public static final class ObjectInputFilter.Config extends Object
ObjectInputStream
that does not set its own filter.
When setting the filter, it should be stateless and idempotent, reporting the same result when passed the same arguments.
The filter is configured during the initialization of the ObjectInputFilter.Config
class. For example, by calling Config.getSerialFilter
.
If the system property jdk.serialFilter
is defined, it is used
to configure the filter.
If the system property is not defined, and the Security
property jdk.serialFilter
is defined then it is used to configure the filter.
Otherwise, the filter is not configured during initialization.
The syntax for each property is the same as for the
createFilter
method.
If a filter is not configured, it can be set with
Config.setSerialFilter
.
Modifier and Type | Method | Description |
---|---|---|
static ObjectInputFilter |
createFilter(String pattern) |
Returns an ObjectInputFilter from a string of patterns.
|
static ObjectInputFilter |
getSerialFilter() |
Returns the process-wide serialization filter or
null if not configured. |
static void |
setSerialFilter(ObjectInputFilter filter) |
Set the process-wide filter if it has not already been configured or set.
|
public static ObjectInputFilter getSerialFilter()
null
if not configured.null
if not configuredpublic static void setSerialFilter(ObjectInputFilter filter)
filter
- the serialization filter to set as the process-wide filter; not nullSecurityException
- if there is security manager and the
SerializablePermission("serialFilter")
is not grantedIllegalStateException
- if the filter has already been set non-null
public static ObjectInputFilter createFilter(String pattern)
Patterns are separated by ";" (semicolon). Whitespace is significant and
is considered part of the pattern.
If a pattern includes an equals assignment, "=
" it sets a limit.
If a limit appears more than once the last value is used.
value
- the maximum depth of a graphvalue
- the maximum number of internal referencesvalue
- the maximum number of bytes in the input streamvalue
- the maximum array length allowed
Other patterns match or reject class or package name
as returned from Class.getName()
and
if an optional module name is present
class.getModule().getName()
.
Note that for arrays the element type is used in the pattern,
not the array type.
The resulting filter performs the limit checks and then
tries to match the class, if any. If any of the limits are exceeded,
the filter returns Status.REJECTED
.
If the class is an array type, the class to be matched is the element type.
Arrays of any number of dimensions are treated the same as the element type.
For example, a pattern of "!example.Foo
",
rejects creation of any instance or array of example.Foo
.
The first pattern that matches, working from left to right, determines
the Status.ALLOWED
or Status.REJECTED
result.
If the limits are not exceeded and no pattern matches the class,
the result is Status.UNDECIDED
.
pattern
- the pattern string to parse; not nullnull
if no patternsIllegalArgumentException
- if the pattern string is illegal or
malformed and cannot be parsed.
In particular, if any of the following is true:
Long.parseLong
or is negative
Submit a bug or feature
For further API reference and developer documentation, see Java SE Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.
Copyright © 1993, 2017, Oracle and/or its affiliates. 500 Oracle Parkway
Redwood Shores, CA 94065 USA. All rights reserved.
DRAFT 9-internal+0-adhoc.mlchung.jdk9-jdeps