Package org.apache.logging.log4j.util
Class FilteredObjectInputStream
java.lang.Object
java.io.InputStream
java.io.ObjectInputStream
org.apache.logging.log4j.util.FilteredObjectInputStream
- All Implemented Interfaces:
Closeable
,DataInput
,ObjectInput
,ObjectStreamConstants
,AutoCloseable
Extends
ObjectInputStream
to only allow some built-in Log4j classes and caller-specified classes to be
deserialized.- Since:
- 2.11.0
-
Nested Class Summary
Nested classes/interfaces inherited from class java.io.ObjectInputStream
ObjectInputStream.GetField
-
Field Summary
Fields inherited from interface java.io.ObjectStreamConstants
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
-
Constructor Summary
ConstructorsConstructorDescriptionFilteredObjectInputStream
(InputStream inputStream) FilteredObjectInputStream
(InputStream inputStream, Collection<String> allowedExtraClasses) FilteredObjectInputStream
(Collection<String> allowedExtraClasses) -
Method Summary
Methods inherited from class java.io.ObjectInputStream
available, close, defaultReadObject, enableResolveObject, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, skipBytes
Methods inherited from class java.io.InputStream
mark, markSupported, read, reset, skip
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface java.io.ObjectInput
read, skip
-
Constructor Details
-
FilteredObjectInputStream
- Throws:
IOException
SecurityException
-
FilteredObjectInputStream
- Throws:
IOException
-
FilteredObjectInputStream
public FilteredObjectInputStream(Collection<String> allowedExtraClasses) throws IOException, SecurityException - Throws:
IOException
SecurityException
-
FilteredObjectInputStream
public FilteredObjectInputStream(InputStream inputStream, Collection<String> allowedExtraClasses) throws IOException - Throws:
IOException
-
-
Method Details
-
getAllowedClasses
-
resolveClass
- Overrides:
resolveClass
in classObjectInputStream
- Throws:
IOException
ClassNotFoundException
-