Author: adrianc
Date: Thu Nov 19 19:41:46 2015
New Revision: 1715249
URL: http://svn.apache.org/viewvc?rev=1715249&view=rev
Log:
JavaDocs and code formatting. No functional change.
Added:
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/package.html
Modified:
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/ClassNameMatcher.java
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/FullClassNameMatcher.java
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/RegexpClassNameMatcher.java
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/ValidatingObjectInputStream.java
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/WildcardClassNameMatcher.java
Modified:
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/ClassNameMatcher.java
URL:
http://svn.apache.org/viewvc/commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/ClassNameMatcher.java?rev=1715249&r1=1715248&r2=1715249&view=diff
==============================================================================
---
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/ClassNameMatcher.java
(original)
+++
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/ClassNameMatcher.java
Thu Nov 19 19:41:46 2015
@@ -18,12 +18,16 @@
*/
package org.apache.commons.io.serialization;
-/** Match a Class name */
+/**
+ * An object that matches a Class name to a condition.
+ */
public interface ClassNameMatcher {
- /** True if the supplied class names matches.
+ /**
+ * Returns <code>true</code> if the supplied class name matches this
object's condition.
+ *
* @param className fully qualified class name
- * @return true if the class name matches this object's condition
+ * @return <code>true</code> if the class name matches this object's
condition
*/
boolean matches(String className);
}
\ No newline at end of file
Modified:
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/FullClassNameMatcher.java
URL:
http://svn.apache.org/viewvc/commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/FullClassNameMatcher.java?rev=1715249&r1=1715248&r2=1715249&view=diff
==============================================================================
---
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/FullClassNameMatcher.java
(original)
+++
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/FullClassNameMatcher.java
Thu Nov 19 19:41:46 2015
@@ -23,7 +23,12 @@ import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
-/** {@link ClassNameMatcher} that matches on full class names */
+/**
+ * A {@link ClassNameMatcher} that matches on full class names.
+ * <p>
+ * This object is immutable and thread-safe.
+ * </p>
+ */
final class FullClassNameMatcher implements ClassNameMatcher {
private final Set<String> classesSet;
Modified:
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/RegexpClassNameMatcher.java
URL:
http://svn.apache.org/viewvc/commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/RegexpClassNameMatcher.java?rev=1715249&r1=1715248&r2=1715249&view=diff
==============================================================================
---
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/RegexpClassNameMatcher.java
(original)
+++
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/RegexpClassNameMatcher.java
Thu Nov 19 19:41:46 2015
@@ -20,7 +20,12 @@ package org.apache.commons.io.serializat
import java.util.regex.Pattern;
-/** {@link ClassNameMatcher} that uses regular expressions */
+/**
+ * A {@link ClassNameMatcher} that uses regular expressions.
+ * <p>
+ * This object is immutable and thread-safe.
+ * </p>
+ */
final class RegexpClassNameMatcher implements ClassNameMatcher {
private final Pattern pattern; // Class is thread-safe
@@ -38,9 +43,10 @@ final class RegexpClassNameMatcher imple
* Constructs an object based on the specified pattern.
*
* @param pattern a pattern for evaluating acceptable class names
+ * @throws IllegalArgumentException if <code>pattern</code> is null
*/
public RegexpClassNameMatcher(Pattern pattern) {
- if(pattern == null) {
+ if (pattern == null) {
throw new IllegalArgumentException("Null pattern");
}
this.pattern = pattern;
Modified:
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/ValidatingObjectInputStream.java
URL:
http://svn.apache.org/viewvc/commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/ValidatingObjectInputStream.java?rev=1715249&r1=1715248&r2=1715249&view=diff
==============================================================================
---
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/ValidatingObjectInputStream.java
(original)
+++
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/ValidatingObjectInputStream.java
Thu Nov 19 19:41:46 2015
@@ -28,10 +28,8 @@ import java.util.List;
import java.util.regex.Pattern;
/**
- * <p>
* An <code>ObjectInputStream</code> that's restricted to deserialize
* a limited set of classes.
