ch.qos.logback.core.net.HardenedObjectInputStream

All Implemented Interfaces:: Closeable, DataInput, ObjectInput, ObjectStreamConstants, AutoCloseable

Direct Known Subclasses:: HardenedLoggingEventInputStream

@Deprecated(since="2022-01-27") public class HardenedObjectInputStream extends ObjectInputStream

Deprecated.

This internal logback API is not supported by AEM as a Cloud Service.

HardenedObjectInputStream restricts the set of classes that can be deserialized to a set of explicitly whitelisted classes. This prevents certain type of attacks from being successful.

It is assumed that classes in the "java.lang" and "java.util" packages are always authorized.

Since:: 1.2.0

Nested Class Summary

Nested classes/interfaces inherited from class java.io.ObjectInputStream
ObjectInputStream.GetField
Field Summary

Fields inherited from interface java.io.ObjectStreamConstants
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
Constructor Summary

Constructors

Constructor

Description

HardenedObjectInputStream(InputStream in, String[] whilelist)

Deprecated.

HardenedObjectInputStream(InputStream in, List<String> whitelist)

Deprecated.
Method Summary

Methods inherited from class java.io.ObjectInputStream
available, close, defaultReadObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readShort, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, setObjectInputFilter, skipBytes

Methods inherited from class java.io.InputStream
mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, skipNBytes, transferTo

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface java.io.ObjectInput
read, skip

Constructor Details
- HardenedObjectInputStream
  
  public HardenedObjectInputStream(InputStream in, String[] whilelist) throws IOException
  
  Deprecated.
  
  Throws:
  
  IOException
- HardenedObjectInputStream
  
  public HardenedObjectInputStream(InputStream in, List<String> whitelist) throws IOException
  
  Deprecated.
  
  Throws:
  
  IOException

Class HardenedObjectInputStream

Nested Class Summary

Nested classes/interfaces inherited from class java.io.ObjectInputStream

Field Summary

Fields inherited from interface java.io.ObjectStreamConstants

Constructor Summary

Method Summary

Methods inherited from class java.io.ObjectInputStream

Methods inherited from class java.io.InputStream

Methods inherited from class java.lang.Object

Methods inherited from interface java.io.ObjectInput

Constructor Details

HardenedObjectInputStream

HardenedObjectInputStream