Java Code Examples for com.thoughtworks.xstream.XStream#setupDefaultSecurity()
The following examples show how to use
com.thoughtworks.xstream.XStream#setupDefaultSecurity() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SesarSample.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
* gets an <code>XStream</code> reader. Creates, customizes, and returns
* <code>XStream</code> for XML serialization
*
* @pre <code>XStream</code> package is available @post <code>XStream</code>
* for XML decoding is returned
*
* @return <code>XStream</code> - for XML serialization decoding
*/
public static XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example 2
| Source File: PhysicalConstants.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
*
* @return
*/
private XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example 3
| Source File: AcceptanceTestContext.java From gatf with Apache License 2.0 | 6 votes |
|
private void initTestDataProviderAndGlobalVariables() {
GatfTestDataConfig gatfTestDataConfig = null;
if(gatfExecutorConfig.getTestDataConfigFile()!=null) {
File file = getResourceFile(gatfExecutorConfig.getTestDataConfigFile());
Assert.assertNotNull("Testdata configuration file not found...", file);
Assert.assertEquals("Testdata configuration file not found...", file.exists(), true);
XStream xstream = new XStream(new DomDriver("UTF-8"));
XStream.setupDefaultSecurity(xstream);
xstream.allowTypes(new Class[]{GatfTestDataConfig.class, GatfTestDataProvider.class});
xstream.processAnnotations(new Class[]{GatfTestDataConfig.class, GatfTestDataProvider.class});
xstream.alias("gatf-testdata-provider", GatfTestDataProvider.class);
xstream.alias("args", String[].class);
xstream.alias("arg", String.class);
gatfTestDataConfig = (GatfTestDataConfig)xstream.fromXML(file);
gatfExecutorConfig.setGatfTestDataConfig(gatfTestDataConfig);
} else {
gatfTestDataConfig = gatfExecutorConfig.getGatfTestDataConfig();
}
handleTestDataSourcesAndHooks(gatfTestDataConfig);
}
Example 4
| Source File: ReportSettingsInterface.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
*
* @return
*/
public default XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example 5
| Source File: ValueModel.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
* gets an <code>XStream</code> reader. Creates, customizes, and returns
* <code>XStream</code> for XML serialization
*
* @pre <code>XStream</code> package is available @post <code>XStream</code>
* for XML decoding is returned
*
* @return <code>XStream</code> - for XML serialization decoding
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example 6
| Source File: AnalysisFraction.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
*
* @return
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example 7
| Source File: AbstractRatiosDataModel.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
*
* @return
*/
protected XStream getXStream() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example 8
| Source File: KieModuleMarshaller.java From kogito-runtimes with Apache License 2.0 | 5 votes |
|
private KieModuleMarshaller() {
xStream = new XStream(new DomDriver()) {
@Override
protected void setupConverters() {
registerConverter(new NullConverter(), PRIORITY_VERY_HIGH);
registerConverter(new IntConverter(), PRIORITY_NORMAL);
registerConverter(new FloatConverter(), PRIORITY_NORMAL);
registerConverter(new DoubleConverter(), PRIORITY_NORMAL);
registerConverter(new LongConverter(), PRIORITY_NORMAL);
registerConverter(new ShortConverter(), PRIORITY_NORMAL);
registerConverter(new BooleanConverter(), PRIORITY_NORMAL);
registerConverter(new ByteConverter(), PRIORITY_NORMAL);
registerConverter(new StringConverter(), PRIORITY_NORMAL);
registerConverter(new CollectionConverter(getMapper()), PRIORITY_NORMAL);
registerConverter(new ReflectionConverter(getMapper(), getReflectionProvider()), PRIORITY_VERY_LOW);
registerConverter(new KieModuleConverter());
registerConverter(new KieBaseModelImpl.KBaseConverter());
registerConverter(new KieSessionModelImpl.KSessionConverter());
