public class ValidatingObjectInputStream
extends java.io.ObjectInputStream
ObjectInputStream
that's restricted to deserialize
a limited set of classes.
Various accept/reject methods allow for specifying which classes can be deserialized.
Design inspired by IBM DeveloperWorks Article.
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
Constructor and Description |
---|
ValidatingObjectInputStream(java.io.InputStream input)
Constructs an object to deserialize the specified input stream.
|
Modifier and Type | Method and Description |
---|---|
ValidatingObjectInputStream |
accept(java.lang.Class<?>... classes)
Accept the specified classes for deserialization, unless they
are otherwise rejected.
|
ValidatingObjectInputStream |
accept(ClassNameMatcher m)
Accept class names where the supplied ClassNameMatcher matches for
deserialization, unless they are otherwise rejected.
|
ValidatingObjectInputStream |
accept(java.util.regex.Pattern pattern)
Accept class names that match the supplied pattern for
deserialization, unless they are otherwise rejected.
|
ValidatingObjectInputStream |
accept(java.lang.String... patterns)
Accept the wildcard specified classes for deserialization,
unless they are otherwise rejected.
|
ValidatingObjectInputStream |
reject(java.lang.Class<?>... classes)
Reject the specified classes for deserialization, even if they
are otherwise accepted.
|
ValidatingObjectInputStream |
reject(ClassNameMatcher m)
Reject class names where the supplied ClassNameMatcher matches for
deserialization, even if they are otherwise accepted.
|
ValidatingObjectInputStream |
reject(java.util.regex.Pattern pattern)
Reject class names that match the supplied pattern for
deserialization, even if they are otherwise accepted.
|
ValidatingObjectInputStream |
reject(java.lang.String... patterns)
Reject the wildcard specified classes for deserialization,
even if they are otherwise accepted.
|
available, close, defaultReadObject, read, read, readBoolean, readByte, readChar, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readShort, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, skipBytes
public ValidatingObjectInputStream(java.io.InputStream input) throws java.io.IOException
input
- an input streamjava.io.IOException
- if an I/O error occurs while reading stream headerpublic ValidatingObjectInputStream accept(java.lang.Class<?>... classes)
classes
- Classes to acceptpublic ValidatingObjectInputStream reject(java.lang.Class<?>... classes)
classes
- Classes to rejectpublic ValidatingObjectInputStream accept(java.lang.String... patterns)
patterns
- Wildcard filename patterns as defined by
FilenameUtils.wildcardMatch
public ValidatingObjectInputStream reject(java.lang.String... patterns)
patterns
- Wildcard filename patterns as defined by
FilenameUtils.wildcardMatch
public ValidatingObjectInputStream accept(java.util.regex.Pattern pattern)
pattern
- standard Java regexppublic ValidatingObjectInputStream reject(java.util.regex.Pattern pattern)
pattern
- standard Java regexppublic ValidatingObjectInputStream accept(ClassNameMatcher m)
m
- the matcher to usepublic ValidatingObjectInputStream reject(ClassNameMatcher m)
m
- the matcher to use"Copyright © 2010 - 2020 Adobe Systems Incorporated. All Rights Reserved"