- * </p>
*
* <p>
* Various accept/reject methods allow for specifying which classes
@@ -55,7 +53,6 @@ public class ValidatingObjectInputStream
* accepted.
*
* @param input an input stream
- * @param acceptor a class acceptor
* @throws IOException if an I/O error occurs while reading stream header
*/
public ValidatingObjectInputStream(InputStream input) throws IOException {
@@ -64,35 +61,33 @@ public class ValidatingObjectInputStream
private void validateClassName(String name) throws InvalidClassException {
// Reject has precedence over accept
- for(ClassNameMatcher m : rejectMatchers) {
- if(m.matches(name)) {
+ for (ClassNameMatcher m : rejectMatchers) {
+ if (m.matches(name)) {
invalidClassNameFound(name);
}
}
-
+
boolean ok = false;
- for(ClassNameMatcher m : acceptMatchers) {
- if(m.matches(name)) {
+ for (ClassNameMatcher m : acceptMatchers) {
+ if (m.matches(name)) {
ok = true;
break;
}
}
- if(!ok) {
+ if (!ok) {
invalidClassNameFound(name);
}
}
-
- /** Called to throw InvalidClassException (by default) if an invalid
- * class name is found in deserialization. Can be overridden, for example
- * to log those class names.
- * By default the name of the invalid class is not included in the
- * exception thrown, as that might give too much information from a
- * security point of view.
+
+ /**
+ * Called to throw <code>InvalidClassException</code> if an invalid
+ * class name is found during deserialization. Can be overridden, for
example
+ * to log those class names.
*
* @param className name of the invalid class
- * @throws InvalidClassException
+ * @throws InvalidClassException if the specified class is not allowed
*/
- protected void invalidClassNameFound(String className) throws
InvalidClassException{
+ protected void invalidClassNameFound(String className) throws
InvalidClassException {
throw new InvalidClassException("Class name not accepted: " +
className);
}
@@ -102,58 +97,68 @@ public class ValidatingObjectInputStream
return super.resolveClass(osc);
}
- /** Accept the specified classes for deserialization, unless they
- * are otherwise rejected.
+ /**
+ * Accept the specified classes for deserialization, unless they
+ * are otherwise rejected.
+ *
* @param classes Classes to accept
* @return this object
*/
public ValidatingObjectInputStream accept(Class<?>... classes) {
- for(Class<?> c : classes) {
+ for (Class<?> c : classes) {
acceptMatchers.add(new FullClassNameMatcher(c.getName()));
}
- return this;
+ return this;
}
- /** Reject the specified classes for deserialization, even if they
- * are otherwise accepted.
+ /**
+ * Reject the specified classes for deserialization, even if they
+ * are otherwise accepted.
+ *
* @param classes Classes to reject
* @return this object
*/
public ValidatingObjectInputStream reject(Class<?>... classes) {
- for(Class<?> c : classes) {
+ for (Class<?> c : classes) {
rejectMatchers.add(new FullClassNameMatcher(c.getName()));
}
return this;
}
- /** Accept the wildcard specified classes for deserialization,
- * unless they are otherwise rejected.
+ /**
+ * Accept the wildcard specified classes for deserialization,
+ * unless they are otherwise rejected.
+ *
* @param patterns Wildcard filename patterns as defined by
- * {@link FilenameUtils.wildcardMatch}
+ * {@link
org.apache.commons.io.FilenameUtils#wildcardMatch(String, String)
FilenameUtils.wildcardMatch}
* @return this object
*/
- public ValidatingObjectInputStream accept(String ... patterns) {
- for(String pattern : patterns) {
+ public ValidatingObjectInputStream accept(String... patterns) {
+ for (String pattern : patterns) {
acceptMatchers.add(new WildcardClassNameMatcher(pattern));
}
return this;
}
- /** Reject the wildcard specified classes for deserialization,
- * even if they are otherwise accepted.
