public class DefaultDeserializationTypeValidator extends Object implements WhitelistingDeserializationTypeValidator
Modifier and Type | Field and Description |
---|---|
protected static Collection<String> |
ALLOWED_CLASSES |
protected static Collection<String> |
ALLOWED_PACKAGES |
protected Set<String> |
allowedClasses |
protected Set<String> |
allowedPackages |
Constructor and Description |
---|
DefaultDeserializationTypeValidator() |
Modifier and Type | Method and Description |
---|---|
protected void |
extractElements(String allowedElements,
Set<String> set) |
protected boolean |
isClassNameAllowed(String className) |
protected boolean |
isPackageAllowed(String className) |
protected boolean |
isPackageAllowed(String className,
Collection<String> allowedPackages) |
void |
setAllowedClasses(String deserializationAllowedClasses)
Set the allowed class names
|
void |
setAllowedPackages(String deserializationAllowedPackages)
Set the allowed package names
|
boolean |
validate(String className)
Validate the class name
|
protected static final Collection<String> ALLOWED_PACKAGES
protected static final Collection<String> ALLOWED_CLASSES
public void setAllowedClasses(String deserializationAllowedClasses)
WhitelistingDeserializationTypeValidator
setAllowedClasses
in interface WhitelistingDeserializationTypeValidator
public void setAllowedPackages(String deserializationAllowedPackages)
WhitelistingDeserializationTypeValidator
setAllowedPackages
in interface WhitelistingDeserializationTypeValidator
public boolean validate(String className)
DeserializationTypeValidator
validate
in interface DeserializationTypeValidator
protected boolean isPackageAllowed(String className)
protected boolean isPackageAllowed(String className, Collection<String> allowedPackages)
protected boolean isClassNameAllowed(String className)
Copyright © 2019. All rights reserved.