Package org.apache.commons.collections.functors

Class InstantiateFactory

  • All Implemented Interfaces:
    java.io.Serializable, Factory
    public class InstantiateFactory
extends java.lang.Object
implements Factory, java.io.Serializable
    Factory implementation that creates a new object instance by reflection.

    WARNING: from v3.2.2 onwards this class will throw an UnsupportedOperationException when trying to serialize or de-serialize an instance to prevent potential remote code execution exploits.

    In order to re-enable serialization support for InstantiateTransformer the following system property can be used (via -Dproperty=true): 

     org.apache.commons.collections.enableUnsafeSerialization
    Since:
    Commons Collections 3.0
    Version:
    $Revision: 1713845 $ $Date: 2015-11-11 15:02:16 +0100 (Wed, 11 Nov 2015) $
    See Also:
    Serialized Form

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private java.lang.Object[] iArgs
      The constructor arguments
      private java.lang.Class iClassToInstantiate
      The class to create
      private java.lang.reflect.Constructor iConstructor
      The constructor
      private java.lang.Class[] iParamTypes
      The constructor parameter types
      private static long serialVersionUID
      The serial version

    • Constructor Summary

      Constructors 
      Constructor Description
      InstantiateFactory​(java.lang.Class classToInstantiate)
      Constructor that performs no validation.
      InstantiateFactory​(java.lang.Class classToInstantiate, java.lang.Class[] paramTypes, java.lang.Object[] args)
      Constructor that performs no validation.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.Object create()
      Creates an object using the stored constructor.
      private void findConstructor()
      Find the Constructor for the class specified.
      static Factory getInstance​(java.lang.Class classToInstantiate, java.lang.Class[] paramTypes, java.lang.Object[] args)
      Factory method that performs validation.
      private void readObject​(java.io.ObjectInputStream is)
      Overrides the default readObject implementation to prevent de-serialization (see COLLECTIONS-580).
      private void writeObject​(java.io.ObjectOutputStream os)
      Overrides the default writeObject implementation to prevent serialization (see COLLECTIONS-580).

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • serialVersionUID

        private static final long serialVersionUID
        The serial version
        See Also:
        Constant Field Values

      • iClassToInstantiate

        private final java.lang.Class iClassToInstantiate
        The class to create

      • iParamTypes

        private final java.lang.Class[] iParamTypes
        The constructor parameter types

      • iArgs

        private final java.lang.Object[] iArgs
        The constructor arguments

      • iConstructor

        private transient java.lang.reflect.Constructor iConstructor
        The constructor

    • Constructor Detail

      • InstantiateFactory

        public InstantiateFactory​(java.lang.Class classToInstantiate)
        Constructor that performs no validation. Use getInstance if you want that.
        Parameters:
        classToInstantiate - the class to instantiate

      • InstantiateFactory

        public InstantiateFactory​(java.lang.Class classToInstantiate,
                          java.lang.Class[] paramTypes,
                          java.lang.Object[] args)
        Constructor that performs no validation. Use getInstance if you want that.
        Parameters:
        classToInstantiate - the class to instantiate
        paramTypes - the constructor parameter types, not cloned
        args - the constructor arguments, not cloned

    • Method Detail

      • getInstance

        public static Factory getInstance​(java.lang.Class classToInstantiate,
                                  java.lang.Class[] paramTypes,
                                  java.lang.Object[] args)
        Factory method that performs validation.
        Parameters:
        classToInstantiate - the class to instantiate, not null
        paramTypes - the constructor parameter types
        args - the constructor arguments
        Returns:
        a new instantiate factory

      • findConstructor

        private void findConstructor()
        Find the Constructor for the class specified.

      • create

        public java.lang.Object create()
        Creates an object using the stored constructor.
        Specified by:
        create in interface Factory
        Returns:
        the new object

      • writeObject

        private void writeObject​(java.io.ObjectOutputStream os)
                  throws java.io.IOException
        Overrides the default writeObject implementation to prevent serialization (see COLLECTIONS-580).
        Throws:
        java.io.IOException

      • readObject

        private void readObject​(java.io.ObjectInputStream is)
                 throws java.lang.ClassNotFoundException,
                        java.io.IOException
        Overrides the default readObject implementation to prevent de-serialization (see COLLECTIONS-580).
        Throws:
        java.lang.ClassNotFoundException
        java.io.IOException