Log Message
ReflectionConverter, SerializationConverter and LookAndFieldConverter will check if they can access the fields by reflection for a requested type. SerializationConverter and ExternalizableConverter will check if they can create an instance of a derived OutputObjectStream first.
Modified Paths
- trunk/xstream/src/java/com/thoughtworks/xstream/converters/extended/LookAndFeelConverter.java
- trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/AbstractReflectionConverter.java
- trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/ExternalizableConverter.java
- trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/ReflectionConverter.java
- trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/SerializableConverter.java
- trunk/xstream-distribution/src/content/changes.html
Diff
Modified: trunk/xstream/src/java/com/thoughtworks/xstream/converters/extended/LookAndFeelConverter.java (2161 => 2162)
--- trunk/xstream/src/java/com/thoughtworks/xstream/converters/extended/LookAndFeelConverter.java 2013-11-27 01:42:31 UTC (rev 2161)
+++ trunk/xstream/src/java/com/thoughtworks/xstream/converters/extended/LookAndFeelConverter.java 2013-11-27 21:14:42 UTC (rev 2162)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007, 2008 XStream Committers.
+ * Copyright (C) 2007, 2008, 2013 XStream Committers.
* All rights reserved.
*
* The software in this package is published under the terms of the BSD
@@ -41,6 +41,6 @@
}
public boolean canConvert(Class type) {
- return LookAndFeel.class.isAssignableFrom(type);
+ return LookAndFeel.class.isAssignableFrom(type) && canAccess(type);
}
}
Modified: trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/AbstractReflectionConverter.java (2161 => 2162)
--- trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/AbstractReflectionConverter.java 2013-11-27 01:42:31 UTC (rev 2161)
+++ trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/AbstractReflectionConverter.java 2013-11-27 21:14:42 UTC (rev 2162)
@@ -55,6 +55,16 @@
this.reflectionProvider = reflectionProvider;
serializationMethodInvoker = new SerializationMethodInvoker();
}
+
+ protected boolean canAccess(Class type) {
+ try {
+ reflectionProvider.getFieldOrNull(type, "%");
+ return true;
+ } catch (NoClassDefFoundError e) {
+ // restricted type in GAE
+ }
+ return false;
+ }
public void marshal(Object original, final HierarchicalStreamWriter writer,
final MarshallingContext context) {
Modified: trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/ExternalizableConverter.java (2161 => 2162)
--- trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/ExternalizableConverter.java 2013-11-27 01:42:31 UTC (rev 2161)
+++ trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/ExternalizableConverter.java 2013-11-27 21:14:42 UTC (rev 2162)
@@ -16,6 +16,7 @@
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.core.ClassLoaderReference;
+import com.thoughtworks.xstream.core.JVM;
import com.thoughtworks.xstream.core.util.CustomObjectInputStream;
import com.thoughtworks.xstream.core.util.CustomObjectOutputStream;
import com.thoughtworks.xstream.core.util.HierarchicalStreams;
@@ -69,7 +70,7 @@
}
public boolean canConvert(Class type) {
- return Externalizable.class.isAssignableFrom(type);
+ return JVM.canCreateDerivedObjectOutputStream() && Externalizable.class.isAssignableFrom(type);
}
public void marshal(Object source, final HierarchicalStreamWriter writer, final MarshallingContext context) {
Modified: trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/ReflectionConverter.java (2161 => 2162)
--- trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/ReflectionConverter.java 2013-11-27 01:42:31 UTC (rev 2161)
+++ trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/ReflectionConverter.java 2013-11-27 21:14:42 UTC (rev 2162)
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2004, 2005, 2006 Joe Walnes.
- * Copyright (C) 2006, 2007 XStream Committers.
+ * Copyright (C) 2006, 2007, 2013 XStream Committers.
* All rights reserved.
