/**
* Copyright 2012 Google Inc. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS-IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.google.apphosting.runtime;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamClass;
import java.lang.reflect.Modifier;
import java.lang.reflect.Proxy;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
/**
*/
public class SessionManagerUtil {
public static byte[] serialize(Object value) {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
try {
ObjectOutputStream oos = new ObjectOutputStream(baos);
oos.writeObject(value);
return baos.toByteArray();
} catch (IOException ex) {
throw new RuntimeException(ex);
}
}
public static Object deserialize(byte[] bytes) {
// N.B.(schwardo): There is most likely user code on the stack
// here, but because the value we're returning is not related to
// our ClassLoader we'll fail the
// RuntimePermission("getClassLoader") check. We do have this
// permission though, so use a doPrivileged block to get user code
// off the stack.
ClassLoader classLoader =
AccessController.doPrivileged(
new PrivilegedAction<ClassLoader>() {
public ClassLoader run() {
return Thread.currentThread().getContextClassLoader();
}
});
// TODO(user): It seems strange that we need to do this. It
// would be safer and cleaner if we could find a way to have user
// code initiate this serialization, rather than having
// implementation code perform it on the user's behalf.
try {
ObjectInputStream ois =
new DelegatingObjectInputStream(new ByteArrayInputStream(bytes), classLoader);
return ois.readObject();
} catch (IOException ex) {
throw new RuntimeException(ex);
} catch (ClassNotFoundException ex) {
throw new RuntimeException(ex);
}
}
/**
* {@code DelegatingObjectInputStream} is an {@link
* ObjectInputStream} that uses the specified class loader to
* deserialize objects rather than the classloader that loaded the
* calling class.
*
* <p>One would think this would already be built into the JRE, but
* according to
* http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4340158 fixing
* this is such a low priority that the bug was simply closed.
*/
public static class DelegatingObjectInputStream extends ObjectInputStream {
private static final Map<String, Class> primitiveTypes = new HashMap<String, Class>(8, 1.0f);
static {
primitiveTypes.put("boolean", boolean.class);
primitiveTypes.put("byte", byte.class);
primitiveTypes.put("char", char.class);
primitiveTypes.put("short", short.class);
primitiveTypes.put("int", int.class);
primitiveTypes.put("long", long.class);
primitiveTypes.put("float", float.class);
primitiveTypes.put("double", double.class);
primitiveTypes.put("void", void.class);
}
private final ClassLoader classLoader;
public DelegatingObjectInputStream(InputStream in, ClassLoader classLoader) throws IOException {
super(in);
this.classLoader = classLoader;
}
@Override
protected Class resolveClass(ObjectStreamClass classDesc)
throws IOException, ClassNotFoundException {
String name = classDesc.getName();
Class c = primitiveTypes.get(name);
if (c != null) {
return c;
}
return Class.forName(classDesc.getName(), false, classLoader);
}
@Override
protected Class<?> resolveProxyClass(String[] interfaces)
throws IOException, ClassNotFoundException {
// Note(user) This logic was copied from ObjectInputStream.java in the
// JDK, and then modified to use the UserClassLoader instead of the
// "latest" loader that is used there.
ClassLoader nonPublicLoader = null;
boolean hasNonPublicInterface = false;
// define proxy in class loader of non-public interface(s), if any
Class[] classObjs = new Class[interfaces.length];
for (int i = 0; i < interfaces.length; i++) {
Class cl = Class.forName(interfaces[i], false, classLoader);
if ((cl.getModifiers() & Modifier.PUBLIC) == 0) {
if (hasNonPublicInterface) {
if (nonPublicLoader != cl.getClassLoader()) {
throw new IllegalAccessError("conflicting non-public interface class loaders");
}
} else {
nonPublicLoader = cl.getClassLoader();
hasNonPublicInterface = true;
}
}
classObjs[i] = cl;
}
try {
return Proxy.getProxyClass(
hasNonPublicInterface ? nonPublicLoader : classLoader, classObjs);
} catch (IllegalArgumentException e) {
throw new ClassNotFoundException(null, e);
}
}
}
}