Package org.apache.logging.log4j.util
Class FilteredObjectInputStream
- java.lang.Object
-
- java.io.InputStream
-
- java.io.ObjectInputStream
-
- org.apache.logging.log4j.util.FilteredObjectInputStream
-
- All Implemented Interfaces:
Closeable
,DataInput
,ObjectInput
,ObjectStreamConstants
,AutoCloseable
public class FilteredObjectInputStream extends ObjectInputStream
ExtendsObjectInputStream
to only allow some built-in Log4j classes and caller-specified classes to be deserialized.- Since:
- 2.8.2
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class java.io.ObjectInputStream
ObjectInputStream.GetField
-
-
Field Summary
-
Fields inherited from interface java.io.ObjectStreamConstants
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
-
-
Constructor Summary
Constructors Constructor Description FilteredObjectInputStream()
FilteredObjectInputStream(InputStream inputStream)
FilteredObjectInputStream(InputStream inputStream, Collection<String> allowedExtraClasses)
FilteredObjectInputStream(Collection<String> allowedExtraClasses)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Collection<String>
getAllowedClasses()
protected Class<?>
resolveClass(ObjectStreamClass desc)
-
Methods inherited from class java.io.ObjectInputStream
available, close, defaultReadObject, enableResolveObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, setObjectInputFilter, skipBytes
-
Methods inherited from class java.io.InputStream
mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, transferTo
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface java.io.ObjectInput
read, skip
-
-
-
-
Constructor Detail
-
FilteredObjectInputStream
public FilteredObjectInputStream() throws IOException, SecurityException
- Throws:
IOException
SecurityException
-
FilteredObjectInputStream
public FilteredObjectInputStream(InputStream inputStream) throws IOException
- Throws:
IOException
-
FilteredObjectInputStream
public FilteredObjectInputStream(Collection<String> allowedExtraClasses) throws IOException, SecurityException
- Throws:
IOException
SecurityException
-
FilteredObjectInputStream
public FilteredObjectInputStream(InputStream inputStream, Collection<String> allowedExtraClasses) throws IOException
- Throws:
IOException
-
-
Method Detail
-
getAllowedClasses
public Collection<String> getAllowedClasses()
-
resolveClass
protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException
- Overrides:
resolveClass
in classObjectInputStream
- Throws:
IOException
ClassNotFoundException
-
-