一、前言

关于apache的commons-jcs-core源码包中的org.apache.commons.jcs.utils.serialization.StandardSerializer、org.apache.commons.jcs.engine.behavior.IElementSerializer、org.apache.commons.jcs.io.ObjectInputStreamClassLoaderAware定义并实现对象序列化、反序列化功能。

二、源码说明

1.IElementSerializer接口

package org.apache.commons.jcs.engine.behavior;@b@@b@import java.io.IOException;@b@@b@public abstract interface IElementSerializer@b@{@b@  public abstract <T> byte[] serialize(T paramT)@b@    throws IOException;@b@@b@  public abstract <T> T deSerialize(byte[] paramArrayOfByte, ClassLoader paramClassLoader)@b@    throws IOException, ClassNotFoundException;@b@}

2.StandardSerializer标准实现类

package org.apache.commons.jcs.utils.serialization;@b@@b@import java.io.BufferedInputStream;@b@import java.io.ByteArrayInputStream;@b@import java.io.ByteArrayOutputStream;@b@import java.io.IOException;@b@import java.io.ObjectInputStream;@b@import java.io.ObjectOutputStream;@b@import org.apache.commons.jcs.engine.behavior.IElementSerializer;@b@import org.apache.commons.jcs.io.ObjectInputStreamClassLoaderAware;@b@@b@public class StandardSerializer@b@  implements IElementSerializer@b@{@b@  public <T> byte[] serialize(T obj)@b@    throws IOException@b@  {@b@    ByteArrayOutputStream baos = new ByteArrayOutputStream();@b@    ObjectOutputStream oos = new ObjectOutputStream(baos);@b@    try@b@    {@b@      oos.writeObject(obj);@b@    }@b@    finally@b@    {@b@      oos.close();@b@    }@b@    return baos.toByteArray();@b@  }@b@@b@  public <T> T deSerialize(byte[] data, ClassLoader loader)@b@    throws IOException, ClassNotFoundException@b@  {@b@    ByteArrayInputStream bais = new ByteArrayInputStream(data);@b@    BufferedInputStream bis = new BufferedInputStream(bais);@b@    ObjectInputStream ois = new ObjectInputStreamClassLoaderAware(bis, loader);@b@    try@b@    {@b@      Object readObject = ois.readObject();@b@      Object localObject1 = readObject;@b@@b@      return localObject1; } finally { ois.close();@b@    }@b@  }@b@}

3.ObjectInputStreamClassLoaderAware类

package org.apache.commons.jcs.io;@b@@b@import java.io.IOException;@b@import java.io.InputStream;@b@import java.io.ObjectInputStream;@b@import java.io.ObjectStreamClass;@b@import java.lang.reflect.Proxy;@b@@b@public class ObjectInputStreamClassLoaderAware extends ObjectInputStream@b@{@b@  private final ClassLoader classLoader;@b@@b@  public ObjectInputStreamClassLoaderAware(InputStream in, ClassLoader classLoader)@b@    throws IOException@b@  {@b@    super(in);@b@    this.classLoader = ((classLoader != null) ? classLoader : Thread.currentThread().getContextClassLoader());@b@  }@b@@b@  protected Class<?> resolveClass(ObjectStreamClass desc) throws ClassNotFoundException@b@  {@b@    return Class.forName(BlacklistClassResolver.access$000().check(desc.getName()), false, this.classLoader);@b@  }@b@@b@  protected Class<?> resolveProxyClass(String[] interfaces) throws IOException, ClassNotFoundException@b@  {@b@    Class[] cinterfaces = new Class[interfaces.length];@b@    for (int i = 0; i < interfaces.length; ++i)@b@      cinterfaces[i] = Class.forName(interfaces[i], false, this.classLoader);@b@@b@    try@b@    {@b@      return Proxy.getProxyClass(this.classLoader, cinterfaces);@b@    } catch (IllegalArgumentException e) {@b@      throw new ClassNotFoundException(null, e);@b@    }@b@  }@b@@b@  private static class BlacklistClassResolver {@b@    private static final BlacklistClassResolver DEFAULT = new BlacklistClassResolver(toArray(System.getProperty("jcs.serialization.class.blacklist", "org.codehaus.groovy.runtime.,org.apache.commons.collections.functors.,org.apache.xalan")), toArray(System.getProperty("jcs.serialization.class.whitelist")));@b@    private final String[] blacklist;@b@    private final String[] whitelist;@b@@b@    protected BlacklistClassResolver(String[] blacklist, String[] whitelist)@b@    {@b@      this.whitelist = whitelist;@b@      this.blacklist = blacklist;@b@    }@b@@b@    protected boolean isBlacklisted(String name) {@b@      return (((this.whitelist != null) && (!(contains(this.whitelist, name)))) || (contains(this.blacklist, name)));@b@    }@b@@b@    public final String check(String name) {@b@      if (isBlacklisted(name))@b@        throw new SecurityException(name + " is not whitelisted as deserialisable, prevented before loading.");@b@@b@      return name;@b@    }@b@@b@    private static String[] toArray(String property) {@b@      return ((property == null) ? null : property.split(" *, *"));@b@    }@b@@b@    private static boolean contains(String[] list, String name) {@b@      String[] arr$;@b@      int i$;@b@      if (list != null) {@b@        arr$ = list; int len$ = arr$.length; for (i$ = 0; i$ < len$; ++i$) { String white = arr$[i$];@b@          if (name.startsWith(white))@b@            return true;@b@        }@b@      }@b@@b@      return false;@b@    }@b@  }@b@}