public class ValidatingObjectInputStream extends ObjectInputStream
ObjectInputStream that's restricted to deserialize
a limited set of classes.
Various accept/reject methods allow for specifying which classes can be deserialized.
Design inspired by IBM DeveloperWorks Article.
ObjectInputStream.GetFieldbaseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING| Constructor and Description |
|---|
ValidatingObjectInputStream(InputStream input)
Constructs an object to deserialize the specified input stream.
|
| Modifier and Type | Method and Description |
|---|---|
ValidatingObjectInputStream |
accept(Class<?>... classes)
Accept the specified classes for deserialization, unless they
are otherwise rejected.
|
ValidatingObjectInputStream |
accept(ClassNameMatcher m)
Accept class names where the supplied ClassNameMatcher matches for
deserialization, unless they are otherwise rejected.
|
ValidatingObjectInputStream |
accept(Pattern pattern)
Accept class names that match the supplied pattern for
deserialization, unless they are otherwise rejected.
|
ValidatingObjectInputStream |
accept(String... patterns)
Accept the wildcard specified classes for deserialization,
unless they are otherwise rejected.
|
ValidatingObjectInputStream |
reject(Class<?>... classes)
Reject the specified classes for deserialization, even if they
are otherwise accepted.
|
ValidatingObjectInputStream |
reject(ClassNameMatcher m)
Reject class names where the supplied ClassNameMatcher matches for
deserialization, even if they are otherwise accepted.
|
ValidatingObjectInputStream |
reject(Pattern pattern)
Reject class names that match the supplied pattern for
deserialization, even if they are otherwise accepted.
|
ValidatingObjectInputStream |
reject(String... patterns)
Reject the wildcard specified classes for deserialization,
even if they are otherwise accepted.
|
available, close, defaultReadObject, read, read, readBoolean, readByte, readChar, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readShort, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, skipBytesmark, markSupported, read, reset, skipequals, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitread, skippublic ValidatingObjectInputStream(InputStream input) throws IOException
input - an input streamIOException - if an I/O error occurs while reading stream headerpublic ValidatingObjectInputStream accept(Class<?>... classes)
classes - Classes to acceptpublic ValidatingObjectInputStream reject(Class<?>... classes)
classes - Classes to rejectpublic ValidatingObjectInputStream accept(String... patterns)
patterns - Wildcard file name patterns as defined by
FilenameUtils.wildcardMatchpublic ValidatingObjectInputStream reject(String... patterns)
patterns - Wildcard file name patterns as defined by
FilenameUtils.wildcardMatchpublic ValidatingObjectInputStream accept(Pattern pattern)
pattern - standard Java regexppublic ValidatingObjectInputStream reject(Pattern pattern)
pattern - standard Java regexppublic ValidatingObjectInputStream accept(ClassNameMatcher m)
m - the matcher to usepublic ValidatingObjectInputStream reject(ClassNameMatcher m)
m - the matcher to useJas4pp 1.5 © Java Analysis Studio for Particle Physics