001: /*
002: * Copyright 2007 Google Inc.
003: *
004: * Licensed under the Apache License, Version 2.0 (the "License"); you may not
005: * use this file except in compliance with the License. You may obtain a copy of
006: * the License at
007: *
008: * http://www.apache.org/licenses/LICENSE-2.0
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
012: * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
013: * License for the specific language governing permissions and limitations under
014: * the License.
015: */
016: package com.google.gwt.user.server.rpc.impl;
017:
018: import com.google.gwt.user.client.rpc.SerializationException;
019: import com.google.gwt.user.server.rpc.SerializationPolicy;
020:
021: import java.util.Map;
022:
023: /**
024: * Standard implementation of a {@link SerializationPolicy}.
025: */
026: public class StandardSerializationPolicy extends SerializationPolicy {
027: private final Map<Class<?>, Boolean> whitelist;
028:
029: /**
030: * Constructs a {@link SerializationPolicy} from a {@link Map}.
031: */
032: public StandardSerializationPolicy(Map<Class<?>, Boolean> whitelist) {
033: if (whitelist == null) {
034: throw new NullPointerException("whitelist");
035: }
036:
037: this .whitelist = whitelist;
038: }
039:
040: /*
041: * (non-Javadoc)
042: *
043: * @see com.google.gwt.user.server.rpc.SerializationPolicy#shouldDerializeFields(java.lang.String)
044: */
045: @Override
046: public boolean shouldDeserializeFields(Class<?> clazz) {
047: return isFieldSerializable(clazz);
048: }
049:
050: /*
051: * (non-Javadoc)
052: *
053: * @see com.google.gwt.user.server.rpc.SerializationPolicy#shouldSerializeFields(java.lang.String)
054: */
055: @Override
056: public boolean shouldSerializeFields(Class<?> clazz) {
057: return isFieldSerializable(clazz);
058: }
059:
060: /*
061: * (non-Javadoc)
062: *
063: * @see com.google.gwt.user.server.rpc.SerializationPolicy#validateDeserialize(java.lang.String)
064: */
065: @Override
066: public void validateDeserialize(Class<?> clazz)
067: throws SerializationException {
068: if (!isInstantiable(clazz)) {
069: throw new SerializationException(
070: "Type '"
071: + clazz.getName()
072: + "' was not included in the set of types which can be deserialized by this SerializationPolicy. For security purposes, this type will not be deserialized.");
073: }
074: }
075:
076: /*
077: * (non-Javadoc)
078: *
079: * @see com.google.gwt.user.server.rpc.SerializationPolicy#validateSerialize(java.lang.String)
080: */
081: @Override
082: public void validateSerialize(Class<?> clazz)
083: throws SerializationException {
084: if (!isInstantiable(clazz)) {
085: throw new SerializationException(
086: "Type '"
087: + clazz.getName()
088: + "' was not included in the set of types which can be serialized by this SerializationPolicy. For security purposes, this type will not be serialized.");
089: }
090: }
091:
092: /**
093: * Field serializable types are primitives and types on the whitelist.
094: */
095: private boolean isFieldSerializable(Class<?> clazz) {
096: if (clazz.isPrimitive()) {
097: return true;
098: }
099: return whitelist.containsKey(clazz);
100: }
101:
102: /**
103: * Instantiable types are primitives and types on the whitelist which can be
104: * instantiated.
105: */
106: private boolean isInstantiable(Class<?> clazz) {
107: if (clazz.isPrimitive()) {
108: return true;
109: }
110: Boolean instantiable = whitelist.get(clazz);
111: return (instantiable != null && instantiable);
112: }
113: }
|