registerConverter(new ListenerModelImpl.ListenerConverter());
registerConverter(new QualifierModelImpl.QualifierConverter());
registerConverter(new WorkItemHandlerModelImpl.WorkItemHandelerConverter());
registerConverter(new ChannelModelImpl.ChannelConverter());
registerConverter(new RuleTemplateModelImpl.RuleTemplateConverter());
}
};
XStream.setupDefaultSecurity(xStream);
xStream.addPermission(new AnyTypePermission());
xStream.alias("kmodule", KieModuleModelImpl.class);
xStream.alias("kbase", KieBaseModelImpl.class);
xStream.alias("ksession", KieSessionModelImpl.class);
xStream.alias("listener", ListenerModelImpl.class);
xStream.alias("qualifier", QualifierModelImpl.class);
xStream.alias("workItemHandler", WorkItemHandlerModelImpl.class);
xStream.alias("channel", ChannelModelImpl.class);
xStream.alias("fileLogger", FileLoggerModelImpl.class);
xStream.alias("ruleTemplate", RuleTemplateModelImpl.class);
xStream.setClassLoader(KieModuleModelImpl.class.getClassLoader());
}
Example 9
| Source File: GatfTestCaseExecutorUtil.java From gatf with Apache License 2.0 | 5 votes |
|
public static GatfExecutorConfig getConfig(InputStream resource) {
XStream xstream = new XStream(new DomDriver("UTF-8"));
XStream.setupDefaultSecurity(xstream);
xstream.allowTypes(new Class[] {GatfExecutorConfig.class, GatfTestDataConfig.class, GatfTestDataProvider.class,
SeleniumDriverConfig.class, GatfTestDataSourceHook.class, GatfTestDataSource.class});
xstream.processAnnotations(new Class[] {GatfExecutorConfig.class, GatfTestDataConfig.class, GatfTestDataProvider.class,
SeleniumDriverConfig.class, GatfTestDataSourceHook.class, GatfTestDataSource.class});
xstream.alias("gatf-testdata-source", GatfTestDataSource.class);
xstream.alias("gatf-testdata-provider", GatfTestDataProvider.class);
xstream.alias("gatf-testdata-source-hook", GatfTestDataSourceHook.class);
xstream.alias("gatfTestDataConfig", GatfTestDataConfig.class);
xstream.alias("seleniumDriverConfigs", SeleniumDriverConfig[].class);
xstream.alias("seleniumDriverConfig", SeleniumDriverConfig.class);
xstream.alias("args", String[].class);
xstream.alias("arg", String.class);
xstream.alias("testCaseHooksPaths", String[].class);
xstream.alias("testCaseHooksPath", String.class);
xstream.alias("queryStrs", String[].class);
xstream.alias("queryStr", String.class);
xstream.alias("distributedNodes", String[].class);
xstream.alias("distributedNode", String.class);
xstream.alias("ignoreFiles", String[].class);
xstream.alias("ignoreFile", String.class);
xstream.alias("orderedFiles", String[].class);
xstream.alias("orderedFile", String.class);
xstream.alias("string", String.class);
xstream.alias("seleniumScripts", String[].class);
xstream.alias("seleniumScript", String.class);
GatfExecutorConfig configuration = (GatfExecutorConfig) xstream.fromXML(resource);
configuration.setJavaVersion(System.getProperty("java.version"));
return configuration;
}
Example 10
| Source File: FoldersServiceBean.java From cuba with Apache License 2.0 | 5 votes |
|
protected XStream createXStream() {
XStream xStream = new CubaXStream();
XStream.setupDefaultSecurity(xStream);
xStream.allowTypeHierarchy(Serializable.class);
//createTs and createdBy removed from BaseGenericIdEntity,
//and import from old versions (platform 6.2) is performed with errors
//so omit field processing
xStream.omitField(BaseGenericIdEntity.class, "createTs");
xStream.omitField(BaseGenericIdEntity.class, "createdBy");
return xStream;
}
Example 11
| Source File: EntitySnapshotManager.java From cuba with Apache License 2.0 | 5 votes |
|
protected Object fromXML(String xml) {
final List exclUpdateFields = Arrays.asList("updateTs", "updatedBy");
XStream xStream = new CubaXStream() {
@Override
protected MapperWrapper wrapMapper(MapperWrapper next) {
return new MapperWrapper(next) {
@Override
public boolean shouldSerializeMember(Class definedIn, String fieldName) {
boolean result = super.shouldSerializeMember(definedIn, fieldName);
if (!result) {
return false;
}
if (fieldName != null) {
