mybatis / ehcache-cache / 578

Committed 28 Feb 2026 09:16PM UTC coverage: 72.581% (-4.2%) from 76.812%

Build # 578

Build Type

Pull #277

github

Committed by

web-flow

Commit Message

Merge 010e27e4d into 086111212

Pull Request Pull Request #277: Migrate to Ehcache 3 with hash-flooding DoS protection

Run Details

34 of 38 branches covered (89.47%)

64 of 82 new or added lines in 4 files covered. (78.05%)

90 of 124 relevant lines covered (72.58%)

0.73 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/main/java/org/mybatis/caches/ehcache/ObjectSerializer.java

/*
 *    Copyright 2010-2026 the original author or authors.
 *
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *
 *       https://www.apache.org/licenses/LICENSE-2.0
 *
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
 */
package org.mybatis.caches.ehcache;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.nio.ByteBuffer;

import org.ehcache.spi.serialization.Serializer;
import org.ehcache.spi.serialization.SerializerException;

/**
 * Ehcache 3 {@link Serializer} that uses standard Java serialization. This serializer is required when off-heap or
 * disk-based storage tiers are used, since those tiers cannot store object references directly.
 * <p>
 * Note: heap-only caches do not need serialization; this class is provided for configurations that add off-heap or disk
 * tiers.
 * </p>
 */
public class ObjectSerializer implements Serializer<Object> {

  /**
   * Constructor required by Ehcache 3's serializer contract.
   *
   * @param loader
   *          the class loader to use when deserialising objects
   */
  public ObjectSerializer(ClassLoader loader) {
    // class loader is not used; standard ObjectInputStream resolves classes through the context class loader
  }

  @Override
  public ByteBuffer serialize(Object object) throws SerializerException {
    try (ByteArrayOutputStream baos = new ByteArrayOutputStream();
        ObjectOutputStream oos = new ObjectOutputStream(baos)) {
      oos.writeObject(object);
      oos.flush();
      return ByteBuffer.wrap(baos.toByteArray());
    } catch (IOException e) {
      throw new SerializerException("Failed to serialize object", e);
    }
  }

  @Override
  public Object read(ByteBuffer binary) throws ClassNotFoundException, SerializerException {
    byte[] bytes = new byte[binary.remaining()];
    binary.get(bytes);
    try (ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(bytes))) {
      return ois.readObject();
    } catch (IOException e) {
      throw new SerializerException("Failed to deserialize object", e);
    }
  }

  @Override
  public boolean equals(Object object, ByteBuffer binary) throws ClassNotFoundException, SerializerException {
    return object.equals(read(binary));
  }

}

1	/*
2	* Copyright 2010-2026 the original author or authors.
3	*
4	* Licensed under the Apache License, Version 2.0 (the "License");
5	* you may not use this file except in compliance with the License.
6	* You may obtain a copy of the License at
7	*
8	* https://www.apache.org/licenses/LICENSE-2.0
9	*
10	* Unless required by applicable law or agreed to in writing, software
11	* distributed under the License is distributed on an "AS IS" BASIS,
12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	* See the License for the specific language governing permissions and
14	* limitations under the License.
15	*/
16	package org.mybatis.caches.ehcache;
17
18	import java.io.ByteArrayInputStream;
19	import java.io.ByteArrayOutputStream;
20	import java.io.IOException;
21	import java.io.ObjectInputStream;
22	import java.io.ObjectOutputStream;
23	import java.nio.ByteBuffer;
24
25	import org.ehcache.spi.serialization.Serializer;
26	import org.ehcache.spi.serialization.SerializerException;
27
28	/**
29	* Ehcache 3 {@link Serializer} that uses standard Java serialization. This serializer is required when off-heap or
30	* disk-based storage tiers are used, since those tiers cannot store object references directly.
31	* <p>
32	* Note: heap-only caches do not need serialization; this class is provided for configurations that add off-heap or disk
33	* tiers.
34	* </p>
35	*/
36	public class ObjectSerializer implements Serializer<Object> {
37
38	/**
39	* Constructor required by Ehcache 3's serializer contract.
40	*
41	* @param loader
42	* the class loader to use when deserialising objects
43	*/
NEW 44	public ObjectSerializer(ClassLoader loader) {	×
45	// class loader is not used; standard ObjectInputStream resolves classes through the context class loader
NEW 46	}	×
47
48	@Override
49	public ByteBuffer serialize(Object object) throws SerializerException {
NEW 50	try (ByteArrayOutputStream baos = new ByteArrayOutputStream();	×
NEW 51	ObjectOutputStream oos = new ObjectOutputStream(baos)) {	×
NEW 52	oos.writeObject(object);	×
NEW 53	oos.flush();	×
NEW 54	return ByteBuffer.wrap(baos.toByteArray());	×
NEW 55	} catch (IOException e) {	×
NEW 56	throw new SerializerException("Failed to serialize object", e);	×
57	}
58	}
59
60	@Override
61	public Object read(ByteBuffer binary) throws ClassNotFoundException, SerializerException {
NEW 62	byte[] bytes = new byte[binary.remaining()];	×
NEW 63	binary.get(bytes);	×
NEW 64	try (ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(bytes))) {	×
NEW 65	return ois.readObject();	×
NEW 66	} catch (IOException e) {	×
NEW 67	throw new SerializerException("Failed to deserialize object", e);	×
68	}
69	}
70
71	@Override
72	public boolean equals(Object object, ByteBuffer binary) throws ClassNotFoundException, SerializerException {
NEW 73	return object.equals(read(binary));	×
74	}
75
76	}

mybatis / ehcache-cache / 578

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous