java.io.ObjectInputFilter
@FunctionalInterface
Filter classes, array lengths, and graph metrics during deserialization. If set on an ObjectInputStream, the checkInput(FilterInfo)method is called to validate classes, the length of each array, the number of objects being read from the stream, the depth of the graph, and the total number of bytes read from the stream. A filter can be set via setObjectInputFilterfor an individual ObjectInputStream.A filter can be set via Config.setSerialFilterto affect every ObjectInputStream that does not otherwise set a filter.
A filter determines whether the arguments are ALLOWED or REJECTED and should return the appropriate status. If the filter cannot determine the status it should return UNDECIDED. Filters should be designed for the specific use case and expected types. A filter designed for a particular user may be passed a class that is outside of the scope of the filter. If the purpose of the filter is to black-list classes then it can reject a candidate class that matches and report UNDECIDED for others. A filter may be called with class equals null, arrayLength equal -1, the depth, number of references, and stream size, and return a status that reflects only one or only some of the values. This allows a filter to be specific about the choice it is reporting and to use other filters without forcing either allowed or rejected status.
FilenameFilter interface in Java
Externalizable interface in Java
Serializable interface in Java
ObjectInputValidation interface in Java
ObjectInputFilter interface in Java
No comments:
Post a Comment