Module com.rabbitmq.jms
Package com.rabbitmq.jms.util

Class WhiteListObjectInputStream

  • All Implemented Interfaces:
    java.io.Closeable, java.io.DataInput, java.io.ObjectInput, java.io.ObjectStreamConstants, java.lang.AutoCloseable
    public class WhiteListObjectInputStream
extends java.io.ObjectInputStream

    An ObjectInputStream implementation that checks loaded classes against a list of trusted packages or package prefixes.

    Heavily inspired by and derived from org.apache.activemq.util.ClassLoadingAwareObjectInputStream in ActiveMQ as well as https://github.com/spring-projects/spring-amqp/commit/4150f107e60cac4a7735fcf7cb4c1889a0cbab6c.

    See Also:
    ObjectInputStream

    • Nested Class Summary

      • Nested classes/interfaces inherited from class java.io.ObjectInputStream

        java.io.ObjectInputStream.GetField

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.util.List<java.lang.String> DEFAULT_TRUSTED_PACKAGES  

      • Fields inherited from interface java.io.ObjectStreamConstants

        baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, SERIAL_FILTER_PERMISSION, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING

    • Constructor Summary

      Constructors 
      Constructor Description
      WhiteListObjectInputStream​(java.io.InputStream in)
      Creates an ObjectInputStream that reads from the specified InputStream.
      WhiteListObjectInputStream​(java.io.InputStream in, java.util.List<java.lang.String> trustedPackages)
      Creates an ObjectInputStream that reads from the specified InputStream.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addTrustedPackage​(java.lang.String trustedPackage)  
      java.util.List<java.lang.String> getTrustedPackages()  
      protected java.lang.Class<?> resolveClass​(java.io.ObjectStreamClass desc)
      Load the local class equivalent of the specified stream class description.
      protected java.lang.Class<?> resolveProxyClass​(java.lang.String[] interfaces)  
      void setTrustedPackages​(java.util.List<java.lang.String> trustedPackages)  
      boolean shouldTrustAllPackages()  

      • Methods inherited from class java.io.ObjectInputStream

        available, close, defaultReadObject, enableResolveObject, getObjectInputFilter, read, read, readBoolean, readByte, readChar, readClassDescriptor, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readObjectOverride, readShort, readStreamHeader, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, resolveObject, setObjectInputFilter, skipBytes

      • Methods inherited from class java.io.InputStream

        mark, markSupported, nullInputStream, read, readAllBytes, readNBytes, readNBytes, reset, skip, transferTo

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

      • Methods inherited from interface java.io.ObjectInput

        read, skip

    • Field Detail

      • DEFAULT_TRUSTED_PACKAGES

        public static final java.util.List<java.lang.String> DEFAULT_TRUSTED_PACKAGES

    • Constructor Detail

      • WhiteListObjectInputStream

        public WhiteListObjectInputStream​(java.io.InputStream in)
                           throws java.io.IOException

        Creates an ObjectInputStream that reads from the specified InputStream. A serialization stream header is read from the stream and verified. This constructor will block until the corresponding ObjectOutputStream has written and flushed the header.

        If a security manager is installed, this constructor will check for the "enableSubclassImplementation" SerializablePermission when invoked directly or indirectly by the constructor of a subclass which overrides the ObjectInputStream.readFields or ObjectInputStream.readUnshared methods.

        Parameters:
        in - input stream to read from
        Throws:
        java.io.IOException - if an I/O error occurs while reading stream header
        java.lang.SecurityException - if untrusted subclass illegally overrides security-sensitive methods
        java.lang.NullPointerException - if in is null
        See Also:
        ObjectInputStream(), ObjectInputStream.readFields()

      • WhiteListObjectInputStream

        public WhiteListObjectInputStream​(java.io.InputStream in,
                                  java.util.List<java.lang.String> trustedPackages)
                           throws java.io.IOException

        Creates an ObjectInputStream that reads from the specified InputStream. A serialization stream header is read from the stream and verified. This constructor will block until the corresponding ObjectOutputStream has written and flushed the header.

        If a security manager is installed, this constructor will check for the "enableSubclassImplementation" SerializablePermission when invoked directly or indirectly by the constructor of a subclass which overrides the ObjectInputStream.readFields or ObjectInputStream.readUnshared methods.

        Parameters:
        in - input stream to read from
        trustedPackages - List of packages that are trusted. Classes in them will be serialized.
        Throws:
        java.io.IOException - if an I/O error occurs while reading stream header
        java.lang.SecurityException - if untrusted subclass illegally overrides security-sensitive methods
        java.lang.NullPointerException - if in is null
        See Also:
        ObjectInputStream(), ObjectInputStream.readFields()

    • Method Detail

      • resolveClass

        protected java.lang.Class<?> resolveClass​(java.io.ObjectStreamClass desc)
                                   throws java.io.IOException,
                                          java.lang.ClassNotFoundException
        Load the local class equivalent of the specified stream class description. Subclasses may implement this method to allow classes to be fetched from an alternate source.

        The corresponding method in ObjectOutputStream is annotateClass. This method will be invoked only once for each unique class in the stream. This method can be implemented by subclasses to use an alternate loading mechanism but must return a Class object. Once returned, if the class is not an array class, its serialVersionUID is compared to the serialVersionUID of the serialized class, and if there is a mismatch, the deserialization fails and an exception is thrown.

        The default implementation of this method in ObjectInputStream returns the result of calling 

             Class.forName(desc.getName(), false, loader)
        where loader is determined as follows: if there is a method on the current thread's stack whose declaring class was defined by a user-defined class loader (and was not a generated to implement reflective invocations), then loader is class loader corresponding to the closest such method to the currently executing frame; otherwise, loader is null. If this call results in a ClassNotFoundException and the name of the passed ObjectStreamClass instance is the Java language keyword for a primitive type or void, then the Class object representing that primitive type or void will be returned (e.g., an ObjectStreamClass with the name "int" will be resolved to Integer.TYPE). Otherwise, the ClassNotFoundException will be thrown to the caller of this method.
        Overrides:
        resolveClass in class java.io.ObjectInputStream
        Parameters:
        desc - an instance of class ObjectStreamClass
        Returns:
        a Class object corresponding to desc
        Throws:
        java.io.IOException - any of the usual Input/Output exceptions.
        java.lang.ClassNotFoundException - if class of a serialized object cannot be found or isn't trusted.

      • resolveProxyClass

        protected java.lang.Class<?> resolveProxyClass​(java.lang.String[] interfaces)
                                        throws java.io.IOException,
                                               java.lang.ClassNotFoundException
        Overrides:
        resolveProxyClass in class java.io.ObjectInputStream
        Throws:
        java.io.IOException
        java.lang.ClassNotFoundException

      • addTrustedPackage

        public void addTrustedPackage​(java.lang.String trustedPackage)

      • getTrustedPackages

        public java.util.List<java.lang.String> getTrustedPackages()
        Returns:
        list of packages trusted for deserialization from ObjectMessage payloads

      • setTrustedPackages

        public void setTrustedPackages​(java.util.List<java.lang.String> trustedPackages)
        Parameters:
        trustedPackages - list of packages trusted for deserialization from ObjectMessage payloads

      • shouldTrustAllPackages

        public boolean shouldTrustAllPackages()
        Returns:
        true if this object stream considers all packages to be trusted, false otherwise