Package com.cedarsoftware.util
Class Traverser
java.lang.Object
com.cedarsoftware.util.Traverser
A Java Object Graph traverser that visits all object reference fields and invokes a
provided callback for each encountered object, including the root. It properly
detects cycles within the graph to prevent infinite loops. For each visited node,
complete field information including metadata is provided.
Security Configuration
Traverser provides configurable security controls to prevent resource exhaustion and stack overflow attacks from malicious or deeply nested object graphs. All security features are disabled by default for backward compatibility.
Security controls can be enabled via system properties:
traverser.security.enabled=false— Master switch for all security featurestraverser.max.stack.depth=0— Maximum stack depth (0 = disabled)traverser.max.objects.visited=0— Maximum objects visited (0 = disabled)traverser.max.collection.size=0— Maximum collection size to process (0 = disabled)traverser.max.array.length=0— Maximum array length to process (0 = disabled)
Security Features
- Stack Depth Limiting: Prevents stack overflow from deeply nested object graphs
- Object Count Limiting: Prevents memory exhaustion from large object graphs
- Collection Size Limiting: Limits processing of oversized collections and maps
- Array Length Limiting: Limits processing of oversized arrays
Usage Example
// Enable security with custom limits
System.setProperty("traverser.security.enabled", "true");
System.setProperty("traverser.max.stack.depth", "1000");
System.setProperty("traverser.max.objects.visited", "50000");
// These will now enforce security controls
Traverser.traverse(root, classesToSkip, visit -> {
// Process visit - will throw SecurityException if limits exceeded
});
Usage Examples:
Using the Modern API (Recommended):
// Define classes to skip (optional)
Set<Class<?>> classesToSkip = new HashSet<>();
classesToSkip.add(String.class);
// Traverse with full node information
Traverser.traverse(root, classesToSkip, visit -> {
LOG.info("Node: " + visit.getNode());
visit.getFields().forEach((field, value) -> {
LOG.info(" Field: " + field.getName() +
" (type: " + field.getType().getSimpleName() + ") = " + value);
// Access field metadata if needed
if (field.isAnnotationPresent(JsonProperty.class)) {
JsonProperty ann = field.getAnnotation(JsonProperty.class);
LOG.info(" JSON property: " + ann.value());
}
});
});
Using the Legacy API (Deprecated):
// Define a visitor that processes each object
Traverser.Visitor visitor = new Traverser.Visitor() {
@Override
public void process(Object o) {
LOG.info("Visited: " + o);
}
};
// Create an object graph and traverse it
SomeClass root = new SomeClass();
Traverser.traverse(root, visitor);
Thread Safety: This class is not thread-safe. If multiple threads access
a Traverser instance concurrently, external synchronization is required.
- Author:
- John DeRegnaucourt ([email protected])
Copyright (c) Cedar Software LLC
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
License
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classRepresents a node visit during traversal, containing the node and its field information.static interfaceDeprecated. -
Method Summary
Modifier and TypeMethodDescriptionstatic voidtraverse(Object root, Traverser.Visitor visitor) Deprecated.Usetraverse(Object, Set, Consumer)instead.static voidtraverse(Object root, Class<?>[] skip, Traverser.Visitor visitor) Deprecated.Usetraverse(Object, Set, Consumer)instead.static voidTraverses the object graph with complete node visiting capabilities.static voidtraverse(Object root, Consumer<Traverser.NodeVisit> visitor, Set<Class<?>> classesToSkip, boolean collectFields)
-
Method Details
-
traverse
public static void traverse(Object root, Consumer<Traverser.NodeVisit> visitor, Set<Class<?>> classesToSkip) Traverses the object graph with complete node visiting capabilities.- Parameters:
root- the root object to start traversalclassesToSkip- classes to skip during traversal (can be null)visitor- visitor that receives detailed node information
-
traverse
public static void traverse(Object root, Consumer<Traverser.NodeVisit> visitor, Set<Class<?>> classesToSkip, boolean collectFields) -
traverse
Deprecated.Usetraverse(Object, Set, Consumer)instead. -
traverse
Deprecated.Usetraverse(Object, Set, Consumer)instead.
-
traverse(Object, Set, Consumer)instead.