Package org.graylog2.security

Class RestrictedChainingClassLoader

java.lang.Object

org.graylog2.security.RestrictedChainingClassLoader

public class RestrictedChainingClassLoader
extends Object

A wrapper around the chaining class loader intended only for loading classes safely by considering an allow-list of class name prefixes.

Constructor Summary

Constructors

Constructor	Description
RestrictedChainingClassLoader(ChainingClassLoader delegate, SafeClasses safeClasses)

Method Summary

Modifier and Type	Method	Description
Class<?>	loadClassSafely(String name)	Load the class only if the name passes the check of SafeClasses.isSafeToLoad(String).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

RestrictedChainingClassLoader

@Inject
public RestrictedChainingClassLoader(ChainingClassLoader delegate,
 SafeClasses safeClasses)

Method Details

loadClassSafely

public Class<?> loadClassSafely(String name)
                         throws ClassNotFoundException,
UnsafeClassLoadingAttemptException

Load the class only if the name passes the check of SafeClasses.isSafeToLoad(String). If the class name passes the check, the call is delegated to ClassLoader.loadClass(String). If it doesn't pass the check, an UnsafeClassLoadingAttemptException is thrown.

Returns:

class as returned by the delegated call to ClassLoader.loadClass(String)

Throws:

ClassNotFoundException - if the class was not found

UnsafeClassLoadingAttemptException - if the class name didn't pass the safety check of SafeClasses.isSafeToLoad(String)