Representation based on a serializable Java object.
It supports binary representations of JavaBeans using the
ObjectInputStream and
ObjectOutputStream classes. In this
case, it handles representations having the following media type:
MediaType#APPLICATION_JAVA_OBJECT("application/x-java-serialized-object"). It also supports textual
representations of JavaBeans using the
java.beans.XMLEncoder and
java.beans.XMLDecoder classes. In this case, it handles
representations having the following media type:
MediaType#APPLICATION_JAVA_OBJECT_XML("application/x-java-serialized-object+xml").
SECURITY WARNING: The usage of
java.beans.XMLDecoder when
deserializing XML presentations from untrusted sources can lead to malicious
attacks. As pointed
here, the
java.beans.XMLDecoder is able to force the JVM to
execute unwanted Java code described inside the XML file. Thus, the support
of such format has been disabled by default. You can activate this support by
turning on the following system property:
org.restlet.representation.ObjectRepresentation.VARIANT_OBJECT_XML_SUPPORTED.
SECURITY WARNING: The usage of
ObjectInputStream when deserializing
binary presentations from untrusted sources can lead to malicious attacks. As
pointed
here, the
ObjectInputStream is able to force the JVM to execute
unwanted Java code. Thus, the support of such format has been disabled by
default. You can activate this support by turning on the following system
property: "org.restlet.representation.ObjectRepresentation
.VARIANT_OBJECT_BINARY_SUPPORTED".