135. Implementing a custom pattern-based ObjectInputFilter
Let’s assume that we already have the Melon
class and the helper methods for serializing/deserializing objects to/from byte arrays from Problem 131.
Creating a pattern-based filter via the ObjectInputFilter
API can be done by calling the Config.createFilter(String pattern)
method. For instance, the following filter rejects the modern.challenge.Melon
class:
ObjectInputFilter melonFilter = ObjectInputFilter.Config
.createFilter("!modern.challenge.Melon;");
We can set this filter as a stream-global filter via setSerialFilter()
as follows:
ObjectInputFilter.Config.setSerialFilter(melonFilter);
If we need to get access to a stream-global filter, then we can call getSerialFilter()
:
ObjectInputFilter serialFilter =
ObjectInputFilter.Config.getSerialFilter();
Any stream deserialization in this application will pass through this filter, which will reject any instance...