001    /**
002     *   GRANITE DATA SERVICES
003     *   Copyright (C) 2006-2013 GRANITE DATA SERVICES S.A.S.
004     *
005     *   This file is part of the Granite Data Services Platform.
006     *
007     *   Granite Data Services is free software; you can redistribute it and/or
008     *   modify it under the terms of the GNU Lesser General Public
009     *   License as published by the Free Software Foundation; either
010     *   version 2.1 of the License, or (at your option) any later version.
011     *
012     *   Granite Data Services is distributed in the hope that it will be useful,
013     *   but WITHOUT ANY WARRANTY; without even the implied warranty of
014     *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
015     *   General Public License for more details.
016     *
017     *   You should have received a copy of the GNU Lesser General Public
018     *   License along with this library; if not, write to the Free Software
019     *   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
020     *   USA, or see <http://www.gnu.org/licenses/>.
021     */
022    package org.granite.messaging.amf.io;
023    
024    /**
025     * Implementations of this interface are used at deserialization time in
026     * order to control arbitrary class instantiation that can result in potential
027     * security exploits.
028     * 
029     * @author Franck WOLFF
030     */
031    public interface AMF3DeserializerSecurizer {
032    
033            /**
034             * Check if it safe to instantiate the class denoted by the <code>className</code>
035             * parameter.
036             * 
037             * @param className the class name to check.
038             * @return <code>true</code> if it is safe to instantiate the given class,
039             *              <code>false</code> otherwise.
040             */
041            public boolean allowInstantiation(String className);
042            
043            /**
044             * An arbitrary string that may be used in order to configure this securizer.
045             * 
046             * @param param a string used in configuring this securizer.
047             */
048            public void setParam(String param);
049            
050            /**
051             * Returns the string that is currently used for this securizer configuration.
052             * 
053             * @return the string that is currently used for this securizer configuration.
054             */
055            public String getParam();
056    }