Examples with ValidatingObjectInputStream org.apache.commons.io.serialization.ValidatingObjectInputStream used on opensource projects

Example 6 with ValidatingObjectInputStream

use of org.apache.commons.io.serialization.ValidatingObjectInputStream in project incubator-rya by apache.

the class VisibilityBindingSetSerDe method deserialize.

/**
 * Deserializes a {@link VisibilityBindingSet} from a {@link Bytes} object.
 *
 * @param bytes - The bytes that will be deserialized. (not null)
 * @return The deserialized object.
 * @throws Exception A problem was encountered while deserializing the object.
 */
public VisibilityBindingSet deserialize(final Bytes bytes) throws Exception {
    requireNonNull(bytes);
    try (final ValidatingObjectInputStream vois = new ValidatingObjectInputStream(new ByteArrayInputStream(bytes.toArray()))) {
        // Perform input validation.  Only the following classes are allowed to be deserialized.
        vois.accept(VisibilityBindingSet.class, BindingSetDecorator.class, org.openrdf.query.impl.MapBindingSet.class, java.util.LinkedHashMap.class, java.util.HashMap.class, java.math.BigInteger.class, java.math.BigDecimal.class, java.lang.Number.class, org.openrdf.query.impl.BindingImpl.class, org.openrdf.model.impl.LiteralImpl.class, org.openrdf.model.impl.IntegerLiteralImpl.class, org.openrdf.model.impl.DecimalLiteralImpl.class, org.openrdf.model.impl.URIImpl.class, org.openrdf.query.algebra.evaluation.QueryBindingSet.class);
        vois.accept("[B");
        final Object o = vois.readObject();
        if (o instanceof VisibilityBindingSet) {
            return (VisibilityBindingSet) o;
        } else {
            throw new Exception("Deserialized Object is not a VisibilityBindingSet. Was: " + o.getClass());
        }
    }
}

Example 7 with ValidatingObjectInputStream

use of org.apache.commons.io.serialization.ValidatingObjectInputStream in project incubator-rya by apache.

the class RyaDetailsSerializer method deserialize.

/**
 * Deserializes an instance of {@link RyaDetails}.
 *
 * @param bytes - The serialized for of a {@link RyaDetails}. (not null)
 * @return The deserialized object.
 */
public RyaDetails deserialize(final byte[] bytes) throws SerializationException {
    requireNonNull(bytes);
    try (// 
    final ByteArrayInputStream stream = new ByteArrayInputStream(bytes);
        final ValidatingObjectInputStream vois = new ValidatingObjectInputStream(stream)) // // this is how you find classes that you missed in the accept list
    // { @Override protected void invalidClassNameFound(String className) throws java.io.InvalidClassException {
    // System.out.println("vois.accept(" + className + ".class, ");};};
    {
        vois.accept(RyaDetails.class, // 
        com.google.common.base.Optional.class, // 
        java.util.Date.class, java.lang.Enum.class);
        // 
        vois.accept(// 
        "com.google.common.base.Present", // 
        "com.google.common.base.Absent", // 
        "com.google.common.collect.ImmutableMap$SerializedForm", // 
        "com.google.common.collect.ImmutableBiMap$SerializedForm", // 
        "com.google.common.collect.ImmutableList$SerializedForm", "[Ljava.lang.Object;");
        vois.accept(Pattern.compile("org\\.apache\\.rya\\.api\\.instance\\.RyaDetails.*"));
        final Object o = vois.readObject();
        if (!(o instanceof RyaDetails)) {
            throw new SerializationException("Wrong type of object was deserialized. Class: " + o.getClass().getName());
        }
        return (RyaDetails) o;
    } catch (final ClassNotFoundException | IOException e) {
        throw new SerializationException("Could not deserialize an instance of RyaDetails.", e);
    }
}