Package org.apache.logging.log4j.util
Class FilteredObjectInputStream
- java.lang.Object
-
- java.io.InputStream
-
- java.io.ObjectInputStream
-
- org.apache.logging.log4j.util.FilteredObjectInputStream
-
- All Implemented Interfaces:
java.io.Closeable
,java.io.DataInput
,java.io.ObjectInput
,java.io.ObjectStreamConstants
,java.lang.AutoCloseable
public class FilteredObjectInputStream extends java.io.ObjectInputStream
Extended ObjectInputStream that only allows certain classes to be deserialized.- Since:
- 2.8.2
-
-
Field Summary
Fields Modifier and Type Field Description private java.util.Collection<java.lang.String>
allowedClasses
private static java.util.List<java.lang.String>
REQUIRED_JAVA_CLASSES
private static java.util.List<java.lang.String>
REQUIRED_JAVA_PACKAGES
-
Fields inherited from interface java.io.ObjectStreamConstants
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
-
-
Constructor Summary
Constructors Constructor Description FilteredObjectInputStream()
FilteredObjectInputStream(java.io.InputStream in)
FilteredObjectInputStream(java.io.InputStream in, java.util.Collection<java.lang.String> allowedClasses)
FilteredObjectInputStream(java.util.Collection<java.lang.String> allowedClasses)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description java.util.Collection<java.lang.String>
getAllowedClasses()
private static boolean
isAllowedByDefault(java.lang.String name)
private static boolean
isRequiredPackage(java.lang.String name)
protected java.lang.Class<?>
resolveClass(java.io.ObjectStreamClass desc)
-
Methods inherited from class java.io.ObjectInputStream
available, close, defaultReadObject, enableResolveObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, setObjectInputFilter, skipBytes
-
Methods inherited from class java.io.InputStream
mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, transferTo
-
-
-
-
Constructor Detail
-
FilteredObjectInputStream
public FilteredObjectInputStream() throws java.io.IOException, java.lang.SecurityException
- Throws:
java.io.IOException
java.lang.SecurityException
-
FilteredObjectInputStream
public FilteredObjectInputStream(java.io.InputStream in) throws java.io.IOException
- Throws:
java.io.IOException
-
FilteredObjectInputStream
public FilteredObjectInputStream(java.util.Collection<java.lang.String> allowedClasses) throws java.io.IOException, java.lang.SecurityException
- Throws:
java.io.IOException
java.lang.SecurityException
-
FilteredObjectInputStream
public FilteredObjectInputStream(java.io.InputStream in, java.util.Collection<java.lang.String> allowedClasses) throws java.io.IOException
- Throws:
java.io.IOException
-
-
Method Detail
-
getAllowedClasses
public java.util.Collection<java.lang.String> getAllowedClasses()
-
resolveClass
protected java.lang.Class<?> resolveClass(java.io.ObjectStreamClass desc) throws java.io.IOException, java.lang.ClassNotFoundException
- Overrides:
resolveClass
in classjava.io.ObjectInputStream
- Throws:
java.io.IOException
java.lang.ClassNotFoundException
-
isAllowedByDefault
private static boolean isAllowedByDefault(java.lang.String name)
-
isRequiredPackage
private static boolean isRequiredPackage(java.lang.String name)
-
-