Class InstantiateTransformer

  • All Implemented Interfaces:
    java.io.Serializable, Transformer

    public class InstantiateTransformer
    extends java.lang.Object
    implements Transformer, java.io.Serializable
    Transformer implementation that creates a new object instance by reflection.

    WARNING: from v3.2.2 onwards this class will throw an UnsupportedOperationException when trying to serialize or de-serialize an instance to prevent potential remote code execution exploits.

    In order to re-enable serialization support for InstantiateTransformer the following system property can be used (via -Dproperty=true):

     org.apache.commons.collections.enableUnsafeSerialization
     
    Since:
    Commons Collections 3.0
    Version:
    $Revision: 1713845 $ $Date: 2015-11-11 15:02:16 +0100 (Wed, 11 Nov 2015) $
    See Also:
    Serialized Form
    • Field Summary

      Fields 
      Modifier and Type Field Description
      private java.lang.Object[] iArgs
      The constructor arguments
      private java.lang.Class[] iParamTypes
      The constructor parameter types
      static Transformer NO_ARG_INSTANCE
      Singleton instance that uses the no arg constructor
      private static long serialVersionUID
      The serial version
    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      private InstantiateTransformer()
      Constructor for no arg instance.
        InstantiateTransformer​(java.lang.Class[] paramTypes, java.lang.Object[] args)
      Constructor that performs no validation.
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static Transformer getInstance​(java.lang.Class[] paramTypes, java.lang.Object[] args)
      Transformer method that performs validation.
      private void readObject​(java.io.ObjectInputStream is)
      Overrides the default readObject implementation to prevent de-serialization (see COLLECTIONS-580).
      java.lang.Object transform​(java.lang.Object input)
      Transforms the input Class object to a result by instantiation.
      private void writeObject​(java.io.ObjectOutputStream os)
      Overrides the default writeObject implementation to prevent serialization (see COLLECTIONS-580).
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • serialVersionUID

        private static final long serialVersionUID
        The serial version
        See Also:
        Constant Field Values
      • NO_ARG_INSTANCE

        public static final Transformer NO_ARG_INSTANCE
        Singleton instance that uses the no arg constructor
      • iParamTypes

        private final java.lang.Class[] iParamTypes
        The constructor parameter types
      • iArgs

        private final java.lang.Object[] iArgs
        The constructor arguments
    • Constructor Detail

      • InstantiateTransformer

        private InstantiateTransformer()
        Constructor for no arg instance.
      • InstantiateTransformer

        public InstantiateTransformer​(java.lang.Class[] paramTypes,
                                      java.lang.Object[] args)
        Constructor that performs no validation. Use getInstance if you want that.
        Parameters:
        paramTypes - the constructor parameter types, not cloned
        args - the constructor arguments, not cloned
    • Method Detail

      • getInstance

        public static Transformer getInstance​(java.lang.Class[] paramTypes,
                                              java.lang.Object[] args)
        Transformer method that performs validation.
        Parameters:
        paramTypes - the constructor parameter types
        args - the constructor arguments
        Returns:
        an instantiate transformer
      • transform

        public java.lang.Object transform​(java.lang.Object input)
        Transforms the input Class object to a result by instantiation.
        Specified by:
        transform in interface Transformer
        Parameters:
        input - the input object to transform
        Returns:
        the transformed result
      • writeObject

        private void writeObject​(java.io.ObjectOutputStream os)
                          throws java.io.IOException
        Overrides the default writeObject implementation to prevent serialization (see COLLECTIONS-580).
        Throws:
        java.io.IOException
      • readObject

        private void readObject​(java.io.ObjectInputStream is)
                         throws java.lang.ClassNotFoundException,
                                java.io.IOException
        Overrides the default readObject implementation to prevent de-serialization (see COLLECTIONS-580).
        Throws:
        java.lang.ClassNotFoundException
        java.io.IOException