org.restlet.representation

Class ObjectRepresentation<T extends Serializable>

java.lang.Object

org.restlet.representation.Variant

org.restlet.representation.RepresentationInfo

org.restlet.representation.Representation

org.restlet.representation.StreamRepresentation

org.restlet.representation.OutputRepresentation

org.restlet.representation.ObjectRepresentation<T>

Type Parameters:

T - The class to serialize, see Serializable

public class ObjectRepresentation<T extends Serializable>
extends OutputRepresentation

Representation based on a serializable Java object.
It supports binary representations of JavaBeans using the ObjectInputStream and ObjectOutputStream classes. In this case, it handles representations having the following media type: MediaType.APPLICATION_JAVA_OBJECT ("application/x-java-serialized-object"). It also supports textual representations of JavaBeans using the XMLEncoder and XMLDecoder classes. In this case, it handles representations having the following media type: MediaType.APPLICATION_JAVA_OBJECT_XML ("application/x-java-serialized-object+xml").

SECURITY WARNING: The usage of XMLDecoder when deserializing XML presentations from untrusted sources can lead to malicious attacks. As pointed here, the XMLDecoder is able to force the JVM to execute unwanted Java code described inside the XML file. Thus, the support of such format has been disabled by default. You can activate this support by turning on the following system property: org.restlet.representation.ObjectRepresentation.VARIANT_OBJECT_XML_SUPPORTED.

SECURITY WARNING: The usage of ObjectInputStream when deserializing binary presentations from untrusted sources can lead to malicious attacks. As pointed here, the ObjectInputStream is able to force the JVM to execute unwanted Java code. Thus, the support of such format has been disabled by default. You can activate this support by turning on the following system property: "org.restlet.representation.ObjectRepresentation .VARIANT_OBJECT_BINARY_SUPPORTED".

Author:

Jerome Louvel

Field Summary

Fields

Modifier and Type	Field and Description
static boolean	VARIANT_OBJECT_BINARY_SUPPORTED Indicates whether the JavaBeans binary deserialization is supported or not.
static boolean	VARIANT_OBJECT_XML_SUPPORTED Indicates whether the JavaBeans XML deserialization is supported or not.

Fields inherited from class org.restlet.representation.Representation

UNKNOWN_SIZE

Constructor Summary

Constructors

Constructor and Description
ObjectRepresentation(Representation serializedRepresentation) Constructor reading the object from a serialized representation.
ObjectRepresentation(Representation serializedRepresentation, ClassLoader classLoader) Constructor reading the object from a serialized representation.
ObjectRepresentation(Representation serializedRepresentation, ClassLoader classLoader, boolean variantObjectBinarySupported, boolean variantObjectXmlSupported) Constructor reading the object from a serialized representation.
ObjectRepresentation(T object) Constructor for the MediaType.APPLICATION_JAVA_OBJECT type.
ObjectRepresentation(T object, MediaType mediaType) Constructor for either the MediaType.APPLICATION_JAVA_OBJECT type or the MediaType.APPLICATION_XML type.

Method Summary

Modifier and Type	Method and Description
T	getObject() Returns the represented object.
void	release() Releases the represented object.
void	setObject(T object) Sets the represented object.
void	write(OutputStream outputStream) Writes the representation to a byte stream.

Methods inherited from class org.restlet.representation.OutputRepresentation

getChannel, getStream

Methods inherited from class org.restlet.representation.StreamRepresentation

getReader, write, write

Methods inherited from class org.restlet.representation.Representation

append, exhaust, getAvailableSize, getDigest, getDisposition, getExpirationDate, getRange, getRegistration, getSize, getText, hasKnownSize, isAvailable, isEmpty, isSelectable, isTransient, setAvailable, setDigest, setDisposition, setExpirationDate, setListener, setRange, setSize, setTransient

Methods inherited from class org.restlet.representation.RepresentationInfo

getModificationDate, getTag, setModificationDate, setTag

Methods inherited from class org.restlet.representation.Variant

createClientInfo, equals, getCharacterSet, getEncodings, getLanguages, getLocationRef, getMediaType, hashCode, includes, isCompatible, setCharacterSet, setEncodings, setLanguages, setLocationRef, setLocationRef, setMediaType, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

VARIANT_OBJECT_XML_SUPPORTED

public static boolean VARIANT_OBJECT_XML_SUPPORTED

Indicates whether the JavaBeans XML deserialization is supported or not.

VARIANT_OBJECT_BINARY_SUPPORTED

public static boolean VARIANT_OBJECT_BINARY_SUPPORTED

Indicates whether the JavaBeans binary deserialization is supported or not.

Constructor Detail

ObjectRepresentation

public ObjectRepresentation(Representation serializedRepresentation)
                     throws IOException,
                            ClassNotFoundException,
                            IllegalArgumentException

Constructor reading the object from a serialized representation. This representation must have the proper media type: "application/x-java-serialized-object".

Parameters:

serializedRepresentation - The serialized representation.

Throws:

IOException

ClassNotFoundException

IllegalArgumentException

ObjectRepresentation

public ObjectRepresentation(Representation serializedRepresentation,
                            ClassLoader classLoader)
                     throws IOException,
                            ClassNotFoundException,
                            IllegalArgumentException

Constructor reading the object from a serialized representation. This representation must have the proper media type: "application/x-java-serialized-object".

Parameters:

serializedRepresentation - The serialized representation.

classLoader - The class loader used to read the object.

Throws:

IOException

ClassNotFoundException

IllegalArgumentException

ObjectRepresentation

public ObjectRepresentation(Representation serializedRepresentation,
                            ClassLoader classLoader,
                            boolean variantObjectBinarySupported,
                            boolean variantObjectXmlSupported)
                     throws IOException,
                            ClassNotFoundException,
                            IllegalArgumentException

Constructor reading the object from a serialized representation. This representation must have the proper media type: "application/x-java-serialized-object".

Parameters:

serializedRepresentation - The serialized representation.

classLoader - The class loader used to read the object.

variantObjectBinarySupported - Indicates whether the JavaBeans binary deserialization is supported or not.

variantObjectXmlSupported - Indicates whether the JavaBeans XML deserialization is supported or not.

Throws:

IOException

ClassNotFoundException

IllegalArgumentException

ObjectRepresentation

public ObjectRepresentation(T object)

Constructor for the MediaType.APPLICATION_JAVA_OBJECT type.

Parameters:

object - The serializable object.

ObjectRepresentation

public ObjectRepresentation(T object,
                            MediaType mediaType)

Constructor for either the MediaType.APPLICATION_JAVA_OBJECT type or the MediaType.APPLICATION_XML type. In the first case, the Java Object Serialization mechanism is used, based on ObjectOutputStream. In the latter case, the JavaBeans XML serialization is used, based on XMLEncoder.

Parameters:

object - The serializable object.

mediaType - The media type.

Method Detail

getObject

public T getObject()
            throws IOException

Returns the represented object.

Returns:

The represented object.

Throws:

IOException

release

public void release()

Releases the represented object.

Overrides:

release in class Representation

setObject

public void setObject(T object)

Sets the represented object.

Parameters:

object - The represented object.

write

public void write(OutputStream outputStream)
           throws IOException

Description copied from class: Representation

Writes the representation to a byte stream. This method is ensured to write the full content for each invocation unless it is a transient representation, in which case an exception is thrown.

Note that the class implementing this method shouldn't flush or close the given OutputStream after writing to it as this will be handled by the Restlet connectors automatically.

Specified by:

write in class Representation

Parameters:

outputStream - The output stream.

Throws:

IOException