public static Object deserialize ( byte [] buffer ) throws IOException, ClassNot

1. public static Object deserialize ( byte [] buffer ) throws IOException, ClassNotFoundException {
2.  
3.     Object obj = null;
4.  
5.     try ( ByteArrayInputStream byte_array = new ByteArrayInputStream ( buffer ) ) {
6.  
7.         try ( ObjectInputStream obj_stream = new ObjectInputStream ( byte_array ) ) {
8.  
9.             obj = obj_stream.readObject ( );
10.      
11.         }
12.  
13.     }
14.  
15.     return ( obj );
16.  
17. }
18.  
19.  
20.  
21. java.io.ObjectInputStream.resolveClass ( );
22.  
23.  
24.  
25. class SecureObjectInputStream extends ObjectInputStream {
26.  
27.     public Set whitelist;
28.  
29.     public WhitelistedObjectInputStream(InputStream default_stream ) throws IOException {
30.  
31.         super( sefault_stream );
32.  
33.     }
34.  
35.     whitelist = new HashSet <String> ( Arrays.asList ( new String[] { "class_1","class_2", ... } ) );
36.  
37.     @Override
38.     protected Class <?> resolveClass ( ObjectStreamClass obj_class ) throws IOException, ClassNotFoundException {
39.  
40.         if ( !whitelist.contains ( obj_class.getName ( ) ) )
41.             throw new InvalidClassException ( "Unexpected serialized class", obj_class.getName ( ) );
42.  
43.         return ( super.resolveClass ( obj_class ) );
44.  
45.     }
46.  
47. }
48.  
49. private static Object deserialize ( byte[] buffer ) throws IOException, ClassNotFoundException {
50.  
51.     Object obj = null;
52.  
53.     try ( ByteArrayInputStream byte_array = new ByteArrayInputStream ( buffer ) ) {
54.  
55.         try ( SecureObjectInputStream obj_stream = new WhitelistedObjectInputStream ( byte_array, whitelist ) ) {
56.  
57.             obj = obj_stream.readObject ( );
58.  
59.         }
60.  
61.     }
62.    
63.     return ( obj );
64.  
65. }