Add loading object to file and reading object from file
parent
04e8cb3453
commit
189b029bbc
|
@ -1,8 +1,7 @@
|
|||
import java.io.File;
|
||||
import java.io.FileWriter;
|
||||
import java.io.IOException;
|
||||
import java.io.*;
|
||||
import java.util.Scanner;
|
||||
|
||||
// TODO: close scanner etc after use
|
||||
public class FileManager {
|
||||
public static void writeFile(String fileLocation, String writeString) throws IOException {
|
||||
File newFile = new File(fileLocation);
|
||||
|
@ -22,4 +21,16 @@ public class FileManager {
|
|||
return fileReader.useDelimiter("\\Z").next();
|
||||
}
|
||||
}
|
||||
|
||||
public static Object readObjectFromFile(String fileLocation, String allowedObject) throws IOException, ClassNotFoundException {
|
||||
FileInputStream fileStream = new FileInputStream(fileLocation);
|
||||
SafeObjectInputStream objectStream = new SafeObjectInputStream(fileStream, allowedObject);
|
||||
return objectStream.readObject();
|
||||
}
|
||||
|
||||
public static void writeObjectToFile(String fileLocation, Object o) throws IOException {
|
||||
FileOutputStream fileStream = new FileOutputStream(fileLocation);
|
||||
ObjectOutputStream objectStream = new ObjectOutputStream(fileStream);
|
||||
objectStream.writeObject(o);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.ObjectInputStream;
|
||||
import java.io.ObjectStreamClass;
|
||||
|
||||
public class SafeObjectInputStream extends ObjectInputStream {
|
||||
|
||||
String allowedClass;
|
||||
|
||||
public SafeObjectInputStream(InputStream in, String allowedClass) throws IOException {
|
||||
super(in);
|
||||
this.allowedClass = allowedClass;
|
||||
}
|
||||
|
||||
// local files are generally assumed to be safe, but this additional check slightly hardens the application against using arbitrary attacks to exploit
|
||||
// please note that it is still insecure; don't use in sensitive contexts!
|
||||
@Override
|
||||
protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException {
|
||||
if (!desc.getName().equals(allowedClass)) {
|
||||
throw new SecurityException();
|
||||
}
|
||||
return super.resolveClass(desc);
|
||||
}
|
||||
}
|
|
@ -1,4 +1,6 @@
|
|||
import java.awt.event.KeyEvent;
|
||||
import java.io.IOException;
|
||||
import java.io.ObjectInputStream;
|
||||
import java.lang.reflect.Array;
|
||||
import java.util.ArrayList;
|
||||
|
||||
|
|
Loading…
Reference in New Issue