public class FilteredObjectInputStream extends ObjectInputStream
ObjectInputStream
to only allow some built-in Log4j classes and caller-specified classes to be
deserialized.ObjectInputStream.GetField
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
Constructor and Description |
---|
FilteredObjectInputStream() |
FilteredObjectInputStream(Collection<String> allowedExtraClasses) |
FilteredObjectInputStream(InputStream inputStream) |
FilteredObjectInputStream(InputStream inputStream,
Collection<String> allowedExtraClasses) |
Modifier and Type | Method and Description |
---|---|
Collection<String> |
getAllowedClasses() |
protected Class<?> |
resolveClass(ObjectStreamClass desc) |
available, close, defaultReadObject, enableResolveObject, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, skipBytes
mark, markSupported, read, reset, skip
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
read, skip
public FilteredObjectInputStream() throws IOException, SecurityException
IOException
SecurityException
public FilteredObjectInputStream(InputStream inputStream) throws IOException
IOException
public FilteredObjectInputStream(Collection<String> allowedExtraClasses) throws IOException, SecurityException
IOException
SecurityException
public FilteredObjectInputStream(InputStream inputStream, Collection<String> allowedExtraClasses) throws IOException
IOException
public Collection<String> getAllowedClasses()
protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException
resolveClass
in class ObjectInputStream
IOException
ClassNotFoundException
Copyright © 1999-1969 The Apache Software Foundation. All Rights Reserved.
Apache Logging, Apache Log4j, Log4j, Apache, the Apache feather logo, the Apache Logging project logo, and the Apache Log4j logo are trademarks of The Apache Software Foundation.