DefaultDeserializationTypeValidator (Camunda Platform Javadocs 7.20.0-SNAPSHOT)

java.lang.Object
- org.camunda.bpm.engine.impl.runtime.DefaultDeserializationTypeValidator

All Implemented Interfaces:

DeserializationTypeValidator, WhitelistingDeserializationTypeValidator
```
public class DefaultDeserializationTypeValidator
extends Object
implements WhitelistingDeserializationTypeValidator
```
Validate a type against a list of allowed packages and classes. Allows a basic set of packages and classes without known security issues based on Jackson Databind's SubTypeValidator.

Field Summary

Fields
Modifier and Type	Field	Description
`protected static Collection<String>`	`ALLOWED_CLASSES`
`protected static Collection<String>`	`ALLOWED_PACKAGES`
`protected Set<String>`	`allowedClasses`
`protected Set<String>`	`allowedPackages`

Constructor Summary

Constructors
Constructor Description

DefaultDeserializationTypeValidator()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected void`	`extractElements(String allowedElements, Set<String> set)`
`protected boolean`	`isClassNameAllowed(String className)`
`protected boolean`	`isPackageAllowed(String className)`
`protected boolean`	`isPackageAllowed(String className, Collection<String> allowedPackages)`
`void`	`setAllowedClasses(String deserializationAllowedClasses)`	Set the allowed class names
`void`	`setAllowedPackages(String deserializationAllowedPackages)`	Set the allowed package names
`boolean`	`validate(String className)`	Validate the class name

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ALLOWED_PACKAGES

protected static final Collection<String> ALLOWED_PACKAGES

ALLOWED_CLASSES

protected static final Collection<String> ALLOWED_CLASSES

allowedClasses
```
protected Set<String> allowedClasses
```

allowedPackages
```
protected Set<String> allowedPackages
```

Constructor Detail
- DefaultDeserializationTypeValidator
```
public DefaultDeserializationTypeValidator()
```

Method Detail
- setAllowedClasses
```
public void setAllowedClasses(String deserializationAllowedClasses)
```
  Description copied from interface: WhitelistingDeserializationTypeValidator
  
  Set the allowed class names
  
  Specified by:
  
  setAllowedClasses in interface WhitelistingDeserializationTypeValidator
- setAllowedPackages
```
public void setAllowedPackages(String deserializationAllowedPackages)
```
  Description copied from interface: WhitelistingDeserializationTypeValidator
  
  Set the allowed package names
  
  Specified by:
  
  setAllowedPackages in interface WhitelistingDeserializationTypeValidator
- validate
```
public boolean validate(String className)
```
  Description copied from interface: DeserializationTypeValidator
  
  Validate the class name
  
  Specified by:
  
  validate in interface DeserializationTypeValidator
- isPackageAllowed
```
protected boolean isPackageAllowed(String className)
```
- isPackageAllowed
```
protected boolean isPackageAllowed(String className,
                                   Collection<String> allowedPackages)
```
- isClassNameAllowed
```
protected boolean isClassNameAllowed(String className)
```
- extractElements
```
protected void extractElements(String allowedElements,
                               Set<String> set)
```