1 /*
   2  * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package javax.sql.rowset.serial;
  27 
  28 import java.io.*;
  29 import java.lang.reflect.*;
  30 import java.util.Arrays;
  31 import java.util.Vector;
  32 import javax.sql.rowset.RowSetWarning;
  33 import sun.reflect.CallerSensitive;
  34 import sun.reflect.Reflection;
  35 import sun.reflect.misc.ReflectUtil;
  36 
  37 /**
  38  * A serializable mapping in the Java programming language of an SQL
  39  * <code>JAVA_OBJECT</code> value. Assuming the Java object
  40  * implements the <code>Serializable</code> interface, this class simply wraps the
  41  * serialization process.
  42  * <P>
  43  * If however, the serialization is not possible because
  44  * the Java object is not immediately serializable, this class will
  45  * attempt to serialize all non-static members to permit the object
  46  * state to be serialized.
  47  * Static or transient fields cannot be serialized; an attempt to serialize
  48  * them will result in a <code>SerialException</code> object being thrown.
  49  *
  50  * <h3> Thread safety </h3>
  51  *
  52  * A SerialJavaObject is not safe for use by multiple concurrent threads.  If a
  53  * SerialJavaObject is to be used by more than one thread then access to the
  54  * SerialJavaObject should be controlled by appropriate synchronization.
  55  *
  56  * @author Jonathan Bruce
  57  */
  58 public class SerialJavaObject implements Serializable, Cloneable {
  59 
  60     /**
  61      * Placeholder for object to be serialized.
  62      */
  63     private Object obj;
  64 
  65 
  66    /**
  67     * Placeholder for all fields in the <code>JavaObject</code> being serialized.
  68     */
  69     private transient Field[] fields;
  70 
  71     /**
  72      * Constructor for <code>SerialJavaObject</code> helper class.
  73      *
  74      * @param obj the Java <code>Object</code> to be serialized
  75      * @throws SerialException if the object is found not to be serializable
  76      */
  77     public SerialJavaObject(Object obj) throws SerialException {
  78 
  79         // if any static fields are found, an exception
  80         // should be thrown
  81 
  82 
  83         // get Class. Object instance should always be available
  84         Class<?> c = obj.getClass();
  85 
  86         // determine if object implements Serializable i/f
  87         if (!(obj instanceof java.io.Serializable)) {
  88             setWarning(new RowSetWarning("Warning, the object passed to the constructor does not implement Serializable"));
  89         }
  90 
  91         // can only determine public fields (obviously). If
  92         // any of these are static, this should invalidate
  93         // the action of attempting to persist these fields
  94         // in a serialized form
  95         fields = c.getFields();
  96 
  97         if (hasStaticFields(fields)) {
  98             throw new SerialException("Located static fields in " +
  99                 "object instance. Cannot serialize");
 100         }
 101 
 102         this.obj = obj;
 103     }
 104 
 105     /**
 106      * Returns an <code>Object</code> that is a copy of this <code>SerialJavaObject</code>
 107      * object.
 108      *
 109      * @return a copy of this <code>SerialJavaObject</code> object as an
 110      *         <code>Object</code> in the Java programming language
 111      * @throws SerialException if the instance is corrupt
 112      */
 113     public Object getObject() throws SerialException {
 114         return this.obj;
 115     }
 116 
 117     /**
 118      * Returns an array of <code>Field</code> objects that contains each
 119      * field of the object that this helper class is serializing.
 120      *
 121      * @return an array of <code>Field</code> objects
 122      * @throws SerialException if an error is encountered accessing
 123      * the serialized object
 124      * @throws  SecurityException  If a security manager, <i>s</i>, is present
 125      * and the caller's class loader is not the same as or an
 126      * ancestor of the class loader for the class of the
 127      * {@linkplain #getObject object} being serialized
 128      * and invocation of {@link SecurityManager#checkPackageAccess
 129      * s.checkPackageAccess()} denies access to the package
 130      * of that class.
 131      * @see Class#getFields
 132      */
 133     @CallerSensitive
 134     public Field[] getFields() throws SerialException {
 135         if (fields != null) {
 136             Class<?> c = this.obj.getClass();
 137             SecurityManager sm = System.getSecurityManager();
 138             if (sm != null) {
 139                 /*
 140                  * Check if the caller is allowed to access the specified class's package.
 141                  * If access is denied, throw a SecurityException.
