org.apache.logging.log4j.util.FilteredObjectInputStream

All Implemented Interfaces:: Closeable, DataInput, ObjectInput, ObjectStreamConstants, AutoCloseable

public class FilteredObjectInputStream extends ObjectInputStream

Extends ObjectInputStream to only allow some built-in Log4j classes and caller-specified classes to be deserialized.

Since:: 2.11.0

Nested Class Summary

Nested classes/interfaces inherited from class java.io.ObjectInputStream
ObjectInputStream.GetField
Field Summary

Fields inherited from interface java.io.ObjectStreamConstants
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
Constructor Summary

Constructors

Constructor

Description

FilteredObjectInputStream()

FilteredObjectInputStream(InputStream inputStream)

FilteredObjectInputStream(InputStream inputStream, Collection<String> allowedExtraClasses)

FilteredObjectInputStream(Collection<String> allowedExtraClasses)
Method Summary

Modifier and Type

Method

Description

Collection<String>

getAllowedClasses()

protected Class<?>

resolveClass(ObjectStreamClass desc)

Methods inherited from class java.io.ObjectInputStream
available, close, defaultReadObject, enableResolveObject, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, skipBytes

Methods inherited from class java.io.InputStream
mark, markSupported, read, reset, skip

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface java.io.ObjectInput
read, skip

Constructor Details
- FilteredObjectInputStream
  
  public FilteredObjectInputStream() throws IOException, SecurityException
  
  Throws:
  
  IOException
  
  SecurityException
- FilteredObjectInputStream
  
  public FilteredObjectInputStream(InputStream inputStream) throws IOException
  
  Throws:
  
  IOException
- FilteredObjectInputStream
  
  public FilteredObjectInputStream(Collection<String> allowedExtraClasses) throws IOException, SecurityException
  
  Throws:
  
  IOException
  
  SecurityException
- FilteredObjectInputStream
  
  public FilteredObjectInputStream(InputStream inputStream, Collection<String> allowedExtraClasses) throws IOException
  
  Throws:
  
  IOException
Method Details
- getAllowedClasses
  
  public Collection<String> getAllowedClasses()
- resolveClass
  
  protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException
  
  Overrides:
  
  resolveClass in class ObjectInputStream
  
  Throws:
  
  IOException
  
  ClassNotFoundException

Class FilteredObjectInputStream

Nested Class Summary

Nested classes/interfaces inherited from class java.io.ObjectInputStream

Field Summary

Fields inherited from interface java.io.ObjectStreamConstants

Constructor Summary

Method Summary

Methods inherited from class java.io.ObjectInputStream

Methods inherited from class java.io.InputStream

Methods inherited from class java.lang.Object

Methods inherited from interface java.io.ObjectInput

Constructor Details

FilteredObjectInputStream

FilteredObjectInputStream

FilteredObjectInputStream

FilteredObjectInputStream

Method Details

getAllowedClasses

resolveClass