public final class WhitelistAwareClassLoader extends ClassLoader
whitelisted classes
.
Main usage is to handle potential security vulnerabilities in
cache REST endpoint
by being passed to
JsonReader.jsonToJava(String, java.util.Map)
in the Map
. That way we prevent
deserialisation of malicious classes and thus execution of malicious code.
Constructor and Description |
---|
WhitelistAwareClassLoader(ClassLoader parent,
Collection<String> whitelistedClasses) |
Modifier and Type | Method and Description |
---|---|
Class<?> |
loadClass(String className) |
clearAssertionStatus, defineClass, defineClass, defineClass, defineClass, definePackage, findClass, findLibrary, findLoadedClass, findResource, findResources, findSystemClass, getClassLoadingLock, getPackage, getPackages, getParent, getResource, getResourceAsStream, getResources, getSystemClassLoader, getSystemResource, getSystemResourceAsStream, getSystemResources, loadClass, registerAsParallelCapable, resolveClass, setClassAssertionStatus, setDefaultAssertionStatus, setPackageAssertionStatus, setSigners
public WhitelistAwareClassLoader(ClassLoader parent, Collection<String> whitelistedClasses)
public Class<?> loadClass(String className) throws ClassNotFoundException
loadClass
in class ClassLoader
ClassNotFoundException
Copyright © 2017 Magnolia International Ltd.. All rights reserved.