Package org.restlet.representation

Class ObjectRepresentation<T extends java.io.Serializable>

  • Type Parameters:
    T - The class to serialize, see Serializable
    public class ObjectRepresentation<T extends java.io.Serializable>
extends OutputRepresentation
    Representation based on a serializable Java object.
    It supports binary representations of JavaBeans using the ObjectInputStream and ObjectOutputStream classes. In this case, it handles representations having the following media type: MediaType.APPLICATION_JAVA_OBJECT ("application/x-java-serialized-object"). It also supports textual representations of JavaBeans using the XMLEncoder and XMLDecoder classes. In this case, it handles representations having the following media type: MediaType.APPLICATION_JAVA_OBJECT_XML ("application/x-java-serialized-object+xml").

    SECURITY WARNING: The usage of XMLDecoder when deserializing XML presentations from untrusted sources can lead to malicious attacks. As pointed here, the XMLDecoder is able to force the JVM to execute unwanted Java code described inside the XML file. Thus, the support of such format has been disabled by default. You can activate this support by turning on the following system property: org.restlet.representation.ObjectRepresentation.VARIANT_OBJECT_XML_SUPPORTED.

    SECURITY WARNING: The usage of ObjectInputStream when deserializing binary presentations from untrusted sources can lead to malicious attacks. As pointed here, the ObjectInputStream is able to force the JVM to execute unwanted Java code. Thus, the support of such format has been disabled by default. You can activate this support by turning on the following system property: "org.restlet.representation.ObjectRepresentation .VARIANT_OBJECT_BINARY_SUPPORTED".
    Author:
    Jerome Louvel

    • Field Detail

      • VARIANT_OBJECT_XML_SUPPORTED

        public static boolean VARIANT_OBJECT_XML_SUPPORTED
        Indicates whether the JavaBeans XML deserialization is supported or not.

      • VARIANT_OBJECT_BINARY_SUPPORTED

        public static boolean VARIANT_OBJECT_BINARY_SUPPORTED
        Indicates whether the JavaBeans binary deserialization is supported or not.

    • Constructor Detail

      • ObjectRepresentation

        public ObjectRepresentation​(Representation serializedRepresentation)
                     throws java.io.IOException,
                            java.lang.ClassNotFoundException,
                            java.lang.IllegalArgumentException
        Constructor reading the object from a serialized representation. This representation must have the proper media type: "application/x-java-serialized-object".
        Parameters:
        serializedRepresentation - The serialized representation.
        Throws:
        java.io.IOException
        java.lang.ClassNotFoundException
        java.lang.IllegalArgumentException

      • ObjectRepresentation

        public ObjectRepresentation​(Representation serializedRepresentation,
                            java.lang.ClassLoader classLoader)
                     throws java.io.IOException,
                            java.lang.ClassNotFoundException,
                            java.lang.IllegalArgumentException
        Constructor reading the object from a serialized representation. This representation must have the proper media type: "application/x-java-serialized-object".
        Parameters:
        serializedRepresentation - The serialized representation.
        classLoader - The class loader used to read the object.
        Throws:
        java.io.IOException
        java.lang.ClassNotFoundException
        java.lang.IllegalArgumentException

      • ObjectRepresentation

        public ObjectRepresentation​(Representation serializedRepresentation,
                            java.lang.ClassLoader classLoader,
                            boolean variantObjectBinarySupported,
                            boolean variantObjectXmlSupported)
                     throws java.io.IOException,
                            java.lang.ClassNotFoundException,
                            java.lang.IllegalArgumentException
        Constructor reading the object from a serialized representation. This representation must have the proper media type: "application/x-java-serialized-object".
        Parameters:
        serializedRepresentation - The serialized representation.
        classLoader - The class loader used to read the object.
        variantObjectBinarySupported - Indicates whether the JavaBeans binary deserialization is supported or not.
        variantObjectXmlSupported - Indicates whether the JavaBeans XML deserialization is supported or not.
        Throws:
        java.io.IOException
        java.lang.ClassNotFoundException
        java.lang.IllegalArgumentException

      • ObjectRepresentation

        public ObjectRepresentation​(T object)
        Constructor for the MediaType.APPLICATION_JAVA_OBJECT type.
        Parameters:
        object - The serializable object.

      • ObjectRepresentation

        public ObjectRepresentation​(T object,
                            MediaType mediaType)
        Constructor for either the MediaType.APPLICATION_JAVA_OBJECT type or the MediaType.APPLICATION_XML type. In the first case, the Java Object Serialization mechanism is used, based on ObjectOutputStream. In the latter case, the JavaBeans XML serialization is used, based on XMLEncoder.
        Parameters:
        object - The serializable object.
        mediaType - The media type.

    • Method Detail

      • getObject

        public T getObject()
            throws java.io.IOException
        Returns the represented object.
        Returns:
        The represented object.
        Throws:
        java.io.IOException

      • release

        public void release()
        Releases the represented object.
        Overrides:
        release in class Representation

      • setObject

        public void setObject​(T object)
        Sets the represented object.
        Parameters:
        object - The represented object.

      • write

        public void write​(java.io.OutputStream outputStream)
           throws java.io.IOException
        Description copied from class: Representation
        Writes the representation to a byte stream. This method is ensured to write the full content for each invocation unless it is a transient representation, in which case an exception is thrown.

        Note that the class implementing this method shouldn't flush or close the given OutputStream after writing to it as this will be handled by the Restlet connectors automatically.
        Specified by:
        write in class Representation
        Parameters:
        outputStream - The output stream.
        Throws:
        java.io.IOException