Class SubTypeValidator


  • public class SubTypeValidator
    extends java.lang.Object
    Helper class used to encapsulate rules that determine subtypes that are invalid to use, even with default typing, mostly due to security concerns. Used by BeanDeserializerFactory
    Since:
    2.8.11
    • Field Detail

      • DEFAULT_NO_DESER_CLASS_NAMES

        protected static final java.util.Set<java.lang.String> DEFAULT_NO_DESER_CLASS_NAMES
        Set of well-known "nasty classes", deserialization of which is considered dangerous and should (and is) prevented by default.
      • _cfgIllegalClassNames

        protected java.util.Set<java.lang.String> _cfgIllegalClassNames
        Set of class names of types that are never to be deserialized.
    • Constructor Detail

      • SubTypeValidator

        protected SubTypeValidator()