Class HardenedObjectInputStream

java.lang.Object
java.io.InputStream
java.io.ObjectInputStream
ch.qos.logback.core.net.HardenedObjectInputStream
All Implemented Interfaces:
Closeable, DataInput, ObjectInput, ObjectStreamConstants, AutoCloseable
Direct Known Subclasses:
HardenedLoggingEventInputStream, HardenedModelInputStream

HardenedObjectInputStream restricts the set of classes that can be deserialized to a set of explicitly whitelisted classes. This prevents certain type of attacks from being successful.

It is assumed that classes in the "java.lang" and "java.util" packages are always authorized.

Since:
1.2.0
Author:
Ceki Gülcü