Package com.ibm.security.access.javascript

Class CheckedObjectInputStream

java.lang.Object

java.io.InputStream

java.io.ObjectInputStream

com.ibm.security.access.javascript.CheckedObjectInputStream

All Implemented Interfaces:

Closeable, DataInput, ObjectInput, ObjectStreamConstants, AutoCloseable

public class CheckedObjectInputStream
extends ObjectInputStream

A secure implementation of ObjectInputStream that checks if deserialized objects are allowed based on the SandboxedContextFactory's whitelist.

Nested Class Summary

Nested classes/interfaces inherited from class java.io.ObjectInputStream

ObjectInputStream.GetField

Field Summary

Fields inherited from interface java.io.ObjectStreamConstants

baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING

Constructor Summary

Constructors

Constructor	Description
CheckedObjectInputStream(InputStream in)	Creates a new CheckedObjectInputStream that will use the whitelist to check if an object can be deserialized.

Method Summary

Methods inherited from class java.io.ObjectInputStream

available, close, defaultReadObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readShort, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, setObjectInputFilter, skipBytes

Methods inherited from class java.io.InputStream

mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, skipNBytes, transferTo

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface java.io.ObjectInput

read, skip

Constructor Details

CheckedObjectInputStream

public CheckedObjectInputStream(InputStream in)
                         throws IOException

Creates a new CheckedObjectInputStream that will use the whitelist to check if an object can be deserialized.

Parameters:

in - The input stream to read from

Throws:

IOException - If an I/O error occurs