public class WhiteListDeserializingConverter extends Object implements Converter<byte[],Object>
Converter that delegates to a
Deserializer to convert data in a byte
array to an object. By default, if using a DefaultDeserializer all
classes/packages are deserialized. If you receive data from untrusted sources, consider
adding trusted classes/packages using setWhiteListPatterns(String...) or
addWhiteListPatterns(String...).| Constructor and Description |
|---|
WhiteListDeserializingConverter()
Create a
WhiteListDeserializingConverter with default
ObjectInputStream configuration, using the "latest user-defined
ClassLoader". |
WhiteListDeserializingConverter(ClassLoader classLoader)
|
WhiteListDeserializingConverter(Deserializer<Object> deserializer)
Create a
WhiteListDeserializingConverter that delegates to the provided
Deserializer. |
| Modifier and Type | Method and Description |
|---|---|
void |
addWhiteListPatterns(String... patterns)
Add package/class patterns to the white list.
|
protected void |
checkWhiteList(Class<?> clazz) |
Object |
convert(byte[] source) |
protected Object |
deserialize(ByteArrayInputStream inputStream) |
void |
setWhiteListPatterns(String... whiteListPatterns)
Set simple patterns for allowable packages/classes for deserialization.
|
public WhiteListDeserializingConverter()
WhiteListDeserializingConverter with default
ObjectInputStream configuration, using the "latest user-defined
ClassLoader".public WhiteListDeserializingConverter(ClassLoader classLoader)
classLoader - the class loader to use for deserialization.public WhiteListDeserializingConverter(Deserializer<Object> deserializer)
WhiteListDeserializingConverter that delegates to the provided
Deserializer.deserializer - the deserializer to use.public void setWhiteListPatterns(String... whiteListPatterns)
com.foo.*, *.MyClass.whiteListPatterns - the patterns.public void addWhiteListPatterns(String... patterns)
patterns - the patterns to add.setWhiteListPatterns(String...)public Object convert(byte[] source)
protected Object deserialize(ByteArrayInputStream inputStream) throws IOException
IOExceptionprotected void checkWhiteList(Class<?> clazz) throws IOException
IOException