87 * {@link NullPointerException} to be thrown.
88 *
89 * @see ObjectInputStream#setObjectInputFilter(ObjectInputFilter)
90 * @since 9
91 */
92 @FunctionalInterface
93 public interface ObjectInputFilter {
94
95 /**
96 * Check the class, array length, number of object references, depth,
97 * stream size, and other available filtering information.
98 * Implementations of this method check the contents of the object graph being created
99 * during deserialization. The filter returns {@link Status#ALLOWED Status.ALLOWED},
100 * {@link Status#REJECTED Status.REJECTED}, or {@link Status#UNDECIDED Status.UNDECIDED}.
101 *
102 * @param filterInfo provides information about the current object being deserialized,
103 * if any, and the status of the {@link ObjectInputStream}
104 * @return {@link Status#ALLOWED Status.ALLOWED} if accepted,
105 * {@link Status#REJECTED Status.REJECTED} if rejected,
106 * {@link Status#UNDECIDED Status.UNDECIDED} if undecided.
107 * @since 9
108 */
109 Status checkInput(FilterInfo filterInfo);
110
111 /**
112 * FilterInfo provides access to information about the current object
113 * being deserialized and the status of the {@link ObjectInputStream}.
114 * @since 9
115 */
116 interface FilterInfo {
117 /**
118 * The class of an object being deserialized.
119 * For arrays, it is the array type.
120 * For example, the array class name of a 2 dimensional array of strings is
121 * "{@code [[Ljava.lang.String;}".
122 * To check the array's element type, iteratively use
123 * {@link Class#getComponentType() Class.getComponentType} while the result
124 * is an array and then check the class.
125 * The {@code serialClass is null} in the case where a new object is not being
126 * created and to give the filter a chance to check the depth, number of
127 * references to existing objects, and the stream size.
|
87 * {@link NullPointerException} to be thrown.
88 *
89 * @see ObjectInputStream#setObjectInputFilter(ObjectInputFilter)
90 * @since 9
91 */
92 @FunctionalInterface
93 public interface ObjectInputFilter {
94
95 /**
96 * Check the class, array length, number of object references, depth,
97 * stream size, and other available filtering information.
98 * Implementations of this method check the contents of the object graph being created
99 * during deserialization. The filter returns {@link Status#ALLOWED Status.ALLOWED},
100 * {@link Status#REJECTED Status.REJECTED}, or {@link Status#UNDECIDED Status.UNDECIDED}.
101 *
102 * @param filterInfo provides information about the current object being deserialized,
103 * if any, and the status of the {@link ObjectInputStream}
104 * @return {@link Status#ALLOWED Status.ALLOWED} if accepted,
105 * {@link Status#REJECTED Status.REJECTED} if rejected,
106 * {@link Status#UNDECIDED Status.UNDECIDED} if undecided.
107 */
108 Status checkInput(FilterInfo filterInfo);
109
110 /**
111 * FilterInfo provides access to information about the current object
112 * being deserialized and the status of the {@link ObjectInputStream}.
113 * @since 9
114 */
115 interface FilterInfo {
116 /**
117 * The class of an object being deserialized.
118 * For arrays, it is the array type.
119 * For example, the array class name of a 2 dimensional array of strings is
120 * "{@code [[Ljava.lang.String;}".
121 * To check the array's element type, iteratively use
122 * {@link Class#getComponentType() Class.getComponentType} while the result
123 * is an array and then check the class.
124 * The {@code serialClass is null} in the case where a new object is not being
125 * created and to give the filter a chance to check the depth, number of
126 * references to existing objects, and the stream size.
|