了解信息
看官网
http://x-stream.github.io/index.html
1 简单使用
安装
pom
<!-- https://mvnrepository.com/artifact/com.thoughtworks.xstream/xstream -->
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<version>1.4.2</version>
</dependency>
建一个用户类
public class User {
String name;
int id;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
@Override
public String toString() {
return "Person{" +
"name='" + name + '\'' +
", id=" + id +
'}';
}
private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
System.out.println("readObject is run!");
}
}
还要加tostring 和 readobject
序列化
User uu = (User) new XStream().fromXML(new File("./User.xml"));
System.out.println(uu.getId());
cve
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7285
https://www.yiibai.com/xstream/xstream_first_application.html
工作过程
反序列化
User uu = (User) new XStream().fromXML(new File("./User.xml"));
com/thoughtworks/xstream/XStream.java
unmarshal 套娃
public Object fromXML(File file) {
return unmarshal(hierarchicalStreamDriver.createReader(file), null);
}
public Object unmarshal(HierarchicalStreamReader reader, Object root) {
return unmarshal(reader, root, null);
}
public Object unmarshal(HierarchicalStreamReader reader, Object root, DataHolder dataHolder) {
try {
return marshallingStrategy.unmarshal(
root, reader, dataHolder, converterLookup, mapper);
} catch (ConversionException e) {
Package pkg = getClass().getPackage();
e.add("version", pkg != null ? pkg.getImplementationVersion() : "not available");
throw e;
}
}
reader对象
此时还未处理xml文档
private static final Object NULL = new Object();
private Map values = new HashMap();
private FastStack parentStack = new FastStack(16);
public AbstractReferenceUnmarshaller(Object root, HierarchicalStreamReader reader,
ConverterLookup converterLookup, Mapper mapper) {
super(root, reader, converterLookup, mapper);
}
进入
此处开始处理xml文档
com/thoughtworks/xstream/core/AbstractTreeMarshallingStrategy.java
public Object unmarshal(Object root, HierarchicalStreamReader reader, DataHolder dataHolder, ConverterLookup converterLookup, Mapper mapper) {
TreeUnmarshaller context = createUnmarshallingContext(root, reader, converterLookup, mapper);
return context.start(dataHolder);
}
context创建
com/thoughtworks/xstream/core/ReferenceByXPathMarshallingStrategy.java
protected TreeUnmarshaller createUnmarshallingContext(Object root,
HierarchicalStreamReader reader, ConverterLookup converterLookup, Mapper mapper) {
return new ReferenceByXPathUnmarshaller(root, reader, converterLookup, mapper);
}
com/thoughtworks/xstream/core/AbstractReferenceUnmarshaller.java
com/thoughtworks/xstream/core/ReferenceByXPathUnmarshaller.java
public ReferenceByXPathUnmarshaller(Object root, HierarchicalStreamReader reader,
ConverterLookup converterLookup, Mapper mapper) {
super(root, reader, converterLookup, mapper);
this.reader = new PathTrackingReader(reader, pathTracker);
isNameEncoding = reader.underlyingReader() instanceof AbstractReader;
}
com/thoughtworks/xstream/core/ReferenceByXPathUnmarshaller.java
public ReferenceByXPathUnmarshaller(Object root, HierarchicalStreamReader reader,
ConverterLookup converterLookup, Mapper mapper) {
super(root, reader, converterLookup, mapper);
this.reader = new PathTrackingReader(reader, pathTracker);
isNameEncoding = reader.underlyingReader() instanceof AbstractReader;
}
com/thoughtworks/xstream/core/AbstractReferenceUnmarshaller.java
public AbstractReferenceUnmarshaller(Object root, HierarchicalStreamReader reader,
ConverterLookup converterLookup, Mapper mapper) {
super(root, reader, converterLookup, mapper);
}
com/thoughtworks/xstream/core/TreeUnmarshaller.java
public TreeUnmarshaller(
Object root, HierarchicalStreamReader reader, ConverterLookup converterLookup,
Mapper mapper) {
this.root = root;
this.reader = reader;
this.converterLookup = converterLookup;
this.mapper = mapper;
}
start
public Object start(DataHolder dataHolder) {
this.dataHolder = dataHolder;
//通过mapper获取对应节点的Class对象
Class type = HierarchicalStreams.readClassType(reader, mapper);
//Converter根据Class的类型转化成java对象
Object result = convertAnother(null, type);
Iterator validations = validationList.iterator();
while (validations.hasNext()) {
Runnable runnable = (Runnable)validations.next();
runnable.run();
}
return result;
}
HierarchicalStreams.readClassType方法,从序列化的数据中获取一个真实的class对象
aliasForSystemAttribute方法获取别名
public static Class readClassType(HierarchicalStreamReader reader, Mapper mapper) {
String classAttribute = readClassAttribute(reader, mapper);
Class type;
if (classAttribute == null) {
type = mapper.realClass(reader.getNodeName());
} else {
type = mapper.realClass(classAttribute);
