Class InvokerTransformer
- java.lang.Object
-
- org.apache.commons.collections.functors.InvokerTransformer
-
- All Implemented Interfaces:
java.io.Serializable
,Transformer
public class InvokerTransformer extends java.lang.Object implements Transformer, java.io.Serializable
Transformer implementation that creates a new object instance by reflection.WARNING: from v3.2.2 onwards this class will throw an
UnsupportedOperationException
when trying to serialize or de-serialize an instance to prevent potential remote code execution exploits.In order to re-enable serialization support for
InvokerTransformer
the following system property can be used (via -Dproperty=true):org.apache.commons.collections.enableUnsafeSerialization
- Since:
- Commons Collections 3.0
- Version:
- $Revision: 1713845 $ $Date: 2015-11-11 15:02:16 +0100 (Wed, 11 Nov 2015) $
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description private java.lang.Object[]
iArgs
The array of reflection argumentsprivate java.lang.String
iMethodName
The method name to callprivate java.lang.Class[]
iParamTypes
The array of reflection parameter typesprivate static long
serialVersionUID
The serial version
-
Constructor Summary
Constructors Modifier Constructor Description private
InvokerTransformer(java.lang.String methodName)
Constructor for no arg instance.InvokerTransformer(java.lang.String methodName, java.lang.Class[] paramTypes, java.lang.Object[] args)
Constructor that performs no validation.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static Transformer
getInstance(java.lang.String methodName)
Gets an instance of this transformer calling a specific method with no arguments.static Transformer
getInstance(java.lang.String methodName, java.lang.Class[] paramTypes, java.lang.Object[] args)
Gets an instance of this transformer calling a specific method with specific values.private void
readObject(java.io.ObjectInputStream is)
Overrides the default readObject implementation to prevent de-serialization (see COLLECTIONS-580).java.lang.Object
transform(java.lang.Object input)
Transforms the input to result by invoking a method on the input.private void
writeObject(java.io.ObjectOutputStream os)
Overrides the default writeObject implementation to prevent serialization (see COLLECTIONS-580).
-
-
-
Field Detail
-
serialVersionUID
private static final long serialVersionUID
The serial version- See Also:
- Constant Field Values
-
iMethodName
private final java.lang.String iMethodName
The method name to call
-
iParamTypes
private final java.lang.Class[] iParamTypes
The array of reflection parameter types
-
iArgs
private final java.lang.Object[] iArgs
The array of reflection arguments
-
-
Constructor Detail
-
InvokerTransformer
private InvokerTransformer(java.lang.String methodName)
Constructor for no arg instance.- Parameters:
methodName
- the method to call
-
InvokerTransformer
public InvokerTransformer(java.lang.String methodName, java.lang.Class[] paramTypes, java.lang.Object[] args)
Constructor that performs no validation. UsegetInstance
if you want that.- Parameters:
methodName
- the method to callparamTypes
- the constructor parameter types, not clonedargs
- the constructor arguments, not cloned
-
-
Method Detail
-
getInstance
public static Transformer getInstance(java.lang.String methodName)
Gets an instance of this transformer calling a specific method with no arguments.- Parameters:
methodName
- the method name to call- Returns:
- an invoker transformer
- Since:
- Commons Collections 3.1
-
getInstance
public static Transformer getInstance(java.lang.String methodName, java.lang.Class[] paramTypes, java.lang.Object[] args)
Gets an instance of this transformer calling a specific method with specific values.- Parameters:
methodName
- the method name to callparamTypes
- the parameter types of the methodargs
- the arguments to pass to the method- Returns:
- an invoker transformer
-
transform
public java.lang.Object transform(java.lang.Object input)
Transforms the input to result by invoking a method on the input.- Specified by:
transform
in interfaceTransformer
- Parameters:
input
- the input object to transform- Returns:
- the transformed result, null if null input
-
writeObject
private void writeObject(java.io.ObjectOutputStream os) throws java.io.IOException
Overrides the default writeObject implementation to prevent serialization (see COLLECTIONS-580).- Throws:
java.io.IOException
-
readObject
private void readObject(java.io.ObjectInputStream is) throws java.lang.ClassNotFoundException, java.io.IOException
Overrides the default readObject implementation to prevent de-serialization (see COLLECTIONS-580).- Throws:
java.lang.ClassNotFoundException
java.io.IOException
-
-