Package ratpack.session.serialization.kryo

Class KryoSessionSerializer

    • Constructor Detail

      • KryoSessionSerializer

        public KryoSessionSerializer()

    • Method Detail

      • configureKryo

        protected void configureKryo​(com.esotericsoftware.kryo.kryo5.Kryo kryo)
        A hook for potential subclasses to configure Kryo instances used.

        Internally, kryo instances are pooled and reused. This method may be called any time, as new instances are needed. All instances should be configured identically.

        Parameters:
        kryo - the instance to configure

      • serialize

        public <T> void serialize​(Class<T> type,
                          T value,
                          OutputStream out,
                          SessionTypeFilter typeFilter)
                   throws Exception
        Description copied from interface: SessionSerializer
        Writes the given value to the output stream as bytes.

        Implementations MUST take care to check that all types serialized are allowed to be as per typeFilter. This includes the type of value and the transitive types referenced by it. Implementations should use SessionTypeFilter.assertAllowed(String).

        To enable backwards compatibility, the default implementation delegates to SessionSerializer.serialize(Class, Object, OutputStream) after logging a warning about the inherent security vulnerability in not checking the suitability of types. All implementations should implement this method and not that method.

        Specified by:
        serialize in interface SessionSerializer
        Type Parameters:
        T - the type of the object
        Parameters:
        type - the declared type of the object
        value - the value to serialize
        out - the destination for the bytes
        typeFilter - the filter that determines whether a type is session safe and allowed to be serialized
        Throws:
        Exception - if the value could not be serialized

      • deserialize

        public <T> T deserialize​(Class<T> type,
                         InputStream in,
                         SessionTypeFilter typeFilter)
                  throws Exception
        Description copied from interface: SessionSerializer
        Reads the bytes of the given input stream, creating a new object.

        Implementations MUST take care to check that all types to be deserialized are allowed to be as per typeFilter. This includes the type of the object being deserialized and the transitive types referenced by it. Implementations should use SessionTypeFilter.assertAllowed(String).

        To enable backwards compatibility, the default implementation delegates to SessionSerializer.deserialize(Class, InputStream) after logging a warning about the inherent security vulnerability in not checking the suitability of types. All implementations should implement this method and not that method.

        Specified by:
        deserialize in interface SessionSerializer
        Type Parameters:
        T - the type of the object
        Parameters:
        type - the expected type of the object
        in - the source of the bytes
        typeFilter - the filter that determines whether a type is session safe and allowed to be deserialized
        Returns:
        the object
        Throws:
        IOException - any thrown by in
        Exception - the the value could not be deserialized