public class FilteredObjectInputStream extends ObjectInputStream
ObjectInputStream to only allow some built-in Log4j classes and caller-specified classes to be
deserialized.ObjectInputStream.GetFieldbaseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING| Constructor and Description |
|---|
FilteredObjectInputStream() |
FilteredObjectInputStream(Collection<String> allowedExtraClasses) |
FilteredObjectInputStream(InputStream inputStream) |
FilteredObjectInputStream(InputStream inputStream,
Collection<String> allowedExtraClasses) |
| Modifier and Type | Method and Description |
|---|---|
Collection<String> |
getAllowedClasses() |
protected Class<?> |
resolveClass(ObjectStreamClass desc) |
available, close, defaultReadObject, enableResolveObject, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, skipBytesmark, markSupported, read, reset, skipclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitread, skippublic FilteredObjectInputStream()
throws IOException,
SecurityException
IOExceptionSecurityExceptionpublic FilteredObjectInputStream(InputStream inputStream) throws IOException
IOExceptionpublic FilteredObjectInputStream(Collection<String> allowedExtraClasses) throws IOException, SecurityException
IOExceptionSecurityExceptionpublic FilteredObjectInputStream(InputStream inputStream, Collection<String> allowedExtraClasses) throws IOException
IOExceptionpublic Collection<String> getAllowedClasses()
protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException
resolveClass in class ObjectInputStreamIOExceptionClassNotFoundExceptionCopyright © 1999-2022 The Apache Software Foundation. All Rights Reserved.
Apache Logging, Apache Log4j, Log4j, Apache, the Apache feather logo, the Apache Logging project logo, and the Apache Log4j logo are trademarks of The Apache Software Foundation.