java.lang.Object
is.codion.common.rmi.server.SerializationFilterFactory
- All Implemented Interfaces:
ObjectInputFilterFactory
A
ObjectInputFilterFactory implementation based on patterns, specified as a string via SERIALIZATION_FILTER_PATTERNS
or from a file via SERIALIZATION_FILTER_PATTERN_FILE.
See Java Serialization Filters and JEP 290: Filter Incoming Serialization Data
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final PropertyValue<String> If specified then a list of all deserialized classes is written to the given file on server shutdown.static final PropertyValue<Integer> The interval in seconds for periodically flushing the dry-run output to disk.static final PropertyValue<Integer> The maximum array size allowed to prevent resource exhaustion attacks.static final PropertyValue<Long> The maximum number of bytes in the input stream to prevent resource exhaustion attacks.static final PropertyValue<Integer> The maximum depth of the object graph to prevent resource exhaustion attacks.static final PropertyValue<Integer> The maximum number of object references to prevent resource exhaustion attacks.static final PropertyValue<String> The path to the serialization pattern file to use.static final PropertyValue<String> The serialization patterns to use. -
Constructor Summary
Constructors -
Method Summary
-
Field Details
-
SERIALIZATION_FILTER_PATTERNS
The serialization patterns to use.
Is overridden by
SERIALIZATION_FILTER_PATTERNS. -
SERIALIZATION_FILTER_PATTERN_FILE
The path to the serialization pattern file to use.
Supports 'classpath:' prefix for a pattern file in the classpath root.
-
SERIALIZATION_FILTER_DRYRUN_FILE
If specified then a list of all deserialized classes is written to the given file on server shutdown. Note this overwrites the file if it already exists. -
SERIALIZATION_FILTER_DRYRUN_FLUSH_INTERVAL
The interval in seconds for periodically flushing the dry-run output to disk.- Value type: Integer
- Default value: 30
-
SERIALIZATION_FILTER_MAX_BYTES
The maximum number of bytes in the input stream to prevent resource exhaustion attacks.- Value type: Long
- Default value: 10.485.760 (10 MB)
-
SERIALIZATION_FILTER_MAX_ARRAY
The maximum array size allowed to prevent resource exhaustion attacks.- Value type: Integer
- Default value: 100.000
-
SERIALIZATION_FILTER_MAX_DEPTH
The maximum depth of the object graph to prevent resource exhaustion attacks.- Value type: Integer
- Default value: 100
-
SERIALIZATION_FILTER_MAX_REFS
The maximum number of object references to prevent resource exhaustion attacks.- Value type: Integer
- Default value: 1.000.000
-
-
Constructor Details
-
SerializationFilterFactory
public SerializationFilterFactory()
-
-
Method Details
-
createObjectInputFilter
- Specified by:
createObjectInputFilterin interfaceObjectInputFilterFactory- Returns:
- a
ObjectInputFilterinstance
-