+ /**
+ * Reject the wildcard specified classes for deserialization,
+ * even if they are otherwise accepted.
+ *
* @param patterns Wildcard filename patterns as defined by
- * {@link FilenameUtils.wildcardMatch}
+ * {@link
org.apache.commons.io.FilenameUtils#wildcardMatch(String, String)
FilenameUtils.wildcardMatch}
* @return this object
*/
- public ValidatingObjectInputStream reject(String ... patterns) {
- for(String pattern : patterns) {
+ public ValidatingObjectInputStream reject(String... patterns) {
+ for (String pattern : patterns) {
rejectMatchers.add(new WildcardClassNameMatcher(pattern));
}
return this;
}
- /** Accept class names that match the supplied pattern for
- * deserialization, unless they are otherwise rejected.
+ /**
+ * Accept class names that match the supplied pattern for
+ * deserialization, unless they are otherwise rejected.
+ *
* @param pattern standard Java regexp
* @return this object
*/
@@ -162,8 +167,10 @@ public class ValidatingObjectInputStream
return this;
}
- /** Reject class names that match the supplied pattern for
- * deserialization, even if they are otherwise accepted.
+ /**
+ * Reject class names that match the supplied pattern for
+ * deserialization, even if they are otherwise accepted.
+ *
* @param pattern standard Java regexp
* @return this object
*/
@@ -172,8 +179,10 @@ public class ValidatingObjectInputStream
return this;
}
- /** Accept class names where the supplied ClassNameMatcher matches for
- * deserialization, unless they are otherwise rejected.
+ /**
+ * Accept class names where the supplied ClassNameMatcher matches for
+ * deserialization, unless they are otherwise rejected.
+ *
* @param m the matcher to use
* @return this object
*/
@@ -182,8 +191,10 @@ public class ValidatingObjectInputStream
return this;
}
- /** Reject class names where the supplied ClassNameMatcher matches for
- * deserialization, even if they are otherwise accepted.
+ /**
+ * Reject class names where the supplied ClassNameMatcher matches for
+ * deserialization, even if they are otherwise accepted.
+ *
* @param m the matcher to use
* @return this object
*/
Modified:
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/WildcardClassNameMatcher.java
URL:
http://svn.apache.org/viewvc/commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/WildcardClassNameMatcher.java?rev=1715249&r1=1715248&r2=1715249&view=diff
==============================================================================
---
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/WildcardClassNameMatcher.java
(original)
+++
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/WildcardClassNameMatcher.java
Thu Nov 19 19:41:46 2015
@@ -20,15 +20,21 @@ package org.apache.commons.io.serializat
import org.apache.commons.io.FilenameUtils;
-/** {@link ClassNameMatcher} that uses simplified regular expressions
- * provided by {@link FilenameUtils#wildcardMatch} */
+/**
+ * A {@link ClassNameMatcher} that uses simplified regular expressions
+ * provided by {@link
org.apache.commons.io.FilenameUtils#wildcardMatch(String, String)
FilenameUtils.wildcardMatch}
+ * <p>
+ * This object is immutable and thread-safe.
+ * </p>
+ */
final class WildcardClassNameMatcher implements ClassNameMatcher {
private final String pattern;
/**
* Constructs an object based on the specified simplified regular
expression.
- * @param regex a {@link FilenameUtils#wildcardMatch} pattern.
+ *
+ * @param pattern a {@link FilenameUtils#wildcardMatch} pattern.
*/
public WildcardClassNameMatcher(String pattern) {
this.pattern = pattern;
Added:
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/package.html
URL:
http://svn.apache.org/viewvc/commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/package.html?rev=1715249&view=auto
==============================================================================
---
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/package.html
(added)
+++
commons/proper/io/trunk/src/main/java/org/apache/commons/io/serialization/package.html
Thu Nov 19 19:41:46 2015
@@ -0,0 +1,24 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<html>
+<body>
+<p>
+This package provides a framework for controlling the deserialization of
classes.
+</p>
+</body>
+</html>
