Class InstantiateFactory
- java.lang.Object
-
- org.apache.commons.collections.functors.InstantiateFactory
-
- All Implemented Interfaces:
java.io.Serializable
,Factory
public class InstantiateFactory extends java.lang.Object implements Factory, java.io.Serializable
Factory implementation that creates a new object instance by reflection.WARNING: from v3.2.2 onwards this class will throw an
UnsupportedOperationException
when trying to serialize or de-serialize an instance to prevent potential remote code execution exploits.In order to re-enable serialization support for
InstantiateTransformer
the following system property can be used (via -Dproperty=true):org.apache.commons.collections.enableUnsafeSerialization
- Since:
- Commons Collections 3.0
- Version:
- $Revision: 1713845 $ $Date: 2015-11-11 15:02:16 +0100 (Wed, 11 Nov 2015) $
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description private java.lang.Object[]
iArgs
The constructor argumentsprivate java.lang.Class
iClassToInstantiate
The class to createprivate java.lang.reflect.Constructor
iConstructor
The constructorprivate java.lang.Class[]
iParamTypes
The constructor parameter typesprivate static long
serialVersionUID
The serial version
-
Constructor Summary
Constructors Constructor Description InstantiateFactory(java.lang.Class classToInstantiate)
Constructor that performs no validation.InstantiateFactory(java.lang.Class classToInstantiate, java.lang.Class[] paramTypes, java.lang.Object[] args)
Constructor that performs no validation.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.Object
create()
Creates an object using the stored constructor.private void
findConstructor()
Find the Constructor for the class specified.static Factory
getInstance(java.lang.Class classToInstantiate, java.lang.Class[] paramTypes, java.lang.Object[] args)
Factory method that performs validation.private void
readObject(java.io.ObjectInputStream is)
Overrides the default readObject implementation to prevent de-serialization (see COLLECTIONS-580).private void
writeObject(java.io.ObjectOutputStream os)
Overrides the default writeObject implementation to prevent serialization (see COLLECTIONS-580).
-
-
-
Field Detail
-
serialVersionUID
private static final long serialVersionUID
The serial version- See Also:
- Constant Field Values
-
iClassToInstantiate
private final java.lang.Class iClassToInstantiate
The class to create
-
iParamTypes
private final java.lang.Class[] iParamTypes
The constructor parameter types
-
iArgs
private final java.lang.Object[] iArgs
The constructor arguments
-
iConstructor
private transient java.lang.reflect.Constructor iConstructor
The constructor
-
-
Constructor Detail
-
InstantiateFactory
public InstantiateFactory(java.lang.Class classToInstantiate)
Constructor that performs no validation. UsegetInstance
if you want that.- Parameters:
classToInstantiate
- the class to instantiate
-
InstantiateFactory
public InstantiateFactory(java.lang.Class classToInstantiate, java.lang.Class[] paramTypes, java.lang.Object[] args)
Constructor that performs no validation. UsegetInstance
if you want that.- Parameters:
classToInstantiate
- the class to instantiateparamTypes
- the constructor parameter types, not clonedargs
- the constructor arguments, not cloned
-
-
Method Detail
-
getInstance
public static Factory getInstance(java.lang.Class classToInstantiate, java.lang.Class[] paramTypes, java.lang.Object[] args)
Factory method that performs validation.- Parameters:
classToInstantiate
- the class to instantiate, not nullparamTypes
- the constructor parameter typesargs
- the constructor arguments- Returns:
- a new instantiate factory
-
findConstructor
private void findConstructor()
Find the Constructor for the class specified.
-
create
public java.lang.Object create()
Creates an object using the stored constructor.
-
writeObject
private void writeObject(java.io.ObjectOutputStream os) throws java.io.IOException
Overrides the default writeObject implementation to prevent serialization (see COLLECTIONS-580).- Throws:
java.io.IOException
-
readObject
private void readObject(java.io.ObjectInputStream is) throws java.lang.ClassNotFoundException, java.io.IOException
Overrides the default readObject implementation to prevent de-serialization (see COLLECTIONS-580).- Throws:
java.lang.ClassNotFoundException
java.io.IOException
-
-