Class SerializableProvider

java.lang.Object
org.jboss.resteasy.plugins.providers.SerializableProvider
All Implemented Interfaces:
javax.ws.rs.ext.MessageBodyReader<Serializable>, javax.ws.rs.ext.MessageBodyWriter<Serializable>

@Provider @Produces("application/x-java-serialized-object") @Consumes("application/x-java-serialized-object") @Deprecated public class SerializableProvider extends Object implements javax.ws.rs.ext.MessageBodyReader<Serializable>, javax.ws.rs.ext.MessageBodyWriter<Serializable>
Deprecated.
MessageBodyReader+Writer for serialized java objects.

This Provider has been disabled by default because deserializing java objects from untrusted sources is unsafe. (See http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ or https://access.redhat.com/security/cve/cve-2015-7501). In case your application uses serialized objects and you trust your remote REST partners, then you may enable this provider:

  • Either by providing a file "META-INF/services/javax.ws.rs.ext.Providers" with the fully qualified classname in classpath (See src/main/resources/ for an example. Multiple files in different jars are additive.)
  • Or register() this Provider at ResteasyProviderFactory or at the jax-rs client.
Version:
$Revision: 1.1 $ Created Mar 23, 2012
  • Field Details

    • APPLICATION_SERIALIZABLE_TYPE

      public static final javax.ws.rs.core.MediaType APPLICATION_SERIALIZABLE_TYPE
      Deprecated.
    • APPLICATION_SERIALIZABLE

      public static final String APPLICATION_SERIALIZABLE
      Deprecated.
  • Constructor Details

    • SerializableProvider

      public SerializableProvider()
      Deprecated.
  • Method Details

    • isWriteable

      public boolean isWriteable(Class<?> type, Type genericType, Annotation[] annotations, javax.ws.rs.core.MediaType mediaType)
      Deprecated.
      Specified by:
      isWriteable in interface javax.ws.rs.ext.MessageBodyWriter<Serializable>
    • getSize

      public long getSize(Serializable t, Class<?> type, Type genericType, Annotation[] annotations, javax.ws.rs.core.MediaType mediaType)
      Deprecated.
      Specified by:
      getSize in interface javax.ws.rs.ext.MessageBodyWriter<Serializable>
    • writeTo

      public void writeTo(Serializable t, Class<?> type, Type genericType, Annotation[] annotations, javax.ws.rs.core.MediaType mediaType, javax.ws.rs.core.MultivaluedMap<String,Object> httpHeaders, OutputStream entityStream) throws IOException, javax.ws.rs.WebApplicationException
      Deprecated.
      Specified by:
      writeTo in interface javax.ws.rs.ext.MessageBodyWriter<Serializable>
      Throws:
      IOException
      javax.ws.rs.WebApplicationException
    • isReadable

      public boolean isReadable(Class<?> type, Type genericType, Annotation[] annotations, javax.ws.rs.core.MediaType mediaType)
      Deprecated.
      Specified by:
      isReadable in interface javax.ws.rs.ext.MessageBodyReader<Serializable>
    • readFrom

      public Serializable readFrom(Class<Serializable> type, Type genericType, Annotation[] annotations, javax.ws.rs.core.MediaType mediaType, javax.ws.rs.core.MultivaluedMap<String,String> httpHeaders, InputStream entityStream) throws IOException, javax.ws.rs.WebApplicationException
      Deprecated.
      Specified by:
      readFrom in interface javax.ws.rs.ext.MessageBodyReader<Serializable>
      Throws:
      IOException
      javax.ws.rs.WebApplicationException