Class CustomObjectInputStream
java.lang.Object
java.io.InputStream
java.io.ObjectInputStream
org.apache.catalina.util.CustomObjectInputStream
- All Implemented Interfaces:
Closeable
,DataInput
,ObjectInput
,ObjectStreamConstants
,AutoCloseable
Custom subclass of
ObjectInputStream
that loads from the class loader for this web application. This
allows classes defined only with the web application to be found correctly.- Author:
- Craig R. McClanahan, Bip Thelin
-
Nested Class Summary
Nested classes/interfaces inherited from class java.io.ObjectInputStream
ObjectInputStream.GetField
-
Field Summary
Fields inherited from interface java.io.ObjectStreamConstants
baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
-
Constructor Summary
ConstructorDescriptionCustomObjectInputStream
(InputStream stream, ClassLoader classLoader) Construct a new instance of CustomObjectInputStream without any filtering of deserialized classes.CustomObjectInputStream
(InputStream stream, ClassLoader classLoader, Log log, Pattern allowedClassNamePattern, boolean warnOnFailure) Construct a new instance of CustomObjectInputStream with filtering of deserialized classes. -
Method Summary
Modifier and TypeMethodDescriptionClass
<?> resolveClass
(ObjectStreamClass classDesc) Load the local class equivalent of the specified stream class description, by using the class loader assigned to this Context.protected Class
<?> resolveProxyClass
(String[] interfaces) Return a proxy class that implements the interfaces named in a proxy class descriptor.Methods inherited from class java.io.ObjectInputStream
available, close, defaultReadObject, enableResolveObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, setObjectInputFilter, skipBytes
Methods inherited from class java.io.InputStream
mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, skipNBytes, transferTo
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface java.io.ObjectInput
read, skip
-
Constructor Details
-
CustomObjectInputStream
Construct a new instance of CustomObjectInputStream without any filtering of deserialized classes.- Parameters:
stream
- The input stream we will read fromclassLoader
- The class loader used to instantiate objects- Throws:
IOException
- if an input/output error occurs
-
CustomObjectInputStream
public CustomObjectInputStream(InputStream stream, ClassLoader classLoader, Log log, Pattern allowedClassNamePattern, boolean warnOnFailure) throws IOException Construct a new instance of CustomObjectInputStream with filtering of deserialized classes.- Parameters:
stream
- The input stream we will read fromclassLoader
- The class loader used to instantiate objectslog
- The logger to use to report any issues. It may only be null if the filterMode does not require loggingallowedClassNamePattern
- The regular expression to use to filter deserialized classes. The fully qualified class name must match this pattern for deserialization to be allowed if filtering is enabled.warnOnFailure
- Should any failures be logged?- Throws:
IOException
- if an input/output error occurs
-
-
Method Details
-
resolveClass
public Class<?> resolveClass(ObjectStreamClass classDesc) throws ClassNotFoundException, IOException Load the local class equivalent of the specified stream class description, by using the class loader assigned to this Context.- Overrides:
resolveClass
in classObjectInputStream
- Parameters:
classDesc
- Class description from the input stream- Throws:
ClassNotFoundException
- if this class cannot be foundIOException
- if an input/output error occurs
-
resolveProxyClass
protected Class<?> resolveProxyClass(String[] interfaces) throws IOException, ClassNotFoundException Return a proxy class that implements the interfaces named in a proxy class descriptor. Do this using the class loader assigned to this Context.- Overrides:
resolveProxyClass
in classObjectInputStream
- Throws:
IOException
ClassNotFoundException
-