vois.accept(clazz);
}
return vois;
}
Example #5
| Source File: AggregationResultUpdater.java From rya with Apache License 2.0 | 4 votes |
|
@Override
public AggregationState deserialize(final byte[] bytes) {
requireNonNull(bytes);
final AggregationState state;
final ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
try(ValidatingObjectInputStream vois = new ValidatingObjectInputStream(bais)
//// this is how you find classes that you missed in the vois.accept() list, below.
// { @Override protected void invalidClassNameFound(String className) throws java.io.InvalidClassException {
// System.out.println("vois.accept(" + className + ".class, ");};};
) {
// These classes are allowed to be deserialized. Others throw InvalidClassException.
vois.accept(
AggregationState.class,
AverageState.class,
java.lang.Long.class,
java.lang.Number.class,
java.math.BigDecimal.class,
java.math.BigInteger.class,
java.util.HashMap.class,
java.util.LinkedHashMap.class,
org.eclipse.rdf4j.query.impl.MapBindingSet.class,
org.eclipse.rdf4j.query.impl.SimpleBinding.class,
org.eclipse.rdf4j.model.impl.SimpleIRI.class,
org.eclipse.rdf4j.model.impl.SimpleLiteral.class,
org.eclipse.rdf4j.model.impl.DecimalLiteral.class,
org.eclipse.rdf4j.model.impl.IntegerLiteral.class,
org.eclipse.rdf4j.model.impl.NumericLiteral.class,
org.eclipse.rdf4j.query.AbstractBindingSet.class
);
vois.accept("[B"); // Array of Bytes
final Object o = vois.readObject();
if(o instanceof AggregationState) {
state = (AggregationState)o;
} else {
throw new RuntimeException("A problem was encountered while deserializing an AggregationState object. Wrong class.");
}
} catch (final IOException | ClassNotFoundException e) {
throw new RuntimeException("A problem was encountered while deserializing an AggregationState object.", e);
}
return state;
}
Example #6
| Source File: FluoQueryMetadataDAO.java From rya with Apache License 2.0 | 4 votes |
|
private AggregationMetadata.Builder readAggregationMetadataBuilder(final SnapshotBase sx, final String nodeId) {
requireNonNull(sx);
requireNonNull(nodeId);
// Fetch the values from the Fluo table.
final String rowId = nodeId;
final Map<Column, String> values = sx.gets(rowId,
FluoQueryColumns.AGGREGATION_VARIABLE_ORDER,
FluoQueryColumns.AGGREGATION_PARENT_NODE_ID,
FluoQueryColumns.AGGREGATION_CHILD_NODE_ID,
FluoQueryColumns.AGGREGATION_GROUP_BY_BINDING_NAMES);
// Return an object holding them.
final String varOrderString = values.get(FluoQueryColumns.AGGREGATION_VARIABLE_ORDER);
final VariableOrder varOrder = new VariableOrder(varOrderString);
final String parentNodeId = values.get(FluoQueryColumns.AGGREGATION_PARENT_NODE_ID);
final String childNodeId = values.get(FluoQueryColumns.AGGREGATION_CHILD_NODE_ID);
// Read the Group By variable order if one was present.
final String groupByString = values.get(FluoQueryColumns.AGGREGATION_GROUP_BY_BINDING_NAMES);
final VariableOrder groupByVars = groupByString.isEmpty() ? new VariableOrder() : new VariableOrder( groupByString.split(";") );
// Deserialize the collection of AggregationElements.
final Bytes aggBytes = sx.get(Bytes.of(nodeId.getBytes(Charsets.UTF_8)), FluoQueryColumns.AGGREGATION_AGGREGATIONS);
final Collection<AggregationElement> aggregations;
try (final ValidatingObjectInputStream vois = new ValidatingObjectInputStream(aggBytes.toInputStream())
//// this is how you find classes that you missed in the vois.accept() list, below.
// { @Override protected void invalidClassNameFound(String className) throws java.io.InvalidClassException {
// System.out.println("vois.accept(" + className + ".class, ");};};
) {
// These classes are allowed to be deserialized. Others throw InvalidClassException.
vois.accept(java.util.ArrayList.class,
java.lang.Enum.class,
AggregationElement.class,
AggregationType.class);
final Object object = vois.readObject();
if (!(object instanceof Collection<?>)) {
throw new InvalidClassException("Object read was not of type Collection. It was: " + object.getClass());
}
aggregations = (Collection<AggregationElement>) object;
} catch (final IOException | ClassNotFoundException e) {
throw new RuntimeException("Problem encountered while reading AggregationMetadata from the Fluo table. Unable " +
"to deserialize the AggregationElements from a byte[].", e);
}
final AggregationMetadata.Builder builder = AggregationMetadata.builder(nodeId)
.setVarOrder(varOrder)
.setParentNodeId(parentNodeId)
.setChildNodeId(childNodeId)
.setGroupByVariableOrder(groupByVars);
for(final AggregationElement aggregation : aggregations) {
builder.addAggregation(aggregation);
}
return builder;
}
