Class ValidatingObjectInputStream
java.lang.Object
java.io.InputStream
java.io.ObjectInputStream
com.streamwide.smartms.lib.template.serialization.ValidatingObjectInputStream
- All Implemented Interfaces:
Closeable,DataInput,ObjectInput,ObjectStreamConstants,AutoCloseable
An
ObjectInputStream that's restricted to deserialize
a limited set of classes.
Various accept/reject methods allow for specifying which classes can be deserialized.
-
Nested Class Summary
Nested classes/interfaces inherited from class java.io.ObjectInputStream
ObjectInputStream.GetField -
Field Summary
Fields inherited from interface java.io.ObjectStreamConstants
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING -
Constructor Summary
ConstructorsConstructorDescriptionConstructs an object to deserialize the specified input stream. -
Method Summary
Modifier and TypeMethodDescriptionAccept class names where the supplied ClassNameMatcher matches for deserialization, unless they are otherwise rejected.Accept the specified classes for deserialization, unless they are otherwise rejected.Accept the wildcard specified classes for deserialization, unless they are otherwise rejected.Accept class names that match the supplied pattern for deserialization, unless they are otherwise rejected.protected voidinvalidClassNameFound(String className) Called to throwInvalidClassExceptionif an invalid class name is found during deserialization.Reject class names where the supplied ClassNameMatcher matches for deserialization, even if they are otherwise accepted.Reject the specified classes for deserialization, even if they are otherwise accepted.Reject the wildcard specified classes for deserialization, even if they are otherwise accepted.Reject class names that match the supplied pattern for deserialization, even if they are otherwise accepted.protected Class<?>validator(ValidatorClassNameMatcher validatorClassNameMatcher) Methods inherited from class java.io.ObjectInputStream
available, close, defaultReadObject, enableResolveObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, setObjectInputFilter, skipBytesMethods inherited from class java.io.InputStream
mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, skipNBytes, transferToMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface java.io.ObjectInput
read, skip
-
Constructor Details
-
ValidatingObjectInputStream
Constructs an object to deserialize the specified input stream. At least one accept method needs to be called to specify which classes can be deserialized, as by default no classes are accepted.- Parameters:
input- an input stream- Throws:
IOException- if an I/O error occurs while reading stream header
-
-
Method Details
-
invalidClassNameFound
Called to throwInvalidClassExceptionif an invalid class name is found during deserialization. Can be overridden, for example to log those class names.- Parameters:
className- name of the invalid class- Throws:
InvalidClassException- if the specified class is not allowed
-
resolveClass
@NonNull protected Class<?> resolveClass(@NonNull ObjectStreamClass osc) throws IOException, ClassNotFoundException - Overrides:
resolveClassin classObjectInputStream- Throws:
IOExceptionClassNotFoundException
-
accept
Accept the specified classes for deserialization, unless they are otherwise rejected.- Parameters:
classes- Classes to accept- Returns:
- this object
-
reject
Reject the specified classes for deserialization, even if they are otherwise accepted.- Parameters:
classes- Classes to reject- Returns:
- this object
-
accept
Accept the wildcard specified classes for deserialization, unless they are otherwise rejected.- Parameters:
patterns- Wildcard file name patterns as defined byFilenameUtils.wildcardMatch- Returns:
- this object
-
reject
Reject the wildcard specified classes for deserialization, even if they are otherwise accepted.- Parameters:
patterns- Wildcard file name patterns as defined byFilenameUtils.wildcardMatch- Returns:
- this object
-
accept
Accept class names that match the supplied pattern for deserialization, unless they are otherwise rejected.- Parameters:
pattern- standard Java regexp- Returns:
- this object
-
reject
Reject class names that match the supplied pattern for deserialization, even if they are otherwise accepted.- Parameters:
pattern- standard Java regexp- Returns:
- this object
-
accept
Accept class names where the supplied ClassNameMatcher matches for deserialization, unless they are otherwise rejected.- Parameters:
m- the matcher to use- Returns:
- this object
-
reject
Reject class names where the supplied ClassNameMatcher matches for deserialization, even if they are otherwise accepted.- Parameters:
m- the matcher to use- Returns:
- this object
-
validator
@NonNull public ValidatingObjectInputStream validator(@NonNull ValidatorClassNameMatcher validatorClassNameMatcher)
-