Source code

001/**
002 *   GRANITE DATA SERVICES
003 *   Copyright (C) 2006-2013 GRANITE DATA SERVICES S.A.S.
004 *
005 *   This file is part of the Granite Data Services Platform.
006 *
007 *   Granite Data Services is free software; you can redistribute it and/or
008 *   modify it under the terms of the GNU Lesser General Public
009 *   License as published by the Free Software Foundation; either
010 *   version 2.1 of the License, or (at your option) any later version.
011 *
012 *   Granite Data Services is distributed in the hope that it will be useful,
013 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
014 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
015 *   General Public License for more details.
016 *
017 *   You should have received a copy of the GNU Lesser General Public
018 *   License along with this library; if not, write to the Free Software
019 *   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
020 *   USA, or see <http://www.gnu.org/licenses/>.
021 */
022package org.granite.messaging.amf.io;
023
024/**
025 * Implementations of this interface are used at deserialization time in
026 * order to control arbitrary class instantiation that can result in potential
027 * security exploits.
028 * 
029 * @author Franck WOLFF
030 */
031public interface AMF3DeserializerSecurizer {
032
033        /**
034         * Check if it safe to instantiate the class denoted by the <code>className</code>
035         * parameter.
036         * 
037         * @param className the class name to check.
038         * @return <code>true</code> if it is safe to instantiate the given class,
039         *              <code>false</code> otherwise.
040         */
041        public boolean allowInstantiation(String className);
042        
043        /**
044         * An arbitrary string that may be used in order to configure this securizer.
045         * 
046         * @param param a string used in configuring this securizer.
047         */
048        public void setParam(String param);
049        
050        /**
051         * Returns the string that is currently used for this securizer configuration.
052         * 
053         * @return the string that is currently used for this securizer configuration.
054         */
055        public String getParam();
056}