GWT 2.7.0

com.google.gwt.user.server.rpc
Class ServerCustomFieldSerializer<T>

java.lang.Object
  extended by com.google.gwt.user.client.rpc.CustomFieldSerializer<T>
      extended by com.google.gwt.user.server.rpc.ServerCustomFieldSerializer<T>
Type Parameters:
T - the type of the object being serialized

public abstract class ServerCustomFieldSerializer<T>
extends CustomFieldSerializer<T>

An interface that may be implemented by server-side class-based custom field serializers. Usage of this class will reduce the amount of server-side reflection during serialization and provide type safety.


Constructor Summary
ServerCustomFieldSerializer()
           
 
Method Summary
abstract  void deserializeInstance(com.google.gwt.user.server.rpc.impl.ServerSerializationStreamReader streamReader, T instance, java.lang.reflect.Type[] expectedParameterTypes, com.google.gwt.user.server.rpc.impl.DequeMap<java.lang.reflect.TypeVariable<?>,java.lang.reflect.Type> resolvedTypes)
          Deserializes the content of the object from the ServerSerializationStreamReader, with type checking.
 T instantiateInstance(com.google.gwt.user.server.rpc.impl.ServerSerializationStreamReader streamReader)
          Instantiates an object from the ServerSerializationStreamReader, without type checking.
 T instantiateInstance(com.google.gwt.user.server.rpc.impl.ServerSerializationStreamReader streamReader, java.lang.reflect.Type[] expectedParameterTypes, com.google.gwt.user.server.rpc.impl.DequeMap<java.lang.reflect.TypeVariable<?>,java.lang.reflect.Type> resolvedTypes)
          Instantiates an object from the ServerSerializationStreamReader, with type checking.
 
Methods inherited from class com.google.gwt.user.client.rpc.CustomFieldSerializer
deserializeInstance, hasCustomInstantiateInstance, instantiateInstance, serializeInstance
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ServerCustomFieldSerializer

public ServerCustomFieldSerializer()
Method Detail

deserializeInstance

public abstract void deserializeInstance(com.google.gwt.user.server.rpc.impl.ServerSerializationStreamReader streamReader,
                                         T instance,
                                         java.lang.reflect.Type[] expectedParameterTypes,
                                         com.google.gwt.user.server.rpc.impl.DequeMap<java.lang.reflect.TypeVariable<?>,java.lang.reflect.Type> resolvedTypes)
                                  throws SerializationException
Deserializes the content of the object from the ServerSerializationStreamReader, with type checking. The calling code has verified that the instance this method is deserializing is of the correct type for the RPC call. However, is has not verified the objects that this deserializer will read. It is this method's responsibility to verify the types of objects that it reads. Failure to do so leaves the server vulnerable to an attacker who replaces deserialized data in the RPC message with data that takes an exponential time to deserialize or otherwise causes problems. In practice, any call to ServerSerilizationStreamReader.readObject() should use the type checking version, passing in the expected type of the object to be read. For classes that deserialize objects of generic types, the expectedParameterTypes array provides the type bound to each type generic parameter defined by the instance. See the built-in GWT server custom field serializers for examples.

Parameters:
streamReader - the ServerSerializationStreamReader to read the object's content from
instance - the object instance to deserialize
expectedParameterTypes - the types we expect for any generic parameters used by this class, in the order in which they appear in the instance.getTypeParameters()
resolvedTypes - map from generic types to actual types
Throws:
SerializationException - if the deserialization operation is not successful

instantiateInstance

public T instantiateInstance(com.google.gwt.user.server.rpc.impl.ServerSerializationStreamReader streamReader)
                      throws SerializationException
Instantiates an object from the ServerSerializationStreamReader, without type checking.

Parameters:
streamReader - the ServerSerializationStreamReader to read the object's content from
Returns:
an object that has been loaded from the ServerSerializationStreamReader
Throws:
SerializationException - if the instantiation operation is not successful

instantiateInstance

public T instantiateInstance(com.google.gwt.user.server.rpc.impl.ServerSerializationStreamReader streamReader,
                             java.lang.reflect.Type[] expectedParameterTypes,
                             com.google.gwt.user.server.rpc.impl.DequeMap<java.lang.reflect.TypeVariable<?>,java.lang.reflect.Type> resolvedTypes)
                      throws SerializationException
Instantiates an object from the ServerSerializationStreamReader, with type checking.

Most of the time, this can be left unimplemented and the framework will instantiate the instance itself. This is typically used when the object being deserialized is immutable, hence it has to be created with its state already set.

If this is overridden, the CustomFieldSerializer.hasCustomInstantiateInstance() method must return true in order for the framework to know to call it. The calling code has verified that the instance this method is instantiating is of the correct type for the RPC call. However, is has not verified the objects that this instantiator will read. It is this method's responsibility to verify the types of objects that it reads. Failure to do so leaves the server vulnerable to an attacker who replaces deserialized data in the RPC message with data that takes an exponential time to instantiate or otherwise causes problems. In practice, any call to ServerSerilizationStreamReader.readObject() should use the type checking version, passing in the expected type of the object to be read. For classes that instantiate objects of generic types, the expectedParameterTypes array provides the type bound to each type generic parameter defined by the instance. See the built-in GWT server custom field serializers for examples.

Parameters:
streamReader - the ServerSerializationStreamReader to read the object's content from
expectedParameterTypes - the types we expect for any generic parameters used by this class, in the order returned by instance.getTypeParameters()
resolvedTypes - map from generic types to actual types
Returns:
an object that has been loaded from the ServerSerializationStreamReader
Throws:
SerializationException - if the instantiation operation is not successful

GWT 2.7.0