1 /* 2 * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package javax.sql.rowset.serial; 27 28 import java.io.*; 29 import java.lang.reflect.*; 30 import java.util.Arrays; 31 import java.util.Vector; 32 import javax.sql.rowset.RowSetWarning; 33 import sun.reflect.CallerSensitive; 34 import sun.reflect.Reflection; 35 import sun.reflect.misc.ReflectUtil; 36 37 /** 38 * A serializable mapping in the Java programming language of an SQL 39 * <code>JAVA_OBJECT</code> value. Assuming the Java object 40 * implements the <code>Serializable</code> interface, this class simply wraps the 41 * serialization process. 42 * <P> 43 * If however, the serialization is not possible because 44 * the Java object is not immediately serializable, this class will 45 * attempt to serialize all non-static members to permit the object 46 * state to be serialized. 47 * Static or transient fields cannot be serialized; an attempt to serialize 48 * them will result in a <code>SerialException</code> object being thrown. 49 * 50 * <h3> Thread safety </h3> 51 * 52 * A SerialJavaObject is not safe for use by multiple concurrent threads. If a 53 * SerialJavaObject is to be used by more than one thread then access to the 54 * SerialJavaObject should be controlled by appropriate synchronization. 55 * 56 * @author Jonathan Bruce 57 */ 58 public class SerialJavaObject implements Serializable, Cloneable { 59 60 /** 61 * Placeholder for object to be serialized. 62 */ 63 private Object obj; 64 65 66 /** 67 * Placeholder for all fields in the <code>JavaObject</code> being serialized. 68 */ 69 private transient Field[] fields; 70 71 /** 72 * Constructor for <code>SerialJavaObject</code> helper class. 73 * 74 * @param obj the Java <code>Object</code> to be serialized 75 * @throws SerialException if the object is found not to be serializable 76 */ 77 public SerialJavaObject(Object obj) throws SerialException { 78 79 // if any static fields are found, an exception 80 // should be thrown 81 82 83 // get Class. Object instance should always be available 84 Class<?> c = obj.getClass(); 85 86 // determine if object implements Serializable i/f 87 if (!(obj instanceof java.io.Serializable)) { 88 setWarning(new RowSetWarning("Warning, the object passed to the constructor does not implement Serializable")); 89 } 90 91 // can only determine public fields (obviously). If 92 // any of these are static, this should invalidate 93 // the action of attempting to persist these fields 94 // in a serialized form 95 fields = c.getFields(); 96 97 if (hasStaticFields(fields)) { 98 throw new SerialException("Located static fields in " + 99 "object instance. Cannot serialize"); 100 } 101 102 this.obj = obj; 103 } 104 105 /** 106 * Returns an <code>Object</code> that is a copy of this <code>SerialJavaObject</code> 107 * object. 108 * 109 * @return a copy of this <code>SerialJavaObject</code> object as an 110 * <code>Object</code> in the Java programming language 111 * @throws SerialException if the instance is corrupt 112 */ 113 public Object getObject() throws SerialException { 114 return this.obj; 115 } 116 117 /** 118 * Returns an array of <code>Field</code> objects that contains each 119 * field of the object that this helper class is serializing. 120 * 121 * @return an array of <code>Field</code> objects 122 * @throws SerialException if an error is encountered accessing 123 * the serialized object 124 * @throws SecurityException If a security manager, <i>s</i>, is present 125 * and the caller's class loader is not the same as or an 126 * ancestor of the class loader for the class of the 127 * {@linkplain #getObject object} being serialized 128 * and invocation of {@link SecurityManager#checkPackageAccess 129 * s.checkPackageAccess()} denies access to the package 130 * of that class. 131 * @see Class#getFields 132 */ 133 @CallerSensitive 134 public Field[] getFields() throws SerialException { 135 if (fields != null) { 136 Class<?> c = this.obj.getClass(); 137 SecurityManager sm = System.getSecurityManager(); 138 if (sm != null) { 139 /* 140 * Check if the caller is allowed to access the specified class's package. 