com.luna.common.io.ValidateObjectInputStream

所有已实现的接口:: Closeable, DataInput, ObjectInput, ObjectStreamConstants, AutoCloseable

public class ValidateObjectInputStream extends ObjectInputStream

带有类验证的对象流，用于避免反序列化漏洞
详细见：https://xz.aliyun.com/t/41/

从以下版本开始:: 5.2.6
作者:: looly

嵌套类概要

从类继承的嵌套类/接口 java.io.ObjectInputStream
ObjectInputStream.GetField
字段概要

从接口继承的字段 java.io.ObjectStreamConstants
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
构造器概要

构造器

构造器

说明

ValidateObjectInputStream(InputStream inputStream, Class<?>... acceptClasses)

构造
方法概要

修饰符和类型

方法

说明

void

accept(Class<?>... acceptClasses)

接受反序列化的类，用于反序列化验证

void

refuse(Class<?>... refuseClasses)

禁止反序列化的类，用于反序列化验证

protected Class<?>

resolveClass(ObjectStreamClass desc)

只允许反序列化SerialObject class

从类继承的方法 java.io.ObjectInputStream
available, close, defaultReadObject, enableResolveObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, resolveProxyClass, setObjectInputFilter, skipBytes

从类继承的方法 java.io.InputStream
mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, skipNBytes, transferTo

从类继承的方法 java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

从接口继承的方法 java.io.ObjectInput
read, skip

构造器详细资料
- ValidateObjectInputStream
  
  public ValidateObjectInputStream(InputStream inputStream, Class<?>... acceptClasses) throws IOException
  
  构造
  
  参数:
  
  inputStream - 流
  
  acceptClasses - 白名单的类
  
  抛出:
  
  IOException - IO异常
方法详细资料
- refuse
  
  public void refuse(Class<?>... refuseClasses)
  
  禁止反序列化的类，用于反序列化验证
  
  参数:
  
  refuseClasses - 禁止反序列化的类
  
  从以下版本开始:
  
  5.3.5
- accept
  
  public void accept(Class<?>... acceptClasses)
  
  接受反序列化的类，用于反序列化验证
  
  参数:
  
  acceptClasses - 接受反序列化的类
- resolveClass
  
  protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException
  
  只允许反序列化SerialObject class
  
  覆盖:
  
  resolveClass 在类中 ObjectInputStream
  
  抛出:
  
  IOException
  
  ClassNotFoundException

类 ValidateObjectInputStream

嵌套类概要

从类继承的嵌套类/接口 java.io.ObjectInputStream

字段概要

从接口继承的字段 java.io.ObjectStreamConstants

构造器概要

方法概要

从类继承的方法 java.io.ObjectInputStream

从类继承的方法 java.io.InputStream

从类继承的方法 java.lang.Object

从接口继承的方法 java.io.ObjectInput

构造器详细资料

ValidateObjectInputStream

方法详细资料

refuse

accept

resolveClass