Functional Interface:: This is a functional interface and can therefore be used as the assignment target for a lambda expression or method reference.

@FunctionalInterface public interface ClassFilter

ClassFilter - Deserialization Class Filter Interface 反序列化类过滤器接口

A functional interface that determines whether a class is allowed for deserialization. Provides combinator methods (and, or, negate) for building composite filter logic, and static factory methods for common cases.

一个函数式接口，用于判断某个类是否允许反序列化。提供组合方法（and、or、negate）来构建复合过滤逻辑，以及静态工厂方法用于常见场景。

Features | 主要功能:

Functional interface for lambda usage - 函数式接口，支持 Lambda
Combinator methods: and, or, negate - 组合方法：与、或、非
Factory methods: allowAll, denyAll - 工厂方法：全部允许、全部拒绝

Usage Examples | 使用示例:

// Simple lambda filter
ClassFilter filter = className -> className.startsWith("com.myapp.");

// Combine filters
ClassFilter combined = DefaultClassFilter.secure()
    .and(className -> className.startsWith("com.myapp."));

// Use factory methods
ClassFilter noFilter = ClassFilter.allowAll();
ClassFilter blockAll = ClassFilter.denyAll();

Security | 安全性:

Thread-safe: Depends on implementation - 线程安全: 取决于实现

Since:

JDK 25, opencode-base-serialization V1.0.3

Author:

Leon Soo www.LeonSoo.com

See Also:

Method Summary

Modifier and Type

Method

Description

static ClassFilter

allowAll()

Returns a filter that allows all classes.

default ClassFilter

and(ClassFilter other)

Combines this filter with another using AND logic.

static ClassFilter

denyAll()

Returns a filter that denies all classes.

boolean

isAllowed(String className)

Checks if the given class is allowed for deserialization.

default ClassFilter

negate()

Negates this filter.

default ClassFilter

or(ClassFilter other)

Combines this filter with another using OR logic.

Method Details
- isAllowed
  
  boolean isAllowed(String className)
  
  Checks if the given class is allowed for deserialization. 检查给定的类是否允许反序列化。
  
  Parameters:
  
  className - the fully qualified class name to check | 要检查的完全限定类名
  
  Returns:
  
  true if the class is allowed, false otherwise | 如果允许该类则返回 true，否则返回 false
- allowAll
  
  static ClassFilter allowAll()
  
  Returns a filter that allows all classes. 返回允许所有类的过滤器。
  Warning: Using this filter disables all deserialization protection. Only use in trusted environments.
  
  警告：使用此过滤器将禁用所有反序列化保护。仅在可信环境中使用。
  
  Returns:
  
  a filter that allows all classes | 允许所有类的过滤器
- denyAll
  
  static ClassFilter denyAll()
  
  Returns a filter that denies all classes. 返回拒绝所有类的过滤器。
  Useful as a starting point for building allowlists.
  
  可作为构建白名单的起点。
  
  Returns:
  
  a filter that denies all classes | 拒绝所有类的过滤器
- and
  
  default ClassFilter and(ClassFilter other)
  
  Combines this filter with another using AND logic. 使用 AND 逻辑组合此过滤器与另一个过滤器。
  The resulting filter allows a class only if both this filter and the other filter allow it.
  
  结果过滤器仅在两个过滤器都允许时才允许一个类。
  
  Parameters:
  
  other - the other filter to combine with | 要组合的另一个过滤器
  
  Returns:
  
  a new filter that is the conjunction of both | 两者合取的新过滤器
  
  Throws:
  
  NullPointerException - if other is null | 当 other 为 null 时抛出
- or
  
  default ClassFilter or(ClassFilter other)
  
  Combines this filter with another using OR logic. 使用 OR 逻辑组合此过滤器与另一个过滤器。
  The resulting filter allows a class if either this filter or the other filter allows it.
  
  结果过滤器在任一过滤器允许时即允许一个类。
  
  Parameters:
  
  other - the other filter to combine with | 要组合的另一个过滤器
  
  Returns:
  
  a new filter that is the disjunction of both | 两者析取的新过滤器
  
  Throws:
  
  NullPointerException - if other is null | 当 other 为 null 时抛出
- negate
  
  default ClassFilter negate()
  
  Negates this filter. 对此过滤器取反。
  The resulting filter allows a class only if this filter denies it, and vice versa.
  
  结果过滤器仅在此过滤器拒绝时才允许，反之亦然。
  
  Returns:
  
  a new filter that is the negation of this filter | 此过滤器取反的新过滤器

Interface ClassFilter

Method Summary

Method Details

isAllowed

allowAll

denyAll

and

or

negate