Package ratpack.session

Interface SessionSerializer

    • Method Detail

      • serialize

        @Deprecated
default <T> void serialize​(Class<T> type,
                           T value,
                           OutputStream out)
                    throws Exception
        Deprecated.
        since 1.9
        Writes the given value to the output stream as bytes.

        This method has been superseded by serialize(Class, Object, OutputStream, SessionTypeFilter) in 1.9. Implementations should not implement this method, but that instead.

        Type Parameters:
        T - the type of the object
        Parameters:
        type - the declared type of the object
        value - the value to serialize
        out - the destination for the bytes
        Throws:
        Exception - if the value could not be serialized

      • serialize

        default <T> void serialize​(Class<T> type,
                           T value,
                           OutputStream out,
                           SessionTypeFilter typeFilter)
                    throws Exception
        Writes the given value to the output stream as bytes.

        Implementations MUST take care to check that all types serialized are allowed to be as per typeFilter. This includes the type of value and the transitive types referenced by it. Implementations should use SessionTypeFilter.assertAllowed(String).

        To enable backwards compatibility, the default implementation delegates to serialize(Class, Object, OutputStream) after logging a warning about the inherent security vulnerability in not checking the suitability of types. All implementations should implement this method and not that method.

        Type Parameters:
        T - the type of the object
        Parameters:
        type - the declared type of the object
        value - the value to serialize
        out - the destination for the bytes
        typeFilter - the filter that determines whether a type is session safe and allowed to be serialized
        Throws:
        Exception - if the value could not be serialized

      • deserialize

        @Deprecated
default <T> T deserialize​(Class<T> type,
                          InputStream in)
                   throws Exception
        Deprecated.
        since 1.9
        Reads the bytes of the given input stream, creating a new object.

        This method has been superseded by serialize(Class, Object, OutputStream, SessionTypeFilter) in 1.9. Implementations should not implement this method, but that instead.

        Type Parameters:
        T - the type of the object
        Parameters:
        type - the expected type of the object
        in - the source of the bytes
        Returns:
        the object
        Throws:
        IOException - any thrown by in
        Exception - the the value could not be deserialized

      • deserialize

        default <T> T deserialize​(Class<T> type,
                          InputStream in,
                          SessionTypeFilter typeFilter)
                   throws Exception
        Reads the bytes of the given input stream, creating a new object.

        Implementations MUST take care to check that all types to be deserialized are allowed to be as per typeFilter. This includes the type of the object being deserialized and the transitive types referenced by it. Implementations should use SessionTypeFilter.assertAllowed(String).

        To enable backwards compatibility, the default implementation delegates to deserialize(Class, InputStream) after logging a warning about the inherent security vulnerability in not checking the suitability of types. All implementations should implement this method and not that method.

        Type Parameters:
        T - the type of the object
        Parameters:
        type - the expected type of the object
        in - the source of the bytes
        typeFilter - the filter that determines whether a type is session safe and allowed to be deserialized
        Returns:
        the object
        Throws:
        IOException - any thrown by in
        Exception - the the value could not be deserialized