Package org.nustaq.serialization

Interface FSTConfiguration.ClassSecurityVerifier

Enclosing class:

FSTConfiguration

public static interface FSTConfiguration.ClassSecurityVerifier

Security: disallow packages/classes upon deserialization

Method Summary

Modifier and Type	Method	Description
boolean	allowClassDeserialization(java.lang.Class cl)	return false if your application does not allow to deserialize objects of type cl.

Method Details

allowClassDeserialization

boolean allowClassDeserialization(java.lang.Class cl)

return false if your application does not allow to deserialize objects of type cl. This can be implemented using whitelisting/blacklisting whole packages, subpackages, single classes Note: this also disallows serialization of forbidden classes. For assymetric use cases register a custom serializer in order to prevent reading/writing of certain classes.

Parameters:

cl - - the class being serialized/deserialized

Returns: