001 /*
002 GRANITE DATA SERVICES
003 Copyright (C) 2011 GRANITE DATA SERVICES S.A.S.
004
005 This file is part of Granite Data Services.
006
007 Granite Data Services is free software; you can redistribute it and/or modify
008 it under the terms of the GNU Library General Public License as published by
009 the Free Software Foundation; either version 2 of the License, or (at your
010 option) any later version.
011
012 Granite Data Services is distributed in the hope that it will be useful, but
013 WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
014 FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License
015 for more details.
016
017 You should have received a copy of the GNU Library General Public License
018 along with this library; if not, see <http://www.gnu.org/licenses/>.
019 */
020
021 package org.granite.messaging.amf.io;
022
023 /**
024 * Implementations of this interface are used at deserialization time in
025 * order to control arbitrary class instantiation that can result in potential
026 * security exploits.
027 *
028 * @author Franck WOLFF
029 */
030 public interface AMF3DeserializerSecurizer {
031
032 /**
033 * Check if it safe to instantiate the class denoted by the <code>className</code>
034 * parameter.
035 *
036 * @param className the class name to check.
037 * @return <code>true</code> if it is safe to instantiate the given class,
038 * <code>false</code> otherwise.
039 */
040 public boolean allowInstantiation(String className);
041
042 /**
043 * An arbitrary string that may be used in order to configure this securizer.
044 *
045 * @param param a string used in configuring this securizer.
046 */
047 public void setParam(String param);
048
049 /**
050 * Returns the string that is currently used for this securizer configuration.
051 *
052 * @return the string that is currently used for this securizer configuration.
053 */
054 public String getParam();
055 }