Package org.apache.logging.log4j.util
Class FilteredObjectInputStream
- java.lang.Object
-
- java.io.InputStream
-
- java.io.ObjectInputStream
-
- org.apache.logging.log4j.util.FilteredObjectInputStream
-
- All Implemented Interfaces:
java.io.Closeable,java.io.DataInput,java.io.ObjectInput,java.io.ObjectStreamConstants,java.lang.AutoCloseable
public class FilteredObjectInputStream extends java.io.ObjectInputStreamExtended ObjectInputStream that only allows certain classes to be deserialized.- Since:
- 2.8.2
-
-
Field Summary
Fields Modifier and Type Field Description private java.util.Collection<java.lang.String>allowedClassesprivate static java.util.List<java.lang.String>REQUIRED_JAVA_CLASSESprivate static java.util.List<java.lang.String>REQUIRED_JAVA_PACKAGES-
Fields inherited from interface java.io.ObjectStreamConstants
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
-
-
Constructor Summary
Constructors Constructor Description FilteredObjectInputStream()FilteredObjectInputStream(java.io.InputStream in)FilteredObjectInputStream(java.io.InputStream in, java.util.Collection<java.lang.String> allowedClasses)FilteredObjectInputStream(java.util.Collection<java.lang.String> allowedClasses)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description java.util.Collection<java.lang.String>getAllowedClasses()private static booleanisAllowedByDefault(java.lang.String name)private static booleanisRequiredPackage(java.lang.String name)protected java.lang.Class<?>resolveClass(java.io.ObjectStreamClass desc)-
Methods inherited from class java.io.ObjectInputStream
available, close, defaultReadObject, enableResolveObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, setObjectInputFilter, skipBytes
-
Methods inherited from class java.io.InputStream
mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, transferTo
-
-
-
-
Constructor Detail
-
FilteredObjectInputStream
public FilteredObjectInputStream() throws java.io.IOException, java.lang.SecurityException- Throws:
java.io.IOExceptionjava.lang.SecurityException
-
FilteredObjectInputStream
public FilteredObjectInputStream(java.io.InputStream in) throws java.io.IOException- Throws:
java.io.IOException
-
FilteredObjectInputStream
public FilteredObjectInputStream(java.util.Collection<java.lang.String> allowedClasses) throws java.io.IOException, java.lang.SecurityException- Throws:
java.io.IOExceptionjava.lang.SecurityException
-
FilteredObjectInputStream
public FilteredObjectInputStream(java.io.InputStream in, java.util.Collection<java.lang.String> allowedClasses) throws java.io.IOException- Throws:
java.io.IOException
-
-
Method Detail
-
getAllowedClasses
public java.util.Collection<java.lang.String> getAllowedClasses()
-
resolveClass
protected java.lang.Class<?> resolveClass(java.io.ObjectStreamClass desc) throws java.io.IOException, java.lang.ClassNotFoundException- Overrides:
resolveClassin classjava.io.ObjectInputStream- Throws:
java.io.IOExceptionjava.lang.ClassNotFoundException
-
isAllowedByDefault
private static boolean isAllowedByDefault(java.lang.String name)
-
isRequiredPackage
private static boolean isRequiredPackage(java.lang.String name)
-
-