org.apache.river.api.io

Annotation Type AtomicSerial

@Retention(value=RUNTIME)
 @Target(value=TYPE)
public @interface AtomicSerial

Traditional java de-serialization cannot be used over untrusted connections for the following reasons:

The serial stream can be manipulated to allow the attacker to instantiate any Serializable object available on the CLASSPATH or any object that has a default constructor, such as ClassLoader.

Failure to validate invariants during construction, or as a result of an exception, objects can remain in an invalid state after construction. During traditional de-serialization, an objects state is written after it's creation, thus an attacker can steal a reference to the object without any invariant check protection, by manipulating the stream.

In addition many java objects, including ObjectInputStream itself, read integer length values from the stream and instantiate arrays without checking the size first, so an attacker can easily cause an Error that brings down the JVM.

A requirement of implementing this interface is to implement a constructor that accepts a single GetArg parameter. This constructor may be public or have default visibility, even in this case, the constructor must be treated as a public constructor.

public AtomicSerialImpl(GetArg arg) throws InvalidObjectException{
super(check(arg)); // If super also implements @AtomicSerial
// Set fields here
}
In addition, before calling a superclass constructor, the class must also implement a static invariant check method, for example:

static GetArg check(GetArg) throws InvalidObjectException;

Atomic stands for atomic failure, if invariants cannot be satisfied an instance cannot be created and hence a reference cannot be stolen.

The serial form of AtomicSerial is backward compatible with Serializable classes that do not define a writeObject method. It is also compatible with Serializable classes that define a writeObject method that calls defaultWriteObject. AtomicSerial provides backward compatibility with Serializable classes that implement writeObject and write other Objects or primitives to the stream when AtomicSerial.ReadObject and AtomicSerial.ReadInput are implemented by the class.

Author:

peter

See Also:

AtomicSerial.ReadObject, AtomicSerial.ReadInput, AtomicSerial.GetArg