001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.io;
020
021import java.beans.XMLDecoder;
022import java.beans.XMLEncoder;
023import java.io.BufferedInputStream;
024import java.io.BufferedOutputStream;
025import java.io.ByteArrayInputStream;
026import java.io.ByteArrayOutputStream;
027
028/**
029 * Serializer implementation that uses the JavaBeans
030 * {@link java.beans.XMLEncoder XMLEncoder} and {@link java.beans.XMLDecoder XMLDecoder} to serialize
031 * and deserialize, respectively.
032 * <p/>
033 * <b>NOTE:</b> The JavaBeans XMLEncoder/XMLDecoder only successfully encode/decode objects when they are
034 * JavaBeans compatible!
035 *
036 * @since 0.9
037 * @deprecated This class should not be used directly because of unsecure XMLEncoder/XMLDecoder usage.
038 */
039public class XmlSerializer implements Serializer {
040
041    /**
042     * Serializes the specified <code>source</code> into a byte[] array by using the
043     * {@link java.beans.XMLEncoder XMLEncoder} to encode the object out to a
044     * {@link java.io.ByteArrayOutputStream ByteArrayOutputStream}, where the resulting byte[] array is returned.
045     * @param source the Object to convert into a byte[] array.
046     * @return the byte[] array representation of the XML encoded output.
047     */
048    public byte[] serialize(Object source) {
049        if (source == null) {
050            String msg = "argument cannot be null.";
051            throw new IllegalArgumentException(msg);
052        }
053
054        ByteArrayOutputStream bos = new ByteArrayOutputStream();
055        XMLEncoder encoder = new XMLEncoder(new BufferedOutputStream(bos));
056        encoder.writeObject(source);
057        encoder.close();
058
059        return bos.toByteArray();
060    }
061
062    /**
063     * Deserializes the specified <code>serialized</code> source back into an Object by using a
064     * {@link java.io.ByteArrayInputStream ByteArrayInputStream} to wrap the argument and then decode this
065     * stream via an {@link java.beans.XMLDecoder XMLDecoder}, where the
066     * {@link java.beans.XMLDecoder#readObject() readObject} call results in the original Object to return.
067     * @param serialized the byte[] array representation of the XML encoded output.
068     * @return the original source Object in reconstituted form.
069     */
070    public Object deserialize(byte[] serialized) {
071        if (serialized == null) {
072            throw new IllegalArgumentException("Argument cannot be null.");
073        }
074        ByteArrayInputStream bis = new ByteArrayInputStream(serialized);
075        XMLDecoder decoder = new XMLDecoder(new BufferedInputStream(bis));
076        Object o = decoder.readObject();
077        decoder.close();
078        return o;
079    }
080}