Package org.apache.logging.log4j.util

Class FilteredObjectInputStream

java.lang.Object

java.io.InputStream

java.io.ObjectInputStream

org.apache.logging.log4j.util.FilteredObjectInputStream

All Implemented Interfaces:

Closeable, DataInput, ObjectInput, ObjectStreamConstants, AutoCloseable

public class FilteredObjectInputStream
extends ObjectInputStream

Extends ObjectInputStream to only allow some built-in Log4j classes and caller-specified classes to be deserialized.

Since:

2.8.2

Nested Class Summary

Nested classes/interfaces inherited from class java.io.ObjectInputStream

ObjectInputStream.GetField

Field Summary

Fields inherited from interface java.io.ObjectStreamConstants

baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING

Constructor Summary

Constructors

Constructor	Description
FilteredObjectInputStream()
FilteredObjectInputStream(InputStream inputStream)
FilteredObjectInputStream(InputStream inputStream, Collection<String> allowedExtraClasses)
FilteredObjectInputStream(Collection<String> allowedExtraClasses)

Method Summary

Modifier and Type	Method	Description
Collection<String>	getAllowedClasses()
protected Class<?>	resolveClass(ObjectStreamClass desc)

Methods inherited from class java.io.ObjectInputStream

available, close, defaultReadObject, enableResolveObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, setObjectInputFilter, skipBytes

Methods inherited from class java.io.InputStream

mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, transferTo

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface java.io.ObjectInput

read, skip

Constructor Detail

FilteredObjectInputStream

public FilteredObjectInputStream()
                          throws IOException,
                                 SecurityException

Throws:

IOException

SecurityException

FilteredObjectInputStream

public FilteredObjectInputStream(InputStream inputStream)
                          throws IOException

Throws:

IOException

FilteredObjectInputStream

public FilteredObjectInputStream(Collection<String> allowedExtraClasses)
                          throws IOException,
                                 SecurityException

Throws:

IOException

SecurityException

FilteredObjectInputStream

public FilteredObjectInputStream(InputStream inputStream,
                                 Collection<String> allowedExtraClasses)
                          throws IOException

Throws:

IOException

Method Detail

getAllowedClasses

public Collection<String> getAllowedClasses()

resolveClass

protected Class<?> resolveClass(ObjectStreamClass desc)
                         throws IOException,
                                ClassNotFoundException

Overrides:

resolveClass in class ObjectInputStream

Throws:

IOException

ClassNotFoundException