[ https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15006477#comment-15006477 ]
Bertrand Delacretaz edited comment on IO-487 at 11/16/15 10:37 AM: ------------------------------------------------------------------- Or maybe {code} ObjectInputStream ois = new ValidatingObjectInputStream(is) .accept(com.foo.Foo.class, Integer.class) .accept("com.bar.Bar*") .reject("com.baz.*") {code} You'd need to process those simplified regex but considering the conventions on class names it should be sufficient to map dots to {{\.}} and stars to {{.*}} And also include {{acceptPattern(Pattern p)}} and {{rejectPattern(Pattern p)}} for edge cases. Or maybe better, {{accept(ClassNameMatcher m)}} and {{reject(ClassNameMatcher m)}} was (Author: bdelacretaz): Or maybe {code} ObjectInputStream ois = new ValidatingObjectInputStream(is) .accept(com.foo.Foo.class, Integer.class) .accept("com.bar.Bar*") .reject("com.baz.*") {code} You'd need to process those simplified regex but considering the conventions on class names it should be sufficient to map dots to {{\.}} and stars to {{.*}} And also include {{acceptPattern(Pattern p)}} and {{rejectPattern(Pattern p)}} for edge cases. > SafeObjectInputStream contribution - restrict which classes can be > deserialized > ------------------------------------------------------------------------------- > > Key: IO-487 > URL: https://issues.apache.org/jira/browse/IO-487 > Project: Commons IO > Issue Type: Improvement > Components: Utilities > Affects Versions: 2.4 > Reporter: Bertrand Delacretaz > Priority: Minor > Labels: patch > Fix For: 2.5 > > Attachments: IO-487-2.patch, IO-487-matchers.patch, > IO-487-name-regex-acceptor.patch, IO-487.patch, IO-487.patch, IO-487.patch, > IO-487.patch, IO-487.patch, IO-487.patch > > > As discussed on the commons dev list I'd like to contribute my SLING-5288 > code to commons-io. I'll attach a patch. -- This message was sent by Atlassian JIRA (v6.3.4#6332)