}
return type;
}
attribut
调用aliasForSystemAttribute方法获取别名。
获取resolves-to和class判断解析的xml属性值中有没有这两字段。
这里返回为空进入
public static String readClassAttribute(HierarchicalStreamReader reader, Mapper mapper) {
String attributeName = mapper.aliasForSystemAttribute("resolves-to");
String classAttribute = attributeName == null ? null : reader.getAttribute(attributeName);
if (classAttribute == null) {
attributeName = mapper.aliasForSystemAttribute("class");
if (attributeName != null) {
classAttribute = reader.getAttribute(attributeName);
}
}
return classAttribute;
}
进入
realClass(reader.getNodeName());
获取当前节点的名称,并进行返回对应的class对象
public static Class readClassType(HierarchicalStreamReader reader, Mapper mapper) {
String classAttribute = readClassAttribute(reader, mapper);
Class type;
if (classAttribute == null) {
type = mapper.realClass(reader.getNodeName());
} else {
type = mapper.realClass(classAttribute);
}
return type;
}
public Object convertAnother(Object parent, Class type) {
return convertAnother(parent, type, null);
}
convertAnother
进入
public Object convertAnother(Object parent, Class type, Converter converter) {
type = mapper.defaultImplementationOf(type);
if (converter == null) {
//根据type找到对应的converter
converter = converterLookup.lookupConverterForType(type);
} else {
if (!converter.canConvert(type)) {
ConversionException e = new ConversionException(
"Explicit selected converter cannot handle type");
e.add("item-type", type.getName());
e.add("converter-type", converter.getClass().getName());
throw e;
}
}
return convert(parent, type, converter);
}
defaultImplementationOf
public Class defaultImplementationOf(Class type) {
return wrapped.defaultImplementationOf(type);
}
@Override
public Class defaultImplementationOf(final Class type) {
if (!locked) {
processAnnotations(type);
}
final Class defaultImplementation = super.defaultImplementationOf(type);
if (!locked) {
processAnnotations(defaultImplementation);
}
return defaultImplementation;
}
protected Object convert(Object parent, Class type, Converter converter) {
if (parentStack.size() > 0) { // handles circular references
Object parentReferenceKey = parentStack.peek();
if (parentReferenceKey != null) {
if (!values.containsKey(parentReferenceKey)) { // see AbstractCircularReferenceTest.testWeirdCircularReference()
values.put(parentReferenceKey, parent);
}
}
}
final Object result;
String attributeName = getMapper().aliasForSystemAttribute("reference");
String reference = attributeName == null ? null : reader.getAttribute(attributeName);
if (reference != null) {
Object cache = values.get(getReferenceKey(reference));
if (cache == null) {
final ConversionException ex = new ConversionException("Invalid reference");
ex.add("reference", reference);
throw ex;
}
result = cache == NULL ? null : cache;
} else {
Object currentReferenceKey = getCurrentReferenceKey();
parentStack.push(currentReferenceKey);
result = super.convert(parent, type, converter);
if (currentReferenceKey != null) {
values.put(currentReferenceKey, result == null ? NULL : result);
}
parentStack.popSilently();
}
return result;
}
convert
protected Object convert(Object parent, Class type, Converter converter) {
try {
types.push(type);
Object result = converter.unmarshal(reader, this);
types.popSilently();
return result;
} catch (ConversionException conversionException) {
addInformationTo(conversionException, type, converter, parent);
throw conversionException;
} catch (RuntimeException e) {
ConversionException conversionException = new ConversionException(e);
addInformationTo(conversionException, type, converter, parent);
throw conversionException;
}
}
使用了com/thoughtworks/xstream/converters/reflection/AbstractReflectionConverter.java
并返回一个对象
public Object unmarshal(final HierarchicalStreamReader reader, final UnmarshallingContext context) {
Object result = instantiateNewInstance(reader, context);
result = doUnmarshal(result, reader, context);
return serializationMethodInvoker.callReadResolve(result);
}
创建对象
instantiateNewInstance
protected Object instantiateNewInstance(HierarchicalStreamReader reader, UnmarshallingContext context) {
String attributeName = mapper.aliasForSystemAttribute("resolves-to");
String readResolveValue = attributeName == null ? null : reader.getAttribute(attributeName);
Object currentObject = context.currentObject();
if (currentObject != null) {
return currentObject;
} else if (readResolveValue != null) {
return reflectionProvider.newInstance(mapper.realClass(readResolveValue));
} else {
return reflectionProvider.newInstance(context.getRequiredType());
}
}
doUnmarshal
是给对象赋值
完成
