public class Object_Array_ServerCustomFieldSerializer extends ServerCustomFieldSerializer<Object[]>
Object
.Constructor and Description |
---|
Object_Array_ServerCustomFieldSerializer() |
Modifier and Type | Method and Description |
---|---|
static void |
deserialize(ServerSerializationStreamReader streamReader,
Object[] instance,
Type[] expectedParameterTypes,
DequeMap<TypeVariable<?>,Type> resolvedTypes) |
void |
deserializeInstance(SerializationStreamReader streamReader,
Object[] instance)
Deserializes the content of the object from the
SerializationStreamReader . |
void |
deserializeInstance(ServerSerializationStreamReader streamReader,
Object[] instance,
Type[] expectedParameterTypes,
DequeMap<TypeVariable<?>,Type> resolvedTypes)
Deserializes the content of the object from the
ServerSerializationStreamReader , with type checking. |
void |
serializeInstance(SerializationStreamWriter streamWriter,
Object[] instance)
Serializes the content of the object into the
SerializationStreamWriter . |
instantiateInstance, instantiateInstance
hasCustomInstantiateInstance, instantiateInstance
public Object_Array_ServerCustomFieldSerializer()
public static void deserialize(ServerSerializationStreamReader streamReader, Object[] instance, Type[] expectedParameterTypes, DequeMap<TypeVariable<?>,Type> resolvedTypes) throws SerializationException
SerializationException
public void deserializeInstance(SerializationStreamReader streamReader, Object[] instance) throws SerializationException
CustomFieldSerializer
SerializationStreamReader
.deserializeInstance
in class CustomFieldSerializer<Object[]>
streamReader
- the SerializationStreamReader
to read the
object's content frominstance
- the object instance to deserializeSerializationException
- if the deserialization operation is not
successfulpublic void deserializeInstance(ServerSerializationStreamReader streamReader, Object[] instance, Type[] expectedParameterTypes, DequeMap<TypeVariable<?>,Type> resolvedTypes) throws SerializationException
ServerCustomFieldSerializer
ServerSerializationStreamReader
, with type checking.
The calling code has verified that the instance this method is
deserializing is of the correct type for the RPC call. However, is has not
verified the objects that this deserializer will read. It is this method's
responsibility to verify the types of objects that it reads. Failure to
do so leaves the server vulnerable to an attacker who replaces
deserialized data in the RPC message with data that takes an exponential
time to deserialize or otherwise causes problems.
In practice, any call to ServerSerilizationStreamReader.readObject() should
use the type checking version, passing in the expected type of the object
to be read. For classes that deserialize objects of generic types, the
expectedParameterTypes array provides the type bound to each type
generic parameter defined by the instance. See the built-in GWT
server custom field serializers for examples.deserializeInstance
in class ServerCustomFieldSerializer<Object[]>
streamReader
- the ServerSerializationStreamReader
to read the
object's content frominstance
- the object instance to deserializeexpectedParameterTypes
- the types we expect for any generic
parameters used by this class, in the order in which they
appear in the instance.getTypeParameters()resolvedTypes
- map from generic types to actual typesSerializationException
- if the deserialization operation is not
successfulpublic void serializeInstance(SerializationStreamWriter streamWriter, Object[] instance) throws SerializationException
CustomFieldSerializer
SerializationStreamWriter
.serializeInstance
in class CustomFieldSerializer<Object[]>
streamWriter
- the SerializationStreamWriter
to write the
object's content toinstance
- the object instance to serializeSerializationException
- if the serialization operation is not
successfulCopyright © 2016. All rights reserved.