Class CompatibleObjectEncoder

  • All Implemented Interfaces:
    ChannelHandler, ChannelOutboundHandler

    @Deprecated
    public class CompatibleObjectEncoder
    extends MessageToByteEncoder<java.io.Serializable>
    Deprecated.
    This class has been deprecated with no replacement, because serialization can be a security liability
    An encoder which serializes a Java object into a ByteBuf (interoperability version).

    This encoder is interoperable with the standard Java object streams such as ObjectInputStream and ObjectOutputStream.

    Security: serialization can be a security liability, and should not be used without defining a list of classes that are allowed to be desirialized. Such a list can be specified with the jdk.serialFilter system property, for instance. See the serialization filtering article for more information.

    • Constructor Detail

      • CompatibleObjectEncoder

        public CompatibleObjectEncoder()
        Deprecated.
        Creates a new instance with the reset interval of 16.
      • CompatibleObjectEncoder

        public CompatibleObjectEncoder​(int resetInterval)
        Deprecated.
        Creates a new instance.
        Parameters:
        resetInterval - the number of objects between ObjectOutputStream.reset(). 0 will disable resetting the stream, but the remote peer will be at the risk of getting OutOfMemoryError in the long term.
    • Method Detail

      • newObjectOutputStream

        protected java.io.ObjectOutputStream newObjectOutputStream​(java.io.OutputStream out)
                                                            throws java.lang.Exception
        Deprecated.
        Creates a new ObjectOutputStream which wraps the specified OutputStream. Override this method to use a subclass of the ObjectOutputStream.
        Throws:
        java.lang.Exception