Merge pull request eugenp#11335 from amitiw4u/BAEL-5146-Validate-Seri…

…alization

Serialization Validation commit

core-java-modules/core-java/pom.xml

@@ -61,6 +61,11 @@
             <artifactId>moneta</artifactId>
             <version>${javamoney.moneta.version}</version>
         </dependency>
+        <dependency>
+		    <groupId>org.springframework</groupId>
+		    <artifactId>spring-core</artifactId>
+		    <version>${spring.core.version}</version>
+        </dependency>
     </dependencies>
 
     <build>
@@ -187,6 +192,7 @@
         <maven-javadoc-plugin.version>3.0.0-M1</maven-javadoc-plugin.version>
         <source.version>1.8</source.version>
         <target.version>1.8</target.version>
+        <spring.core.version>4.3.20.RELEASE</spring.core.version>
     </properties>
 
 </project>

core-java-modules/core-java/src/main/java/com/baeldung/util/MySerializationUtils.java

@@ -0,0 +1,44 @@
+package com.baeldung.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
+
+public class MySerializationUtils {
+
+    public static <T extends Serializable> byte[] serialize(T obj) throws IOException {
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        ObjectOutputStream oos = new ObjectOutputStream(baos);
+        oos.writeObject(obj);
+        oos.close();
+        return baos.toByteArray();
+    }
+
+    public static <T extends Serializable> T deserialize(byte[] b, Class<T> cl) throws IOException, ClassNotFoundException {
+        ByteArrayInputStream bais = new ByteArrayInputStream(b);
+        ObjectInputStream ois = new ObjectInputStream(bais);
+        Object o = ois.readObject();
+        return cl.cast(o);
+    }
+
+    public static boolean isSerializable(Class<?> it) {
+        boolean serializable = it.isPrimitive() || it.isInterface() || Serializable.class.isAssignableFrom(it);
+        if (!serializable) {
+            return serializable;
+        }
+        Field[] declaredFields = it.getDeclaredFields();
+        for (Field field : declaredFields) {
+            if (Modifier.isVolatile(field.getModifiers()) || Modifier.isTransient(field.getModifiers()) || Modifier.isStatic(field.getModifiers())) {
+                continue;
+            }
+            Class<?> fieldType = field.getType();
+            return isSerializable(fieldType);
+        }
+        return serializable;
+    }
+}

core-java-modules/core-java/src/test/java/com/baeldung/serialization/SerializationUnitTest.java

@@ -0,0 +1,111 @@
+package com.baeldung.serialization;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.NotSerializableException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+
+import org.apache.commons.lang3.SerializationUtils;
+import org.junit.Test;
+
+import com.baeldung.util.MySerializationUtils;
+
+public class SerializationUnitTest {
+
+    @Test(expected = NotSerializableException.class)
+    public void whenSerializing_ThenThrowsError() throws IOException {
+        Address address = new Address();
+        address.setHouseNumber(10);
+        FileOutputStream fileOutputStream = new FileOutputStream("yofile.txt");
+        try (ObjectOutputStream objectOutputStream = new ObjectOutputStream(fileOutputStream)) {
+            objectOutputStream.writeObject(address);
+        }
+    }
+
+    @Test
+    public void whenSerializingAndDeserializing_ThenObjectIsTheSame() throws IOException, ClassNotFoundException {
+        Person p = new Person();
+        p.setAge(20);
+        p.setName("Joe");
+
+        FileOutputStream fileOutputStream = new FileOutputStream("yofile.txt");
+        try (ObjectOutputStream objectOutputStream = new ObjectOutputStream(fileOutputStream)) {
+            objectOutputStream.writeObject(p);
+        }
+
+        FileInputStream fileInputStream = new FileInputStream("yofile.txt");
+        try (ObjectInputStream objectInputStream = new ObjectInputStream(fileInputStream)) {
+            Person p2 = (Person) objectInputStream.readObject();
+            assertEquals(p2.getAge(), p.getAge());
+            assertEquals(p2.getName(), p.getName());
+        }
+    }
+
+    @Test(expected = ClassCastException.class)
+    public void whenSerializingUsingApacheCommons_ThenThrowsError() {
+        Address address = new Address();
+        address.setHouseNumber(10);
+        SerializationUtils.serialize((Serializable) address);
+    }
+
+    @Test
+    public void whenSerializingAndDeserializingUsingApacheCommons_ThenObjectIsTheSame() {
+        Person p = new Person();
+        p.setAge(20);
+        p.setName("Joe");
+        byte[] serialize = SerializationUtils.serialize(p);
+        Person p2 = (Person) SerializationUtils.deserialize(serialize);
+        assertEquals(p2.getAge(), p.getAge());
+        assertEquals(p2.getName(), p.getName());
+    }
+
+    @Test(expected = ClassCastException.class)
+    public void whenSerializingUsingSpringSerializationUtils_ThenThrowsError() {
+        Address address = new Address();
+        address.setHouseNumber(10);
+        org.springframework.util.SerializationUtils.serialize((Serializable) address);
+    }
+
+    @Test
+    public void whenSerializingAndDeserializingUsingSpringSerializationUtils_ThenObjectIsTheSame() {
+        Person p = new Person();
+        p.setAge(20);
+        p.setName("Joe");
+        byte[] serialize = org.springframework.util.SerializationUtils.serialize(p);
+        Person p2 = (Person) org.springframework.util.SerializationUtils.deserialize(serialize);
+        assertEquals(p2.getAge(), p.getAge());
+        assertEquals(p2.getName(), p.getName());
+    }
+
+    @Test(expected = ClassCastException.class)
+    public void whenSerializingUsingCustomSerializationUtils_ThenThrowsError() throws IOException {
+        Address address = new Address();
+        address.setHouseNumber(10);
+        MySerializationUtils.serialize((Serializable) address);
+    }
+
+    @Test
+    public void whenSerializingAndDeserializingUsingCustomSerializationUtils_ThenObjectIsTheSame() throws IOException, ClassNotFoundException {
+        Person p = new Person();
+        p.setAge(20);
+        p.setName("Joe");
+        byte[] serialize = MySerializationUtils.serialize(p);
+        Person p2 = MySerializationUtils.deserialize(serialize, Person.class);
+        assertEquals(p2.getAge(), p.getAge());
+        assertEquals(p2.getName(), p.getName());
+    }
+
+    @Test
+    public void whenSerializingUsingCustomSerializationUtils_ThanOk() {
+        assertFalse(MySerializationUtils.isSerializable(Address.class));
+        assertTrue(MySerializationUtils.isSerializable(Person.class));
+        assertTrue(MySerializationUtils.isSerializable(Integer.class));
+    }
+}