Package org.graylog2.security
Class RestrictedChainingClassLoader
java.lang.Object
org.graylog2.security.RestrictedChainingClassLoader
A wrapper around the chaining class loader intended only for loading classes safely by considering an allow-list of
class name prefixes.
-
Constructor Summary
ConstructorDescriptionRestrictedChainingClassLoader
(ChainingClassLoader delegate, SafeClasses safeClasses) -
Method Summary
Modifier and TypeMethodDescriptionClass<?>
loadClassSafely
(String name) Load the class only if the name passes the check ofSafeClasses.isSafeToLoad(String)
.
-
Constructor Details
-
Method Details
-
loadClassSafely
public Class<?> loadClassSafely(String name) throws ClassNotFoundException, UnsafeClassLoadingAttemptException Load the class only if the name passes the check ofSafeClasses.isSafeToLoad(String)
. If the class name passes the check, the call is delegated toClassLoader.loadClass(String)
. If it doesn't pass the check, anUnsafeClassLoadingAttemptException
is thrown.- Returns:
- class as returned by the delegated call to
ClassLoader.loadClass(String)
- Throws:
ClassNotFoundException
- if the class was not foundUnsafeClassLoadingAttemptException
- if the class name didn't pass the safety check ofSafeClasses.isSafeToLoad(String)
-