Class LoomSerializationAllowlist
java.lang.Object
com.loomcache.springboot.serialization.LoomSerializationAllowlist
Allowlist used by
ObjectInputFilter for Spring-side caching and session
deserialization.
The JDK defaults (primitives, enums, boxed numbers, String, Date,
UUID, java.time.*, and standard java.util collections /
maps) are admitted implicitly.
Application classes are only admitted when their package is explicitly
listed via the loomcache.serialization.allowed-packages system property
(comma-separated list of package prefixes). This is a deny-by-default posture:
the previous behaviour, which admitted any non-JDK Serializable, gave
gadget-bearing application classes a free pass.
Example: -Dloomcache.serialization.allowed-packages=com.acme.dto,com.acme.session
-
Method Summary
-
Method Details
-
isAllowedSerializableType
-