View Javadoc

1   /**
2    * Copyright 2010 The Kuali Foundation Licensed under the
3    * Educational Community License, Version 2.0 (the "License"); you may
4    * not use this file except in compliance with the License. You may
5    * obtain a copy of the License at
6    *
7    * http://www.osedu.org/licenses/ECL-2.0
8    *
9    * Unless required by applicable law or agreed to in writing,
10   * software distributed under the License is distributed on an "AS IS"
11   * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12   * or implied. See the License for the specific language governing
13   * permissions and limitations under the License.
14   */
15  
16  package org.kuali.student.common.ui.server.serialization;
17  
18  import java.util.HashMap;
19  import java.util.Map;
20  
21  import com.google.gwt.user.client.rpc.SerializationException;
22  import com.google.gwt.user.server.rpc.impl.LegacySerializationPolicy;
23  import com.google.gwt.user.server.rpc.impl.StandardSerializationPolicy;
24  
25  /**
26   * Wrap the StandardSerializationPolicy and LegacySerializationPolicy to create
27   * customized SerializationPolicy
28   * 
29   * @author Joe Yin
30   */
31  public class KSSerializationPolicy extends StandardSerializationPolicy {
32      LegacySerializationPolicy legacySerializationPolicy = LegacySerializationPolicy.getInstance();
33      
34      public KSSerializationPolicy(Map<Class<?>, Boolean> whitelist) {
35          super(whitelist, whitelist, new HashMap<Class<?>, String>());
36      }
37  
38      /**
39       * Check both StandardSerializationPolicy and LegacySerializationPolicy
40       */
41      @Override
42      public boolean shouldDeserializeFields(Class<?> clazz) {
43        return super.shouldDeserializeFields(clazz)||legacySerializationPolicy.shouldDeserializeFields(clazz);
44      }
45  
46      /**
47       * Check both StandardSerializationPolicy and LegacySerializationPolicy
48       * 
49       */
50      @Override
51      public boolean shouldSerializeFields(Class<?> clazz) {
52          return super.shouldSerializeFields(clazz)||legacySerializationPolicy.shouldSerializeFields(clazz);
53      }
54  
55      /**
56       * Validates that the specified class should be deserialized from a stream.
57       * Check both StandardSerializationPolicy and LegacySerializationPolicy
58       * 
59       * @param clazz the class to validate
60       * @throws SerializationException if the class is not allowed to be
61       *           deserialized
62       */
63      @Override
64      public void validateDeserialize(Class<?> clazz)
65          throws SerializationException{
66          boolean throwedFromStandardSerializationPolicy = false; 
67          boolean throwedFromLegacySerializationPolicy = false;
68          try{
69              super.validateDeserialize(clazz);
70          }catch(SerializationException e){
71              throwedFromStandardSerializationPolicy = true;
72          }
73          try{
74              legacySerializationPolicy.validateDeserialize(clazz);
75          }catch(SerializationException e){
76              throwedFromLegacySerializationPolicy = true;
77          }
78  
79          if(throwedFromStandardSerializationPolicy && 
80                  throwedFromLegacySerializationPolicy){
81              throw new SerializationException(
82                      "Type '"
83                          + clazz.getName()
84                          + "' was not included in the set of types which can be deserialized by this SerializationPolicy or its Class object could not be loaded. For security purposes, this type will not be deserialized."); 
85          }
86      }
87  
88      /**
89       * Validates that the specified class should be serialized into a stream.
90       * Check both StandardSerializationPolicy and LegacySerializationPolicy
91       * 
92       * @param clazz the class to validate
93       * @throws SerializationException if the class is not allowed to be serialized
94       */
95      @Override
96      public void validateSerialize(Class<?> clazz)
97          throws SerializationException{
98          boolean throwedFromStandardSerializationPolicy = false; 
99          boolean throwedFromLegacySerializationPolicy = false;
100         try{
101             super.validateSerialize(clazz);
102         }catch(SerializationException e){
103             throwedFromStandardSerializationPolicy = true;
104         }
105         try{
106             legacySerializationPolicy.validateSerialize(clazz);
107         }catch(SerializationException e){
108             throwedFromLegacySerializationPolicy = true;
109         }
110 
111         if(throwedFromStandardSerializationPolicy && 
112                 throwedFromLegacySerializationPolicy){
113             throw new SerializationException(
114                     "Type '"
115                         + clazz.getName()
116                         + "' was not included in the set of types which can be serialized by this SerializationPolicy or its Class object could not be loaded. For security purposes, this type will not be serialized.");
117         }
118     }
119 }