Class InstantiateTransformer
- java.lang.Object
-
- org.apache.commons.collections.functors.InstantiateTransformer
-
- All Implemented Interfaces:
java.io.Serializable,Transformer
public class InstantiateTransformer extends java.lang.Object implements Transformer, java.io.Serializable
Transformer implementation that creates a new object instance by reflection.WARNING: from v3.2.2 onwards this class will throw an
UnsupportedOperationExceptionwhen trying to serialize or de-serialize an instance to prevent potential remote code execution exploits.In order to re-enable serialization support for
InstantiateTransformerthe following system property can be used (via -Dproperty=true):org.apache.commons.collections.enableUnsafeSerialization
- Since:
- Commons Collections 3.0
- Version:
- $Revision: 1713845 $ $Date: 2015-11-11 15:02:16 +0100 (Wed, 11 Nov 2015) $
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description private java.lang.Object[]iArgsThe constructor argumentsprivate java.lang.Class[]iParamTypesThe constructor parameter typesstatic TransformerNO_ARG_INSTANCESingleton instance that uses the no arg constructorprivate static longserialVersionUIDThe serial version
-
Constructor Summary
Constructors Modifier Constructor Description privateInstantiateTransformer()Constructor for no arg instance.InstantiateTransformer(java.lang.Class[] paramTypes, java.lang.Object[] args)Constructor that performs no validation.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static TransformergetInstance(java.lang.Class[] paramTypes, java.lang.Object[] args)Transformer method that performs validation.private voidreadObject(java.io.ObjectInputStream is)Overrides the default readObject implementation to prevent de-serialization (see COLLECTIONS-580).java.lang.Objecttransform(java.lang.Object input)Transforms the input Class object to a result by instantiation.private voidwriteObject(java.io.ObjectOutputStream os)Overrides the default writeObject implementation to prevent serialization (see COLLECTIONS-580).
-
-
-
Field Detail
-
serialVersionUID
private static final long serialVersionUID
The serial version- See Also:
- Constant Field Values
-
NO_ARG_INSTANCE
public static final Transformer NO_ARG_INSTANCE
Singleton instance that uses the no arg constructor
-
iParamTypes
private final java.lang.Class[] iParamTypes
The constructor parameter types
-
iArgs
private final java.lang.Object[] iArgs
The constructor arguments
-
-
Constructor Detail
-
InstantiateTransformer
private InstantiateTransformer()
Constructor for no arg instance.
-
InstantiateTransformer
public InstantiateTransformer(java.lang.Class[] paramTypes, java.lang.Object[] args)Constructor that performs no validation. UsegetInstanceif you want that.- Parameters:
paramTypes- the constructor parameter types, not clonedargs- the constructor arguments, not cloned
-
-
Method Detail
-
getInstance
public static Transformer getInstance(java.lang.Class[] paramTypes, java.lang.Object[] args)
Transformer method that performs validation.- Parameters:
paramTypes- the constructor parameter typesargs- the constructor arguments- Returns:
- an instantiate transformer
-
transform
public java.lang.Object transform(java.lang.Object input)
Transforms the input Class object to a result by instantiation.- Specified by:
transformin interfaceTransformer- Parameters:
input- the input object to transform- Returns:
- the transformed result
-
writeObject
private void writeObject(java.io.ObjectOutputStream os) throws java.io.IOExceptionOverrides the default writeObject implementation to prevent serialization (see COLLECTIONS-580).- Throws:
java.io.IOException
-
readObject
private void readObject(java.io.ObjectInputStream is) throws java.lang.ClassNotFoundException, java.io.IOExceptionOverrides the default readObject implementation to prevent de-serialization (see COLLECTIONS-580).- Throws:
java.lang.ClassNotFoundExceptionjava.io.IOException
-
-