Package org.apache.catalina.util

Class CustomObjectInputStream

  • All Implemented Interfaces:
    java.io.Closeable, java.io.DataInput, java.io.ObjectInput, java.io.ObjectStreamConstants, java.lang.AutoCloseable
    public final class CustomObjectInputStream
extends java.io.ObjectInputStream
    Custom subclass of ObjectInputStream that loads from the class loader for this web application. This allows classes defined only with the web application to be found correctly.
    Author:
    Craig R. McClanahan, Bip Thelin

    • Nested Class Summary

      • Nested classes/interfaces inherited from class java.io.ObjectInputStream

        java.io.ObjectInputStream.GetField

    • Field Summary

      • Fields inherited from interface java.io.ObjectStreamConstants

        baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING

    • Constructor Summary

      Constructors 
      Constructor Description
      CustomObjectInputStream​(java.io.InputStream stream, java.lang.ClassLoader classLoader)
      Construct a new instance of CustomObjectInputStream without any filtering of deserialized classes.
      CustomObjectInputStream​(java.io.InputStream stream, java.lang.ClassLoader classLoader, Log log, java.util.regex.Pattern allowedClassNamePattern, boolean warnOnFailure)
      Construct a new instance of CustomObjectInputStream with filtering of deserialized classes.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.Class<?> resolveClass​(java.io.ObjectStreamClass classDesc)
      Load the local class equivalent of the specified stream class description, by using the class loader assigned to this Context.
      protected java.lang.Class<?> resolveProxyClass​(java.lang.String[] interfaces)
      Return a proxy class that implements the interfaces named in a proxy class descriptor.

      • Methods inherited from class java.io.ObjectInputStream

        available, close, defaultReadObject, enableResolveObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, setObjectInputFilter, skipBytes

      • Methods inherited from class java.io.InputStream

        mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, transferTo

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

      • Methods inherited from interface java.io.ObjectInput

        read, skip

    • Constructor Detail

      • CustomObjectInputStream

        public CustomObjectInputStream​(java.io.InputStream stream,
                               java.lang.ClassLoader classLoader)
                        throws java.io.IOException
        Construct a new instance of CustomObjectInputStream without any filtering of deserialized classes.
        Parameters:
        stream - The input stream we will read from
        classLoader - The class loader used to instantiate objects
        Throws:
        java.io.IOException - if an input/output error occurs

      • CustomObjectInputStream

        public CustomObjectInputStream​(java.io.InputStream stream,
                               java.lang.ClassLoader classLoader,
                               Log log,
                               java.util.regex.Pattern allowedClassNamePattern,
                               boolean warnOnFailure)
                        throws java.io.IOException
        Construct a new instance of CustomObjectInputStream with filtering of deserialized classes.
        Parameters:
        stream - The input stream we will read from
        classLoader - The class loader used to instantiate objects
        log - The logger to use to report any issues. It may only be null if the filterMode does not require logging
        allowedClassNamePattern - The regular expression to use to filter deserialized classes. The fully qualified class name must match this pattern for deserialization to be allowed if filtering is enabled.
        warnOnFailure - Should any failures be logged?
        Throws:
        java.io.IOException - if an input/output error occurs

    • Method Detail

      • resolveClass

        public java.lang.Class<?> resolveClass​(java.io.ObjectStreamClass classDesc)
                                throws java.lang.ClassNotFoundException,
                                       java.io.IOException
        Load the local class equivalent of the specified stream class description, by using the class loader assigned to this Context.
        Overrides:
        resolveClass in class java.io.ObjectInputStream
        Parameters:
        classDesc - Class description from the input stream
        Throws:
        java.lang.ClassNotFoundException - if this class cannot be found
        java.io.IOException - if an input/output error occurs

      • resolveProxyClass

        protected java.lang.Class<?> resolveProxyClass​(java.lang.String[] interfaces)
                                        throws java.io.IOException,
                                               java.lang.ClassNotFoundException
        Return a proxy class that implements the interfaces named in a proxy class descriptor. Do this using the class loader assigned to this Context.
        Overrides:
        resolveProxyClass in class java.io.ObjectInputStream
        Throws:
        java.io.IOException
        java.lang.ClassNotFoundException