Class ObjectDecoder

  • All Implemented Interfaces:
    ChannelHandler, ChannelInboundHandler

    @Deprecated
    public class ObjectDecoder
    extends LengthFieldBasedFrameDecoder
    Deprecated.
    This class has been deprecated with no replacement, because serialization can be a security liability
    A decoder which deserializes the received ByteBufs into Java objects.

    Please note that the serialized form this decoder expects is not compatible with the standard ObjectOutputStream. Please use ObjectEncoder or ObjectEncoderOutputStream to ensure the interoperability with this decoder.

    Security: serialization can be a security liability, and should not be used without defining a list of classes that are allowed to be desirialized. Such a list can be specified with the jdk.serialFilter system property, for instance. See the serialization filtering article for more information.

    • Constructor Detail

      • ObjectDecoder

        public ObjectDecoder​(ClassResolver classResolver)
        Deprecated.
        Creates a new decoder whose maximum object size is 1048576 bytes. If the size of the received object is greater than 1048576 bytes, a StreamCorruptedException will be raised.
        Parameters:
        classResolver - the ClassResolver to use for this decoder
      • ObjectDecoder

        public ObjectDecoder​(int maxObjectSize,
                             ClassResolver classResolver)
        Deprecated.
        Creates a new decoder with the specified maximum object size.
        Parameters:
        maxObjectSize - the maximum byte length of the serialized object. if the length of the received object is greater than this value, StreamCorruptedException will be raised.
        classResolver - the ClassResolver which will load the class of the serialized object