Skip to content
Permalink
Browse files
- Moved the initialization of the ClassDeserializationValidator into …
…the SerializationContext (so it is always initialized).

- Adjusted the rest to correctly work with these changes.
  • Loading branch information
chrisdutz committed Feb 24, 2017
1 parent c4ffd05 commit 11b0aa132d9a43bf81fa12654ff227ff247b4627
Showing 12 changed files with 626 additions and 964 deletions.
@@ -186,6 +186,9 @@ public MessageBroker(boolean enableManagement, String mbid, ClassLoader loader)
factories = new HashMap<String, FlexFactory>();
registeredEndpoints = new HashMap<String, String>();

// Initialize the default validator.
deserializationValidator = new ClassDeserializationValidator();

// Add the built-in java factory
addFactory("java", new JavaFactory());

@@ -44,11 +44,11 @@
*/
public class FlexConfigurationManager implements ConfigurationManager
{
static final String DEFAULT_CONFIG_PATH = "/WEB-INF/flex/services-config.xml";
private static final String DEFAULT_CONFIG_PATH = "/WEB-INF/flex/services-config.xml";

protected String configurationPath = null;
protected ConfigurationFileResolver configurationResolver = null;
protected ConfigurationParser parser = null;
private String configurationPath = null;
private ConfigurationFileResolver configurationResolver = null;
private ConfigurationParser parser = null;

public MessagingConfiguration getMessagingConfiguration(ServletConfig servletConfig)
{
@@ -88,10 +88,10 @@ public void reportTokens()
parser.reportTokens();
}

protected ConfigurationParser getConfigurationParser(ServletConfig servletConfig)
private ConfigurationParser getConfigurationParser(ServletConfig servletConfig)
{
ConfigurationParser parser = null;
Class parserClass = null;
Class parserClass;
String className = null;

// Check for Custom Parser Specification
@@ -175,7 +175,7 @@ protected ConfigurationParser getConfigurationParser(ServletConfig servletConfig
*
* @param servletConfig configuration
*/
protected void setupConfigurationPathAndResolver(ServletConfig servletConfig)
private void setupConfigurationPathAndResolver(ServletConfig servletConfig)
{
if (servletConfig != null)
{
@@ -229,7 +229,7 @@ protected void setupConfigurationPathAndResolver(ServletConfig servletConfig)

}

protected void verifyMinimumJavaVersion() throws ConfigurationException
private void verifyMinimumJavaVersion() throws ConfigurationException
{
try
{
@@ -262,7 +262,7 @@ else if (second == 4)
}
else if (third == 2)
{
if ((vendor != null) && (vendor.indexOf("Sun") != -1))
if ((vendor != null) && vendor.contains("Sun"))
{
// test at least 1.4.2_06 on Sun
int fourth = Integer.parseInt(split[3]);
@@ -284,7 +284,7 @@ else if (third == 2)
{
ConfigurationException cx = new ConfigurationException();

if ((vendor != null) && (vendor.indexOf("Sun") != -1))
if ((vendor != null) && vendor.contains("Sun"))
{
// The minimum required Java version was not found. Please install JDK 1.4.2_06 or above. Current version is XX.
cx.setMessage(10139, new Object[] { System.getProperty("java.version")});
@@ -591,14 +591,6 @@ private void createValidators(MessageBroker broker)
// Only set the DeserializationValidator types for now.
if (validator instanceof DeserializationValidator)
{
// there can only be one deserialization validator, throw an error if there is more than one.
DeserializationValidator existingValidator = broker.getDeserializationValidator();
if (existingValidator != null)
{
ConfigurationException cx = new ConfigurationException();
cx.setMessage(11400, new Object[]{existingValidator.getClass().getCanonicalName(), className});
throw cx;
}
DeserializationValidator deserializationValidator = (DeserializationValidator)validator;
deserializationValidator.initialize(null, settings.getProperties());
broker.setDeserializationValidator(deserializationValidator);
@@ -1867,8 +1867,6 @@ private void validators(Node root)
{
Node validatorsNode = selectSingleNode(root, VALIDATORS_ELEMENT);
if (validatorsNode == null) {
// Default to the ClassDeserializationValidator
defaultValidator();
return;
}

@@ -1882,21 +1880,9 @@ private void validators(Node root)
Node validator = validators.item(i);
validator(validator);
}
} else {
// Default to the ClassDeserializationValidator
defaultValidator();
}
}

/**
* Initialize a efault validator that protects BlazeDS against the most obvious attacks.
*/
private void defaultValidator() {
ValidatorSettings validatorSettings = new ValidatorSettings();
validatorSettings.setClassName(ClassDeserializationValidator.class.getName());
((MessagingConfiguration)config).addValidatorSettings(validatorSettings);
}

private void validator(Node validator)
{
// Validation
@@ -26,8 +26,7 @@
* A simple context to get settings from an endpoint to a deserializer
* or serializer.
*/
public class SerializationContext implements Serializable, Cloneable
{
public class SerializationContext implements Serializable, Cloneable {
static final long serialVersionUID = -3020985035377116475L;

// Endpoint serialization configuration flags
@@ -54,7 +53,7 @@ public class SerializationContext implements Serializable, Cloneable
* Provides a way to control whether small messages should be sent even
* if the client can support them. If set to false, small messages
* will not be sent.
*
* <p>
* The default is true.
*/
public boolean enableSmallMessages = true;
@@ -63,10 +62,10 @@ public class SerializationContext implements Serializable, Cloneable
* Determines whether type information will be used to instantiate a new instance.
* If set to false, types will be deserialized as flex.messaging.io.ASObject instances
* with type information retained but not used to create an instance.
*
* <p>
* Note that types in the flex.* package (and any subpackage) will always be
* instantiated.
*
* <p>
* The default is true.
*/
public boolean instantiateTypes = true;
@@ -76,7 +75,7 @@ public class SerializationContext implements Serializable, Cloneable

