Setting a Custom Filter Using a Pattern
A pattern-based custom filter, which is convenient for simple cases, can be created by using the ObjectInputFilter.Config.createFilter method. You can create a pattern-based filter as a system property or Security Property. Implementing a pattern-based filter as a method or a lambda expression gives you more flexibility.
The filter patterns can accept or reject specific names of classes, packages, and modules and can place limits on array sizes, graph depth, total references, and stream size. Patterns cannot match the names of the supertype or interfaces of the class.
In the following example, the filter allows
example.File and
rejects
example.Directory.ObjectInputFilter filesOnlyFilter =
ObjectInputFilter.Config.createFilter("example.File;!example.Directory");This example allows only
example.File. All other class names
are
rejected.ObjectInputFilter filesOnlyFilter =
ObjectInputFilter.Config.createFilter("example.File;!*");