Skip to content

Commit

Permalink
Fixed issue #809.
Browse files Browse the repository at this point in the history
  • Loading branch information
Thierry Boileau committed Dec 5, 2013
1 parent 5bc6aed commit 490b1d7
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 12 deletions.
2 changes: 2 additions & 0 deletions build/tmpl/text/changes.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ Changes log
===========

- @version-full@ (@release-date@)
- Bug fixed
- Fixed issue #809 regression introduced when handling issues #774 and #778.

- 2.1.5 (12/05/2013)
- Bug fixed
Expand Down
53 changes: 41 additions & 12 deletions modules/org.restlet/src/org/restlet/representation/ObjectRepresentation.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,15 +127,43 @@ public ObjectRepresentation(Representation serializedRepresentation)
* @throws ClassNotFoundException
* @throws IllegalArgumentException
*/
@SuppressWarnings("unchecked")
public ObjectRepresentation(Representation serializedRepresentation,
final ClassLoader classLoader) throws IOException,
ClassNotFoundException, IllegalArgumentException {
this(serializedRepresentation, classLoader,
VARIANT_OBJECT_BINARY_SUPPORTED, VARIANT_OBJECT_XML_SUPPORTED);
}

/**
* Constructor reading the object from a serialized representation. This
* representation must have the proper media type:
* "application/x-java-serialized-object".
*
* @param serializedRepresentation
* The serialized representation.
* @param classLoader
* The class loader used to read the object.
* @param variantObjectBinarySupported
* Indicates whether the JavaBeans binary deserialization is
* supported or not.
* @param variantObjectXmlSupported
* Indicates whether the JavaBeans XML deserialization is
* supported or not.
* @throws IOException
* @throws ClassNotFoundException
* @throws IllegalArgumentException
*/
@SuppressWarnings("unchecked")
public ObjectRepresentation(Representation serializedRepresentation,
final ClassLoader classLoader,
boolean variantObjectBinarySupported,
boolean variantObjectXmlSupported) throws IOException,
ClassNotFoundException, IllegalArgumentException {
super(MediaType.APPLICATION_JAVA_OBJECT);

if (serializedRepresentation.getMediaType().equals(
MediaType.APPLICATION_JAVA_OBJECT)) {
if (!VARIANT_OBJECT_BINARY_SUPPORTED) {
if (MediaType.APPLICATION_JAVA_OBJECT.equals(serializedRepresentation
.getMediaType())) {
if (!variantObjectBinarySupported) {
throw new IllegalArgumentException(
"SECURITY WARNING: The usage of ObjectInputStream when "
+ "deserializing binary presentations from unstrusted "
Expand Down Expand Up @@ -173,9 +201,9 @@ protected Class<?> resolveClass(

ois.close();
// [ifndef android]
} else if (serializedRepresentation.getMediaType().equals(
MediaType.APPLICATION_JAVA_OBJECT_XML)) {
if (!VARIANT_OBJECT_XML_SUPPORTED) {
} else if (MediaType.APPLICATION_JAVA_OBJECT_XML
.equals(serializedRepresentation.getMediaType())) {
if (!variantObjectXmlSupported) {
throw new IllegalArgumentException(
"SECURITY WARNING: The usage of XMLDecoder when "
+ "deserializing XML presentations from unstrusted "
Expand All @@ -200,12 +228,13 @@ protected Class<?> resolveClass(

decoder.close();
// [enddef]
} else {
throw new IllegalArgumentException(
"The serialized representation must have this media type: "
+ MediaType.APPLICATION_JAVA_OBJECT.toString()
+ " or this one: "
+ MediaType.APPLICATION_JAVA_OBJECT_XML.toString());
}
throw new IllegalArgumentException(
"The serialized representation must have this media type: "
+ MediaType.APPLICATION_JAVA_OBJECT.toString()
+ " or this one: "
+ MediaType.APPLICATION_JAVA_OBJECT_XML.toString());
}

/**
Expand Down

0 comments on commit 490b1d7

Please sign in to comment.