Class CustomObjectInputStream

java.lang.Object
java.io.InputStream
java.io.ObjectInputStream
org.apache.catalina.util.CustomObjectInputStream
All Implemented Interfaces:
Closeable, DataInput, ObjectInput, ObjectStreamConstants, AutoCloseable

public final class CustomObjectInputStream extends ObjectInputStream
Custom subclass of ObjectInputStream that loads from the class loader for this web application. This allows classes defined only with the web application to be found correctly.
Author:
Craig R. McClanahan, Bip Thelin
  • Constructor Details

    • CustomObjectInputStream

      public CustomObjectInputStream(InputStream stream, ClassLoader classLoader) throws IOException
      Construct a new instance of CustomObjectInputStream without any filtering of deserialized classes.
      Parameters:
      stream - The input stream we will read from
      classLoader - The class loader used to instantiate objects
      Throws:
      IOException - if an input/output error occurs
    • CustomObjectInputStream

      public CustomObjectInputStream(InputStream stream, ClassLoader classLoader, Log log, Pattern allowedClassNamePattern, boolean warnOnFailure) throws IOException
      Construct a new instance of CustomObjectInputStream with filtering of deserialized classes.
      Parameters:
      stream - The input stream we will read from
      classLoader - The class loader used to instantiate objects
      log - The logger to use to report any issues. It may only be null if the filterMode does not require logging
      allowedClassNamePattern - The regular expression to use to filter deserialized classes. The fully qualified class name must match this pattern for deserialization to be allowed if filtering is enabled.
      warnOnFailure - Should any failures be logged?
      Throws:
      IOException - if an input/output error occurs
  • Method Details