001    /**
002     * Copyright 2010 The Kuali Foundation Licensed under the
003     * Educational Community License, Version 2.0 (the "License"); you may
004     * not use this file except in compliance with the License. You may
005     * obtain a copy of the License at
006     *
007     * http://www.osedu.org/licenses/ECL-2.0
008     *
009     * Unless required by applicable law or agreed to in writing,
010     * software distributed under the License is distributed on an "AS IS"
011     * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
012     * or implied. See the License for the specific language governing
013     * permissions and limitations under the License.
014     */
015    
016    package org.kuali.student.common.ui.server.serialization;
017    
018    import java.util.HashMap;
019    import java.util.Map;
020    
021    import com.google.gwt.user.client.rpc.SerializationException;
022    import com.google.gwt.user.server.rpc.impl.LegacySerializationPolicy;
023    import com.google.gwt.user.server.rpc.impl.StandardSerializationPolicy;
024    
025    /**
026     * Wrap the StandardSerializationPolicy and LegacySerializationPolicy to create
027     * customized SerializationPolicy
028     * 
029     * @author Joe Yin
030     */
031    public class KSSerializationPolicy extends StandardSerializationPolicy {
032        LegacySerializationPolicy legacySerializationPolicy = LegacySerializationPolicy.getInstance();
033        
034        public KSSerializationPolicy(Map<Class<?>, Boolean> whitelist) {
035            super(whitelist, whitelist, new HashMap<Class<?>, String>());
036        }
037    
038        /**
039         * Check both StandardSerializationPolicy and LegacySerializationPolicy
040         */
041        @Override
042        public boolean shouldDeserializeFields(Class<?> clazz) {
043          return super.shouldDeserializeFields(clazz)||legacySerializationPolicy.shouldDeserializeFields(clazz);
044        }
045    
046        /**
047         * Check both StandardSerializationPolicy and LegacySerializationPolicy
048         * 
049         */
050        @Override
051        public boolean shouldSerializeFields(Class<?> clazz) {
052            return super.shouldSerializeFields(clazz)||legacySerializationPolicy.shouldSerializeFields(clazz);
053        }
054    
055        /**
056         * Validates that the specified class should be deserialized from a stream.
057         * Check both StandardSerializationPolicy and LegacySerializationPolicy
058         * 
059         * @param clazz the class to validate
060         * @throws SerializationException if the class is not allowed to be
061         *           deserialized
062         */
063        @Override
064        public void validateDeserialize(Class<?> clazz)
065            throws SerializationException{
066            boolean throwedFromStandardSerializationPolicy = false; 
067            boolean throwedFromLegacySerializationPolicy = false;
068            try{
069                super.validateDeserialize(clazz);
070            }catch(SerializationException e){
071                throwedFromStandardSerializationPolicy = true;
072            }
073            try{
074                legacySerializationPolicy.validateDeserialize(clazz);
075            }catch(SerializationException e){
076                throwedFromLegacySerializationPolicy = true;
077            }
078    
079            if(throwedFromStandardSerializationPolicy && 
080                    throwedFromLegacySerializationPolicy){
081                throw new SerializationException(
082                        "Type '"
083                            + clazz.getName()
084                            + "' was not included in the set of types which can be deserialized by this SerializationPolicy or its Class object could not be loaded. For security purposes, this type will not be deserialized."); 
085            }
086        }
087    
088        /**
089         * Validates that the specified class should be serialized into a stream.
090         * Check both StandardSerializationPolicy and LegacySerializationPolicy
091         * 
092         * @param clazz the class to validate
093         * @throws SerializationException if the class is not allowed to be serialized
094         */
095        @Override
096        public void validateSerialize(Class<?> clazz)
097            throws SerializationException{
098            boolean throwedFromStandardSerializationPolicy = false; 
099            boolean throwedFromLegacySerializationPolicy = false;
100            try{
101                super.validateSerialize(clazz);
102            }catch(SerializationException e){
103                throwedFromStandardSerializationPolicy = true;
104            }
105            try{
106                legacySerializationPolicy.validateSerialize(clazz);
107            }catch(SerializationException e){
108                throwedFromLegacySerializationPolicy = true;
109            }
110    
111            if(throwedFromStandardSerializationPolicy && 
112                    throwedFromLegacySerializationPolicy){
113                throw new SerializationException(
114                        "Type '"
115                            + clazz.getName()
116                            + "' was not included in the set of types which can be serialized by this SerializationPolicy or its Class object could not be loaded. For security purposes, this type will not be serialized.");
117            }
118        }
119    }