|
GWT 2.7.0 | |||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.google.gwt.user.client.rpc.CustomFieldSerializer<T> com.google.gwt.user.server.rpc.ServerCustomFieldSerializer<T>
T
- the type of the object being serializedpublic abstract class ServerCustomFieldSerializer<T>
An interface that may be implemented by server-side class-based custom field serializers. Usage of this class will reduce the amount of server-side reflection during serialization and provide type safety.
Constructor Summary | |
---|---|
ServerCustomFieldSerializer()
|
Method Summary | |
---|---|
abstract void |
deserializeInstance(com.google.gwt.user.server.rpc.impl.ServerSerializationStreamReader streamReader,
T instance,
java.lang.reflect.Type[] expectedParameterTypes,
com.google.gwt.user.server.rpc.impl.DequeMap<java.lang.reflect.TypeVariable<?>,java.lang.reflect.Type> resolvedTypes)
Deserializes the content of the object from the ServerSerializationStreamReader , with type checking. |
T |
instantiateInstance(com.google.gwt.user.server.rpc.impl.ServerSerializationStreamReader streamReader)
Instantiates an object from the ServerSerializationStreamReader ,
without type checking. |
T |
instantiateInstance(com.google.gwt.user.server.rpc.impl.ServerSerializationStreamReader streamReader,
java.lang.reflect.Type[] expectedParameterTypes,
com.google.gwt.user.server.rpc.impl.DequeMap<java.lang.reflect.TypeVariable<?>,java.lang.reflect.Type> resolvedTypes)
Instantiates an object from the ServerSerializationStreamReader ,
with type checking. |
Methods inherited from class com.google.gwt.user.client.rpc.CustomFieldSerializer |
---|
deserializeInstance, hasCustomInstantiateInstance, instantiateInstance, serializeInstance |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public ServerCustomFieldSerializer()
Method Detail |
---|
public abstract void deserializeInstance(com.google.gwt.user.server.rpc.impl.ServerSerializationStreamReader streamReader, T instance, java.lang.reflect.Type[] expectedParameterTypes, com.google.gwt.user.server.rpc.impl.DequeMap<java.lang.reflect.TypeVariable<?>,java.lang.reflect.Type> resolvedTypes) throws SerializationException
ServerSerializationStreamReader
, with type checking.
The calling code has verified that the instance this method is
deserializing is of the correct type for the RPC call. However, is has not
verified the objects that this deserializer will read. It is this method's
responsibility to verify the types of objects that it reads. Failure to
do so leaves the server vulnerable to an attacker who replaces
deserialized data in the RPC message with data that takes an exponential
time to deserialize or otherwise causes problems.
In practice, any call to ServerSerilizationStreamReader.readObject() should
use the type checking version, passing in the expected type of the object
to be read. For classes that deserialize objects of generic types, the
expectedParameterTypes array provides the type bound to each type
generic parameter defined by the instance. See the built-in GWT
server custom field serializers for examples.
streamReader
- the ServerSerializationStreamReader
to read the
object's content frominstance
- the object instance to deserializeexpectedParameterTypes
- the types we expect for any generic
parameters used by this class, in the order in which they
appear in the instance.getTypeParameters()resolvedTypes
- map from generic types to actual types
SerializationException
- if the deserialization operation is not
successfulpublic T instantiateInstance(com.google.gwt.user.server.rpc.impl.ServerSerializationStreamReader streamReader) throws SerializationException
ServerSerializationStreamReader
,
without type checking.
streamReader
- the ServerSerializationStreamReader
to read the
object's content from
ServerSerializationStreamReader
SerializationException
- if the instantiation operation is not
successfulpublic T instantiateInstance(com.google.gwt.user.server.rpc.impl.ServerSerializationStreamReader streamReader, java.lang.reflect.Type[] expectedParameterTypes, com.google.gwt.user.server.rpc.impl.DequeMap<java.lang.reflect.TypeVariable<?>,java.lang.reflect.Type> resolvedTypes) throws SerializationException
ServerSerializationStreamReader
,
with type checking.
Most of the time, this can be left unimplemented and the framework will instantiate the instance itself. This is typically used when the object being deserialized is immutable, hence it has to be created with its state already set.
If this is overridden, the
CustomFieldSerializer.hasCustomInstantiateInstance()
method must
return true
in order for the framework to know to call it.
The calling code has verified that the instance this method is
instantiating is of the correct type for the RPC call. However, is has not
verified the objects that this instantiator will read. It is this method's
responsibility to verify the types of objects that it reads. Failure to
do so leaves the server vulnerable to an attacker who replaces
deserialized data in the RPC message with data that takes an exponential
time to instantiate or otherwise causes problems.
In practice, any call to ServerSerilizationStreamReader.readObject() should
use the type checking version, passing in the expected type of the object
to be read. For classes that instantiate objects of generic types, the
expectedParameterTypes array provides the type bound to each type
generic parameter defined by the instance. See the built-in GWT
server custom field serializers for examples.
streamReader
- the ServerSerializationStreamReader
to read the
object's content fromexpectedParameterTypes
- the types we expect for any generic
parameters used by this class, in the order returned by
instance.getTypeParameters()resolvedTypes
- map from generic types to actual types
ServerSerializationStreamReader
SerializationException
- if the instantiation operation is not
successful
|
GWT 2.7.0 | |||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |