| Interface | Description |
|---|---|
| AtomicSerial.ReadObject |
ReadObject that can be used to read in data and Objects written
to the stream by writeObject() methods.
|
| Class | Description |
|---|---|
| AtomicExternal.Factory |
Factory to test AtomicExternal instantiation compliance.
|
| AtomicMarshalInputStream |
ObjectInputStream hardened against DOS attack.
|
| AtomicMarshalledInstance |
Implementation of MarshalledInstance that performs input validation
during un-marshaling.
|
| AtomicMarshalOutputStream |
This AtomicMarshalOutputStream, replaces a number of Java Object's in the stream
with Serializer's that ordinarily would not be deserializable by
AtomicMarshalInputStream or would not be safe to be deserialized, this
includes, but is not limited to Java Collections classes, Throwable
subclasses and object versions of primitive values.
|
| AtomicSerial.Factory |
Factory to test AtomicSerial instantiation compliance.
|
| AtomicSerial.GetArg |
GetArg is the single argument to AtomicSerial's constructor
|
| BooleanSerializer | |
| ByteSerializer | |
| CharSerializer | |
| DeSerializationPermission |
Permission that when granted, allows de-serialization of an object.
|
| DoubleSerializer | |
| FloatSerializer | |
| LongSerializer | |
| ShortSerializer | |
| Valid |
Utilities for validating invariants.
|
| Enum | Description |
|---|---|
| AtomicMarshalInputStream.Reference |
| Exception | Description |
|---|---|
| AtomicException |
Although most Throwable classes are serialized over AtomicMarshalOutputStream,
only Throwable's fields are transferred.
|
| OptionalDataException |
Has the same semantics as
OptionalDataException, exists
in case we can't de-serialize OptionalDataException. |
| Annotation Type | Description |
|---|---|
| AtomicExternal |
Classes annotated with this are expected to have a single argument public
constructor that accepts an ObjectInput instance and implement Externalizable.
|
| AtomicSerial |
Traditional java de-serialization cannot be used over untrusted connections
for the following reasons:
The serial stream can be manipulated to allow the attacker to instantiate
any Serializable object available on the CLASSPATH or any object that
has a default constructor, such as ClassLoader.
|
| AtomicSerial.ReadInput |
If an object wishes to read from the stream during construction
it must provide a class static method with the following annotation.
|
| Serializer |
Used to annotate a class that contains a readResolve method with the
return type.
|
Copyright © 2016–2018 The Apache Software Foundation. All rights reserved.