 142                  */
 143                 Class<?> caller = sun.reflect.Reflection.getCallerClass();
 144                 if (ReflectUtil.needsPackageAccessCheck(caller.getClassLoader(),
 145                                                         c.getClassLoader())) {
 146                     ReflectUtil.checkPackageAccess(c);
 147                 }
 148             }
 149             return c.getFields();
 150         } else {
 151             throw new SerialException("SerialJavaObject does not contain" +
 152                 " a serialized object instance");
 153         }
 154     }
 155 
 156     /**
 157      * The identifier that assists in the serialization of this
 158      * <code>SerialJavaObject</code> object.
 159      */
 160     static final long serialVersionUID = -1465795139032831023L;
 161 
 162     /**
 163      * A container for the warnings issued on this <code>SerialJavaObject</code>
 164      * object. When there are multiple warnings, each warning is chained to the
 165      * previous warning.
 166      */
 167     Vector<RowSetWarning> chain;
 168 
 169     /**
 170      * Compares this SerialJavaObject to the specified object.
 171      * The result is {@code true} if and only if the argument
 172      * is not {@code null} and is a {@code SerialJavaObject}
 173      * object that is identical to this object
 174      *
 175      * @param  o The object to compare this {@code SerialJavaObject} against
 176      *
 177      * @return  {@code true} if the given object represents a {@code SerialJavaObject}
 178      *          equivalent to this SerialJavaObject, {@code false} otherwise
 179      *
 180      */
 181     public boolean equals(Object o) {
 182         if (this == o) {
 183             return true;
 184         }
 185         if (o instanceof SerialJavaObject) {
 186             SerialJavaObject sjo = (SerialJavaObject) o;
 187             return obj.equals(sjo.obj);
 188         }
 189         return false;
 190     }
 191 
 192     /**
 193      * Returns a hash code for this SerialJavaObject. The hash code for a
 194      * {@code SerialJavaObject} object is taken as the hash code of
 195      * the {@code Object} it stores
 196      *
 197      * @return  a hash code value for this object.
 198      */
 199     public int hashCode() {
 200         return 31 + obj.hashCode();
 201     }
 202 
 203     /**
 204      * Returns a clone of this {@code SerialJavaObject}.
 205      *
 206      * @return  a clone of this SerialJavaObject
 207      */
 208 
 209     public Object clone() {
 210         try {
 211             SerialJavaObject sjo = (SerialJavaObject) super.clone();
 212             sjo.fields = Arrays.copyOf(fields, fields.length);
 213             if (chain != null)
 214                 sjo.chain = new Vector<>(chain);
 215             return sjo;
 216         } catch (CloneNotSupportedException ex) {
 217             // this shouldn't happen, since we are Cloneable
 218             throw new InternalError();
 219         }
 220     }
 221 
 222     /**
 223      * Registers the given warning.
 224      */
 225     private void setWarning(RowSetWarning e) {
 226         if (chain == null) {
 227             chain = new Vector<>();
 228         }
 229         chain.add(e);
 230     }
 231 
 232     /**
 233      * readObject is called to restore the state of the {@code SerialJavaObject}
 234      * from a stream.
 235      */
 236     private void readObject(ObjectInputStream s)
 237             throws IOException, ClassNotFoundException {
 238 
 239         ObjectInputStream.GetField fields1 = s.readFields();
 240         @SuppressWarnings("unchecked")
 241         Vector<RowSetWarning> tmp = (Vector<RowSetWarning>)fields1.get("chain", null);
 242         if (tmp != null)
 243             chain = new Vector<>(tmp);
 244 
 245         obj = fields1.get("obj", null);
 246         if (obj != null) {
 247             fields = obj.getClass().getFields();
 248             if(hasStaticFields(fields))
 249                 throw new IOException("Located static fields in " +
 250                 "object instance. Cannot serialize");
 251         } else {
 252             throw new IOException("Object cannot be null!");
 253         }
 254 
 255     }
 256 
 257     /**
 258      * writeObject is called to save the state of the {@code SerialJavaObject}
 259      * to a stream.
 260      */
 261     private void writeObject(ObjectOutputStream s)
 262             throws IOException {
 263         ObjectOutputStream.PutField fields = s.putFields();
 264         fields.put("obj", obj);
 265         fields.put("chain", chain);
 266         s.writeFields();
 267     }
 268 
 269     /*
 270      * Check to see if there are any Static Fields in this object
 271      */
 272     private static boolean hasStaticFields(Field[] fields) {
 273         for (Field field : fields) {
 274             if ( field.getModifiers() == Modifier.STATIC) {
 275                 return true;
 276             }
 277         }
 278         return false;
 279     }
 280 }