Package org.apache.shiro.io

Class XmlSerializer

  • All Implemented Interfaces:
    Serializer
    public class XmlSerializer
extends Object
implements Serializer
    Deprecated.
    This class should not be used directly because of unsecure XMLEncoder/XMLDecoder usage.
    Serializer implementation that uses the JavaBeans XMLEncoder and XMLDecoder to serialize and deserialize, respectively.

    NOTE: The JavaBeans XMLEncoder/XMLDecoder only successfully encode/decode objects when they are JavaBeans compatible!

    Since:
    0.9

    • Constructor Detail

      • XmlSerializer

        public XmlSerializer()
        Deprecated.

    • Method Detail

      • serialize

        public byte[] serialize​(Object source)
        Deprecated.
        Serializes the specified source into a byte[] array by using the XMLEncoder to encode the object out to a ByteArrayOutputStream, where the resulting byte[] array is returned.
        Specified by:
        serialize in interface Serializer
        Parameters:
        source - the Object to convert into a byte[] array.
        Returns:
        the byte[] array representation of the XML encoded output.

      • deserialize

        public Object deserialize​(byte[] serialized)
        Deprecated.
        Deserializes the specified serialized source back into an Object by using a ByteArrayInputStream to wrap the argument and then decode this stream via an XMLDecoder, where the readObject call results in the original Object to return.
        Specified by:
        deserialize in interface Serializer
        Parameters:
        serialized - the byte[] array representation of the XML encoded output.
        Returns:
        the original source Object in reconstituted form.