You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by bd...@apache.org on 2015/11/10 14:44:16 UTC

svn commit: r1713636 - /sling/whiteboard/bdelacretaz/safe-object-input-stream/src/main/java/org/apache/sling/deserialization/ClassValidator.java

Author: bdelacretaz
Date: Tue Nov 10 13:44:16 2015
New Revision: 1713636

URL: http://svn.apache.org/viewvc?rev=1713636&view=rev
Log:
SLING-5288 - SafeObjectInputStream prototype

Added:
    sling/whiteboard/bdelacretaz/safe-object-input-stream/src/main/java/org/apache/sling/deserialization/ClassValidator.java

Added: sling/whiteboard/bdelacretaz/safe-object-input-stream/src/main/java/org/apache/sling/deserialization/ClassValidator.java
URL: http://svn.apache.org/viewvc/sling/whiteboard/bdelacretaz/safe-object-input-stream/src/main/java/org/apache/sling/deserialization/ClassValidator.java?rev=1713636&view=auto
==============================================================================
--- sling/whiteboard/bdelacretaz/safe-object-input-stream/src/main/java/org/apache/sling/deserialization/ClassValidator.java (added)
+++ sling/whiteboard/bdelacretaz/safe-object-input-stream/src/main/java/org/apache/sling/deserialization/ClassValidator.java Tue Nov 10 13:44:16 2015
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.deserialization;
+
+import java.io.IOException;
+
+/** Validates a Class name against a list of acceptable names */ 
+public class ClassValidator {
+    private final Class<?> [] allowedClasses;
+    
+    public static class NotAllowedException extends ClassNotFoundException {
+        private static final long serialVersionUID = 5167088116102415772L;
+
+        NotAllowedException() {
+            super("The supplied class is not in our set of allowed classes");
+        }
+    }
+    
+    public ClassValidator(Class<?> ... allowedClasses) throws IOException {
+        this.allowedClasses = allowedClasses;
+    }
+
+    public void validateClass(String className) throws IOException, ClassNotFoundException {
+        boolean allowed = false;
+        
+        for(Class<?> c : allowedClasses) {
+            if(c.getName().equals(className)) {
+                allowed=true;
+                break;
+            }
+        }
+        
+        if(!allowed) {
+            throw new NotAllowedException();
+        }
+    }
+}
\ No newline at end of file