*
* The software in this package is published under the terms of the BSD
@@ -20,6 +20,6 @@
}
public boolean canConvert(Class type) {
- return true;
+ return canAccess(type);
}
}
Modified: trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/SerializableConverter.java (2161 => 2162)
--- trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/SerializableConverter.java 2013-11-27 01:42:31 UTC (rev 2161)
+++ trunk/xstream/src/java/com/thoughtworks/xstream/converters/reflection/SerializableConverter.java 2013-11-27 21:14:42 UTC (rev 2162)
@@ -29,6 +29,7 @@
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.core.ClassLoaderReference;
+import com.thoughtworks.xstream.core.JVM;
import com.thoughtworks.xstream.core.util.CustomObjectInputStream;
import com.thoughtworks.xstream.core.util.CustomObjectOutputStream;
import com.thoughtworks.xstream.core.util.HierarchicalStreams;
@@ -69,6 +70,7 @@
private static final String ELEMENT_FIELDS = "fields";
private static final String ELEMENT_FIELD = "field";
private static final String ATTRIBUTE_NAME = "name";
+
private final ClassLoaderReference classLoaderReference;
/**
@@ -98,13 +100,21 @@
}
public boolean canConvert(Class type) {
- return isSerializable(type);
+ return JVM.canCreateDerivedObjectOutputStream() && isSerializable(type);
}
private boolean isSerializable(Class type) {
- return Serializable.class.isAssignableFrom(type)
+ if (Serializable.class.isAssignableFrom(type)
&& ( serializationMethodInvoker.supportsReadObject(type, true)
- || serializationMethodInvoker.supportsWriteObject(type, true) );
+ || serializationMethodInvoker.supportsWriteObject(type, true) )) {
+ for(Iterator iter = hierarchyFor(type).iterator(); iter.hasNext(); ) {
+ if (!Serializable.class.isAssignableFrom((Class)iter.next())) {
+ return canAccess(type);
+ }
+ }
+ return true;
+ }
+ return false;
}
public void doMarshal(final Object source, final HierarchicalStreamWriter writer, final MarshallingContext context) {
@@ -284,7 +294,9 @@
private Object readField(ObjectStreamField field, Class type, Object instance) {
try {
Field javaField = type.getDeclaredField(field.getName());
- javaField.setAccessible(true);
+ if (!javaField.isAccessible()) {
+ javaField.setAccessible(true);
+ }
return javaField.get(instance);
} catch (IllegalArgumentException e) {
throw new ObjectAccessException("Could not get field " + field.getClass() + "." + field.getName(), e);
Modified: trunk/xstream-distribution/src/content/changes.html (2161 => 2162)
--- trunk/xstream-distribution/src/content/changes.html 2013-11-27 01:42:31 UTC (rev 2161)
+++ trunk/xstream-distribution/src/content/changes.html 2013-11-27 21:14:42 UTC (rev 2162)
@@ -42,12 +42,29 @@
<p>Not yet released.</p>
+ <h2>Major changes</h2>
+
+ <ul>
+ <li>JIRA:XSTR-566 and JIRA:XSTR-200: Better compatibility with GAE and environments with active SecurityManager (i.e. in an
+ Applet). XStream converters try now to ensure already in the canConvert methods that they can handle the requested type in
+ practice and not only theoretically. Additionally the implementations even better take care, that the initialization of a
+ converter will not break the setup of XStream itself. Following modifications have been done for these topics:
+ <ul>
+ <li>ReflectionConverter, SerializationConverter and LookAndFieldConverter will check if they can access the fields by
+ reflection for a requested type.</li>
+ <li>SerializationConverter and ExternalizableConverter will check if they can create an instance of a derived
+ OutputObjectStream first.</li>
+ <li>BeanProvider does no longer use reflection to locate default constructor.</li>
+ <li>No need for reflection in StackTraceElementFactory anymore, Java 1.4 is required since long ago.</li>
+ </ul>
+ </li>
+ <li>JIRA:XSTR-739 and JIRA:XSTR-746: OrderRetainingMap fails if HashMap.putAll(Map) of Java Runtime is not
+ implemented calling put for every element within the map.</li>
+ </ul>
+
<h2>Minor changes</h2>
<ul>
- <li>JavaBeanProvider ensures that it can instantiate a type before it claims to handle it. Avoids problems with SecurityManager.</li>
- <li>BeanProvider does no longer use reflection to locate default constructor. Avoids problems with SecurityManager and GAE.</li>
- <li>No need for reflection in StackTraceElementFactory anymore. Avoids problems with SecurityManager and GAE.</li>
<li>JIRA:XSTR-739 and JIRA:XSTR-746: OrderRetainingMap fails if HashMap.putAll(Map) of Java Runtime is not
implemented calling put for every element within the map.</li>
</ul>
@@ -55,6 +72,7 @@
<h2>API changes</h2>
<ul>
+ <li>Added method canAccess to c.t.x.converter.reflection.AbstractReflectionConverter.</li>
<li>Added static method canCreateDerivedObjectOutputStream to c.t.x.core.JVM.</li>
<li>Deprecated unused member c.t.x.converter.javabean.BeanProvider.NO_PARAMS.</li>
<li>Deprecated unused method c.t.x.converter.javabean.BeanProvider.getDefaultConstrutor(Class).</li>
To unsubscribe from this list please visit:
