ODObjectInputStream (Content Manager OnDemand V10.5 WEK APIs)

Skip navigation links

Content Manager OnDemand V10.5 WEK APIs

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- java.io.InputStream
- - java.io.ObjectInputStream
  - - com.ibm.edms.od.ODObjectInputStream

All Implemented Interfaces:

java.io.Closeable, java.io.DataInput, java.io.ObjectInput, java.io.ObjectStreamConstants, java.lang.AutoCloseable
```
public class ODObjectInputStream
extends java.io.ObjectInputStream
```
Class overriding the default ObjectInputStream. There is a security issue with java serialization where external commands can be invoked unintentially. The issue can occur if when you deserialize an object stream you can't guarantee the source of that stream. It isn't enough to secure the client end because then you are simply trusting the client. The best solution appears to be overriding ObjectInputStream and the readObject method. Inside of your implementation of this method you can then check the name of the object being deserialized and if not what you expect, throw an exception.

(c) Copyright IBM Corp. 1993, 2016. All Rights Reserved

- Nested Class Summary
  - Nested classes/interfaces inherited from class java.io.ObjectInputStream
    java.io.ObjectInputStream.GetField
- Field Summary
  - Fields inherited from interface java.io.ObjectStreamConstants
    baseWireHandle, PROTOCOL_VERSION_1, PROTOCOL_VERSION_2, SC_BLOCK_DATA, SC_ENUM, SC_EXTERNALIZABLE, SC_SERIALIZABLE, SC_WRITE_METHOD, STREAM_MAGIC, STREAM_VERSION, SUBCLASS_IMPLEMENTATION_PERMISSION, SUBSTITUTION_PERMISSION, TC_ARRAY, TC_BASE, TC_BLOCKDATA, TC_BLOCKDATALONG, TC_CLASS, TC_CLASSDESC, TC_ENDBLOCKDATA, TC_ENUM, TC_EXCEPTION, TC_LONGSTRING, TC_MAX, TC_NULL, TC_OBJECT, TC_PROXYCLASSDESC, TC_REFERENCE, TC_RESET, TC_STRING
- Constructor Summary
  
  Constructors
  Constructor and Description
  
  ODObjectInputStream(java.io.InputStream is)
- Method Summary
  - Methods inherited from class java.io.ObjectInputStream
    available, close, defaultReadObject, read, read, readBoolean, readByte, readChar, readDouble, readFields, readFloat, readFully, readFully, readInt, readLine, readLong, readObject, readShort, readUnshared, readUnsignedByte, readUnsignedShort, readUTF, registerValidation, skipBytes
  - Methods inherited from class java.io.InputStream
    mark, markSupported, read, reset, skip
  - Methods inherited from class java.lang.Object
    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  - Methods inherited from interface java.io.ObjectInput
    read, skip

Constructor Detail

ODObjectInputStream

public ODObjectInputStream(java.io.InputStream is)
                    throws java.io.IOException

Throws:: java.io.IOException

Skip navigation links

CM OnDemand V10.5 WEK Java APIs

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

(c)Copyright International Business Machines Corporation 2001, 2020. IBM Corp. All rights reserved.