public class ValidateObjectInputStream extends ObjectInputStream
ObjectInputStream.GetField
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
Constructor and Description |
---|
ValidateObjectInputStream(InputStream inputStream,
Class<?>... acceptClasses)
构造
|
Modifier and Type | Method and Description |
---|---|
void |
accept(Class<?>... acceptClasses)
接受反序列化的类,用于反序列化验证
|
void |
refuse(Class<?>... refuseClasses)
禁止反序列化的类,用于反序列化验证
|
protected Class<?> |
resolveClass(ObjectStreamClass desc)
只允许反序列化SerialObject class
|
available, close, defaultReadObject, enableResolveObject, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, skipBytes
mark, markSupported, read, reset, skip
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
read, skip
public ValidateObjectInputStream(InputStream inputStream, Class<?>... acceptClasses) throws IOException
inputStream
- 流acceptClasses
- 白名单的类IOException
- IO异常public void refuse(Class<?>... refuseClasses)
refuseClasses
- 禁止反序列化的类public void accept(Class<?>... acceptClasses)
acceptClasses
- 接受反序列化的类protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException
resolveClass
in class ObjectInputStream
IOException
ClassNotFoundException
Copyright © 2024. All rights reserved.