Package org.springframework.util
Class SerializationUtils
java.lang.Object
org.springframework.util.SerializationUtils
Static utilities for serialization and deserialization using
Java Object Serialization.
WARNING: These utilities should be used with caution. See Secure Coding Guidelines for the Java Programming Language for details.
- Since:
- 3.0.5
- Author:
- Dave Syer, Loïc Ledoyen, Sam Brannen
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic <T extends Serializable>
Tclone(T object) Clone the given object using Java Object Serialization.static Objectdeserialize(byte[] bytes) Deprecated.This utility uses Java Object Serialization, which allows arbitrary code to be run and is known for being the source of many Remote Code Execution (RCE) vulnerabilities.static byte[]Serialize the given object to a byte array.
-
Constructor Details
-
SerializationUtils
public SerializationUtils()
-
-
Method Details
-
serialize
Serialize the given object to a byte array.- Parameters:
object- the object to serialize- Returns:
- an array of bytes representing the object in a portable fashion
-
deserialize
Deprecated.This utility uses Java Object Serialization, which allows arbitrary code to be run and is known for being the source of many Remote Code Execution (RCE) vulnerabilities.Prefer the use of an external tool (that serializes to JSON, XML, or any other format) which is regularly checked and updated for not allowing RCE.
Deserialize the byte array into an object.- Parameters:
bytes- a serialized object- Returns:
- the result of deserializing the bytes
-
clone
Clone the given object using Java Object Serialization.- Type Parameters:
T- the type of the object to clone- Parameters:
object- the object to clone- Returns:
- a clone (deep-copy) of the given object
- Since:
- 6.0
-