Class FilteredObjectInputStream
java.lang.Object
java.io.InputStream
java.io.ObjectInputStream
org.apache.logging.log4j.util.FilteredObjectInputStream
- All Implemented Interfaces:
Closeable, DataInput, ObjectInput, ObjectStreamConstants, AutoCloseable
Extends
ObjectInputStream to only allow some built-in Log4j classes and caller-specified classes to be
deserialized.- Since:
- 2.8.2
-
Nested Class Summary
Nested classes/interfaces inherited from class ObjectInputStream
ObjectInputStream.GetField -
Field Summary
FieldsFields inherited from interface ObjectStreamConstants
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING -
Constructor Summary
ConstructorsConstructorDescriptionFilteredObjectInputStream(InputStream inputStream) FilteredObjectInputStream(InputStream inputStream, Collection<String> allowedExtraClasses) FilteredObjectInputStream(Collection<String> allowedExtraClasses) -
Method Summary
Modifier and TypeMethodDescriptionprivate static booleanisAllowedByDefault(String name) private static booleanisRequiredPackage(String name) protected Class<?> Methods inherited from class ObjectInputStream
available, close, defaultReadObject, enableResolveObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, setObjectInputFilter, skipBytesMethods inherited from class InputStream
mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, skipNBytes, transferToMethods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface ObjectInput
read, skip
-
Field Details
-
REQUIRED_JAVA_CLASSES
-
REQUIRED_JAVA_PACKAGES
-
allowedExtraClasses
-
-
Constructor Details
-
FilteredObjectInputStream
- Throws:
IOExceptionSecurityException
-
FilteredObjectInputStream
- Throws:
IOException
-
FilteredObjectInputStream
public FilteredObjectInputStream(Collection<String> allowedExtraClasses) throws IOException, SecurityException - Throws:
IOExceptionSecurityException
-
FilteredObjectInputStream
public FilteredObjectInputStream(InputStream inputStream, Collection<String> allowedExtraClasses) throws IOException - Throws:
IOException
-
-
Method Details
-
getAllowedClasses
-
resolveClass
- Overrides:
resolveClassin classObjectInputStream- Throws:
IOExceptionClassNotFoundException
-
isAllowedByDefault
-
isRequiredPackage
-