? ValidatingObjectInputStream
java.lang.Object
java.io.InputStream
java.io.ObjectInputStream
org.apache.commons.io.serialization.ValidatingObjectInputStream
- ????????:
Closeable
,DataInput
,ObjectInput
,ObjectStreamConstants
,AutoCloseable
An
ObjectInputStream
that's restricted to deserialize
a limited set of classes.
Various accept/reject methods allow for specifying which classes can be deserialized.
Design inspired by IBM DeveloperWorks Article.
-
?????
????????/?? java.io.ObjectInputStream
ObjectInputStream.GetField
-
????
???????? java.io.ObjectStreamConstants
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
-
?????
????????Constructs an object to deserialize the specified input stream. -
????
??????????Accept the specified classes for deserialization, unless they are otherwise rejected.Accept the wildcard specified classes for deserialization, unless they are otherwise rejected.Accept class names that match the supplied pattern for deserialization, unless they are otherwise rejected.Accept class names where the supplied ClassNameMatcher matches for deserialization, unless they are otherwise rejected.protected void
invalidClassNameFound
(String className) Called to throwInvalidClassException
if an invalid class name is found during deserialization.Reject the specified classes for deserialization, even if they are otherwise accepted.Reject the wildcard specified classes for deserialization, even if they are otherwise accepted.Reject class names that match the supplied pattern for deserialization, even if they are otherwise accepted.Reject class names where the supplied ClassNameMatcher matches for deserialization, even if they are otherwise accepted.protected Class<?>
??????? java.io.ObjectInputStream
available, close, defaultReadObject, enableResolveObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, setObjectInputFilter, skipBytes
??????? java.io.InputStream
mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, skipNBytes, transferTo
??????? java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
???????? java.io.ObjectInput
read, skip
-
???????
-
ValidatingObjectInputStream
Constructs an object to deserialize the specified input stream. At least one accept method needs to be called to specify which classes can be deserialized, as by default no classes are accepted.- ??:
input
- an input stream- ??:
IOException
- if an I/O error occurs while reading stream header
-
-
??????
-
invalidClassNameFound
Called to throwInvalidClassException
if an invalid class name is found during deserialization. Can be overridden, for example to log those class names.- ??:
className
- name of the invalid class- ??:
InvalidClassException
- if the specified class is not allowed
-
resolveClass
-
accept
Accept the specified classes for deserialization, unless they are otherwise rejected.- ??:
classes
- Classes to accept- ??:
- this object
-
reject
Reject the specified classes for deserialization, even if they are otherwise accepted.- ??:
classes
- Classes to reject- ??:
- this object
-
accept
Accept the wildcard specified classes for deserialization, unless they are otherwise rejected.- ??:
patterns
- Wildcard file name patterns as defined byFilenameUtils.wildcardMatch
- ??:
- this object
-
reject
Reject the wildcard specified classes for deserialization, even if they are otherwise accepted.- ??:
patterns
- Wildcard file name patterns as defined byFilenameUtils.wildcardMatch
- ??:
- this object
-
accept
Accept class names that match the supplied pattern for deserialization, unless they are otherwise rejected.- ??:
pattern
- standard Java regexp- ??:
- this object
-
reject
Reject class names that match the supplied pattern for deserialization, even if they are otherwise accepted.- ??:
pattern
- standard Java regexp- ??:
- this object
-
accept
Accept class names where the supplied ClassNameMatcher matches for deserialization, unless they are otherwise rejected.- ??:
m
- the matcher to use- ??:
- this object
-
reject
Reject class names where the supplied ClassNameMatcher matches for deserialization, even if they are otherwise accepted.- ??:
m
- the matcher to use- ??:
- this object
-