public class WhitelistObjectInputStream
extends java.io.ObjectInputStream
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
Constructor and Description |
---|
WhitelistObjectInputStream(java.io.InputStream in,
java.util.Set<java.lang.String> whitelist)
Creates a WhitelistObjectInputStream with copyMap = false and dryRunning = false.
|
WhitelistObjectInputStream(java.io.InputStream in,
java.util.Set<java.lang.String> whitelist,
boolean copySet)
Creates a WhitelistObjectInputStream with dryRunning = false.
|
WhitelistObjectInputStream(java.io.InputStream in,
java.util.Set<java.lang.String> whitelist,
boolean copySet,
boolean dryRunning) |
Modifier and Type | Method and Description |
---|---|
java.util.Set<java.lang.String> |
getUnauthorized() |
java.util.Set<java.lang.String> |
getWhitelist() |
boolean |
isDryRunning() |
protected java.lang.Class<?> |
resolveClass(java.io.ObjectStreamClass desc)
Only deserialize instances of our classes contained in whitelist.
|
java.lang.String |
toString() |
available, close, defaultReadObject, enableResolveObject, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, skipBytes
public WhitelistObjectInputStream(java.io.InputStream in, java.util.Set<java.lang.String> whitelist) throws java.io.IOException
in
- the InputStream.whitelist
- whitelist of classes that may be deserialized.java.io.IOException
- if an I/O error occurs while reading stream headerpublic WhitelistObjectInputStream(java.io.InputStream in, java.util.Set<java.lang.String> whitelist, boolean copySet) throws java.io.IOException
in
- the InputStream.whitelist
- whitelist of classes that may be deserialized.copySet
- whether or not the given whitelist should be copied defensively.java.io.IOException
- if an I/O error occurs while reading stream headerpublic WhitelistObjectInputStream(java.io.InputStream in, java.util.Set<java.lang.String> whitelist, boolean copySet, boolean dryRunning) throws java.io.IOException
in
- the InputStream.whitelist
- whitelist of classes that may be deserialized.copySet
- whether or not the given whitelist should be copied defensively.dryRunning
- if true, only warnings are logged but classes are serialized anyway.java.io.IOException
- if an I/O error occurs while reading stream headerprotected java.lang.Class<?> resolveClass(java.io.ObjectStreamClass desc) throws java.io.IOException, java.lang.ClassNotFoundException
resolveClass
in class java.io.ObjectInputStream
java.io.IOException
java.lang.ClassNotFoundException
public java.util.Set<java.lang.String> getUnauthorized()
public boolean isDryRunning()
public java.util.Set<java.lang.String> getWhitelist()
public java.lang.String toString()
toString
in class java.lang.Object