Java HardenedLoggingEventInputStream-class And Method Code Example

The HardenedLoggingEventInputStream class is a part of the Logback library that is used to deserialize log events that were serialized by the HardenedLoggingEventOutputStream class. The HardenedLoggingEventInputStream class is designed to be more secure than the standard ObjectInputStream class by performing additional checks on the deserialized objects to ensure that they are safe to use.

Here is an example of how you might use the HardenedLoggingEventInputStream class to deserialize log events from a file:


import ch.qos.logback.classic.Logger;
import ch.qos.logback.classic.spi.LoggingEvent;
import ch.qos.logback.core.util.HardenedLoggingEventInputStream;

public class LogEventDeserializer {
  public static void main(String[] args) throws Exception {
    Logger logger = (Logger) LoggerFactory.getLogger(LogEventDeserializer.class);

    FileInputStream fileIn = new FileInputStream("logEvents.ser");
    ObjectInputStream in = new HardenedLoggingEventInputStream(fileIn);
    LoggingEvent event = (LoggingEvent) in.readObject();
    fileIn.close();"Event deserialized: {}", event);

In this example, a file named "logEvents.ser" is opened and its content is read using the HardenedLoggingEventInputStream. The log event that was serialized in the file is read and deserialized back to a LoggingEvent object which is then logged via a logger.

Please note that to be able to deserialize the events, the same version of logback should be used for serialization and deserialization. If not, you will get InvalidClassException.

You can also check for the logback documentation for more information and options available.