// How deep level of nest object in the object graph that we support
public int maxObjectNestLevel = 512;

// How deep level of nest collection objects in the object graph that we support
// Similarly like how many dimensional matrix that we support for serialization.
public int maxCollectionNestLevel = 15;
@@ -99,17 +98,17 @@ public class SerializationContext implements Serializable, Cloneable
/**
* The default constructor.
*/
public SerializationContext()
{
public SerializationContext() {
// Initialize the default validator.
deserializationValidator = new ClassDeserializationValidator();
}

/**
* Returns the deserializer class.
*
* @return The deserializer class.
*/
public Class getDeserializerClass()
{
public Class getDeserializerClass() {
return deserializer;
}

@@ -118,8 +117,7 @@ public Class getDeserializerClass()
*
* @param c The deserializer class.
*/
public void setDeserializerClass(Class c)
{
public void setDeserializerClass(Class c) {
deserializer = c;
}

@@ -128,8 +126,7 @@ public void setDeserializerClass(Class c)
*
* @return The serializer class.
*/
public Class getSerializerClass()
{
public Class getSerializerClass() {
return serializer;
}

@@ -138,8 +135,7 @@ public Class getSerializerClass()
*
* @param c The serializer class.
*/
public void setSerializerClass(Class c)
{
public void setSerializerClass(Class c) {
serializer = c;
}

@@ -148,42 +144,35 @@ public void setSerializerClass(Class c)
*
* @return A new message deserializer instance.
*/
public MessageDeserializer newMessageDeserializer()
{
public MessageDeserializer newMessageDeserializer() {
Class deserializerClass = getDeserializerClass();
if (deserializerClass == null)
{
if (deserializerClass == null) {
deserializerClass = ClassUtil.createClass("flex.messaging.io.amf.AmfMessageDeserializer");
this.setDeserializerClass(deserializerClass);
}
MessageDeserializer deserializer = (MessageDeserializer)ClassUtil.createDefaultInstance(deserializerClass, MessageDeserializer.class);
return deserializer;
return (MessageDeserializer) ClassUtil.createDefaultInstance(deserializerClass, MessageDeserializer.class);
}

/**
* Instantiates a new message serializer.
*
* @return A new message serializer instance.
*/
public MessageSerializer newMessageSerializer()
{
public MessageSerializer newMessageSerializer() {
Class serializerClass = getSerializerClass();
if (serializerClass == null)
{
if (serializerClass == null) {
serializerClass = ClassUtil.createClass("flex.messaging.io.amf.AmfMessageSerializer");
this.setSerializerClass(serializerClass);
}
MessageSerializer serializer = (MessageSerializer)ClassUtil.createDefaultInstance(serializerClass, MessageSerializer.class);
return serializer;
return (MessageSerializer) ClassUtil.createDefaultInstance(serializerClass, MessageSerializer.class);
}

/**
* Returns the deserialization validator.
*
* @return The deserialization validator.
*/
public DeserializationValidator getDeserializationValidator()
{
public DeserializationValidator getDeserializationValidator() {
return deserializationValidator;
}

@@ -192,20 +181,15 @@ public DeserializationValidator getDeserializationValidator()
*
* @param deserializationValidator The deserialization validator.
*/
public void setDeserializationValidator(DeserializationValidator deserializationValidator)
{
public void setDeserializationValidator(DeserializationValidator deserializationValidator) {
this.deserializationValidator = deserializationValidator;
}

@Override
public Object clone()
{
try
{
public Object clone() {
try {
return super.clone();
}
catch (CloneNotSupportedException e)
{
} catch (CloneNotSupportedException e) {
// this should never happen since this class extends object
// but just in case revert to manual clone
SerializationContext context = new SerializationContext();
@@ -244,57 +228,52 @@ public Object clone()
/**
* Establishes a SerializationContext for the current thread.
* Users are not expected to call this function.
*
* @param context The current SerializationContext.
*/
public static void setSerializationContext(SerializationContext context)
{
if (context == null)
public static void setSerializationContext(SerializationContext context) {
if (context == null) {
contexts.remove();
else
} else {
contexts.set(context);
}
}

/**
* @return The current thread's SerializationContext.
*/
public static SerializationContext getSerializationContext()
{
public static SerializationContext getSerializationContext() {
SerializationContext sc = contexts.get();
if (sc == null)
{
if (sc == null) {
sc = new SerializationContext();
SerializationContext.setSerializationContext(sc);
}
return sc;
}

/**
* Clears out the thread local state after the request completes.
*/
public static void clearThreadLocalObjects()
{
if (contexts != null)
{
public static void clearThreadLocalObjects() {
if (contexts != null) {
contexts.remove();
}
}

/**
*
* Create thread local storage.
*/
public static void createThreadLocalObjects()
{
if (contexts == null)
contexts = new ThreadLocal();
public static void createThreadLocalObjects() {
if (contexts == null) {
contexts = new ThreadLocal<SerializationContext>();
}
}

/**
*
* Destroy thread local storage.
* Call ONLY on shutdown.
*/
public static void releaseThreadLocalObjects()
{
public static void releaseThreadLocalObjects() {
clearThreadLocalObjects();

contexts = null;

0 comments on commit 11b0aa1

Please sign in to comment.