141 * If access is denied, throw a SecurityException. 142 */ 143 Class<?> caller = sun.reflect.Reflection.getCallerClass(); 144 if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(), 145 c.getClassLoader())) { 146 ReflectUtil.checkPackageAccess(c); 147 } 148 } 149 return c.getFields(); 150 } else { 151 throw new SerialException("SerialJavaObject does not contain" + 152 " a serialized object instance"); 153 } 154 } 155 156 /** 157 * The identifier that assists in the serialization of this 158 * <code>SerialJavaObject</code> object. 159 */ 160 static final long serialVersionUID = -1465795139032831023L; 161 162 /** 163 * A container for the warnings issued on this <code>SerialJavaObject</code> 164 * object. When there are multiple warnings, each warning is chained to the 165 * previous warning. 166 */ 167 Vector<RowSetWarning> chain; 168 169 /** 170 * Compares this SerialJavaObject to the specified object. 171 * The result is {@code true} if and only if the argument 172 * is not {@code null} and is a {@code SerialJavaObject} 173 * object that is identical to this object 174 * 175 * @param o The object to compare this {@code SerialJavaObject} against 176 * 177 * @return {@code true} if the given object represents a {@code SerialJavaObject} 178 * equivalent to this SerialJavaObject, {@code false} otherwise 179 * 180 */ 181 public boolean equals(Object o) { 182 if (this == o) { 183 return true; 184 } 185 if (o instanceof SerialJavaObject) { 186 SerialJavaObject sjo = (SerialJavaObject) o; 187 return obj.equals(sjo.obj); 188 } 189 return false; 190 } 191 192 /** 193 * Returns a hash code for this SerialJavaObject. The hash code for a 194 * {@code SerialJavaObject} object is taken as the hash code of 195 * the {@code Object} it stores 196 * 197 * @return a hash code value for this object. 198 */ 199 public int hashCode() { 200 return 31 + obj.hashCode(); 201 } 202 203 /** 204 * Returns a clone of this {@code SerialJavaObject}. 205 * 206 * @return a clone of this SerialJavaObject 207 */ 208 209 public Object clone() { 210 try { 211 SerialJavaObject sjo = (SerialJavaObject) super.clone(); 212 sjo.fields = Arrays.copyOf(fields, fields.length); 213 if (chain != null) 214 sjo.chain = new Vector<>(chain); 215 return sjo; 216 } catch (CloneNotSupportedException ex) { 217 // this shouldn't happen, since we are Cloneable 218 throw new InternalError(); 219 } 220 } 221 222 /** 223 * Registers the given warning. 224 */ 225 private void setWarning(RowSetWarning e) { 226 if (chain == null) { 227 chain = new Vector<>(); 228 } 229 chain.add(e); 230 } 231 232 /** 233 * readObject is called to restore the state of the {@code SerialJavaObject} 234 * from a stream. 235 */ 236 private void readObject(ObjectInputStream s) 237 throws IOException, ClassNotFoundException { 238 239 ObjectInputStream.GetField fields1 = s.readFields(); 240 @SuppressWarnings("unchecked") 241 Vector<RowSetWarning> tmp = (Vector<RowSetWarning>)fields1.get("chain", null); 242 if (tmp != null) 243 chain = new Vector<>(tmp); 244 245 obj = fields1.get("obj", null); 246 if (obj != null) { 247 fields = obj.getClass().getFields(); 248 if(hasStaticFields(fields)) 249 throw new IOException("Located static fields in " + 250 "object instance. Cannot serialize"); 251 } else { 252 throw new IOException("Object cannot be null!"); 253 } 254 255 } 256 257 /** 258 * writeObject is called to save the state of the {@code SerialJavaObject} 259 * to a stream. 260 */ 261 private void writeObject(ObjectOutputStream s) 262 throws IOException { 263 ObjectOutputStream.PutField fields = s.putFields(); 264 fields.put("obj", obj); 265 fields.put("chain", chain); 266 s.writeFields(); 267 } 268 269 /* 270 * Check to see if there are any Static Fields in this object 271 */ 272 private static boolean hasStaticFields(Field[] fields) { 273 for (Field field : fields) { 274 if ( field.getModifiers() == Modifier.STATIC) { 275 return true; 276 } 277 } 278 return false; 279 } 280 }