package com.common.clone;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.util.ArrayList;
import java.util.List;

public class SecurityObjectInputStream extends ObjectInputStream
{


    // white list
    List<String> securityList = new ArrayList<String>(1);
    
    protected SecurityObjectInputStream(ByteArrayInputStream bais) throws IOException, SecurityException
    {
        super (bais);
        securityList.add( "com.ding.clone.Person" );
        securityList.add( "java.util.ArrayList" );
        securityList.add( "java.lang.Integer" );
        securityList.add( "java.lang.Number" );
    }

    @Override
    protected Class<?> resolveClass( ObjectStreamClass desc )
            throws IOException, ClassNotFoundException
    {
        
        //System.out.println(desc.getName());
        if(!securityList.contains( desc.getName() )){
            throw new ClassNotFoundException( desc.getName() + " not found" );
        };
        return super.resolveClass( desc );
    }
}