if (exclUpdateFields.contains(fieldName)
&& Updatable.class.isAssignableFrom(definedIn)) {
return false;
}
if ("uuid".equals(fieldName)) {
if (!HasUuid.class.isAssignableFrom(definedIn)
&& BaseGenericIdEntity.class.isAssignableFrom(definedIn)) {
return false;
}
}
}
return true;
}
};
}
};
XStream.setupDefaultSecurity(xStream);
xStream.allowTypeHierarchy(Serializable.class);
xStream.omitField(BaseGenericIdEntity.class, "createTs");
xStream.omitField(BaseGenericIdEntity.class, "createdBy");
return xStream.fromXML(xml);
}
Example 12
| Source File: GatfTestGeneratorUtil.java From gatf with Apache License 2.0 | 5 votes |
|
public static GatfConfiguration getConfig(InputStream resource)
{
XStream xstream = new XStream(new DomDriver("UTF-8"));
XStream.setupDefaultSecurity(xstream);
xstream.allowTypes(new Class[]{GatfConfiguration.class});
xstream.processAnnotations(new Class[]{GatfConfiguration.class});
xstream.alias("testPaths", String[].class);
xstream.alias("testPath", String.class);
xstream.alias("soapWsdlKeyPairs", String[].class);
xstream.alias("soapWsdlKeyPair", String.class);
xstream.alias("string", String.class);
GatfConfiguration config = (GatfConfiguration)xstream.fromXML(resource);
return config;
}
Example 13
| Source File: GatfTestGeneratorUtil.java From gatf with Apache License 2.0 | 5 votes |
|
public static String getConfigStr(GatfConfiguration configuration)
{
XStream xstream = new XStream(new DomDriver("UTF-8"));
XStream.setupDefaultSecurity(xstream);
xstream.allowTypes(new Class[]{GatfConfiguration.class});
xstream.processAnnotations(new Class[]{GatfConfiguration.class});
xstream.alias("testPaths", String[].class);
xstream.alias("testPath", String.class);
xstream.alias("soapWsdlKeyPairs", String[].class);
xstream.alias("soapWsdlKeyPair", String.class);
xstream.alias("string", String.class);
return xstream.toXML(configuration);
}
Example 14
| Source File: GatfTestCaseExecutorUtil.java From gatf with Apache License 2.0 | 5 votes |
|
public static String getConfigStr(GatfExecutorConfig configuration) {
XStream xstream = new XStream(new DomDriver("UTF-8"));
XStream.setupDefaultSecurity(xstream);
xstream.allowTypes(new Class[] {GatfExecutorConfig.class, GatfTestDataConfig.class, GatfTestDataProvider.class,
SeleniumDriverConfig.class, GatfTestDataSourceHook.class, GatfTestDataSource.class});
xstream.processAnnotations(new Class[] {GatfExecutorConfig.class, GatfTestDataConfig.class, GatfTestDataProvider.class,
SeleniumDriverConfig.class, GatfTestDataSourceHook.class, GatfTestDataSource.class});
xstream.alias("gatf-testdata-source", GatfTestDataSource.class);
xstream.alias("gatf-testdata-provider", GatfTestDataProvider.class);
xstream.alias("gatf-testdata-source-hook", GatfTestDataSourceHook.class);
xstream.alias("gatfTestDataConfig", GatfTestDataConfig.class);
xstream.alias("seleniumDriverConfigs", SeleniumDriverConfig[].class);
xstream.alias("seleniumDriverConfig", SeleniumDriverConfig.class);
xstream.alias("args", String[].class);
xstream.alias("arg", String.class);
xstream.alias("testCaseHooksPaths", String[].class);
xstream.alias("testCaseHooksPath", String.class);
xstream.alias("queryStrs", String[].class);
xstream.alias("queryStr", String.class);
xstream.alias("distributedNodes", String[].class);
xstream.alias("distributedNode", String.class);
xstream.alias("ignoreFiles", String[].class);
xstream.alias("orderedFiles", String[].class);
xstream.alias("string", String.class);
xstream.alias("seleniumScripts", String[].class);
xstream.alias("seleniumScript", String.class);
return xstream.toXML(configuration);
}
Example 15
| Source File: XMLTestCaseFinder.java From gatf with Apache License 2.0 | 5 votes |
|
@SuppressWarnings("unchecked")
public List<TestCase> resolveTestCases(File testCaseFile) throws Exception {
XStream xstream = new XStream(new DomDriver("UTF-8"));
XStream.setupDefaultSecurity(xstream);
xstream.allowTypes(new Class[]{TestCase.class});
xstream.processAnnotations(new Class[]{TestCase.class});
xstream.alias("TestCases", List.class);
List<TestCase> xmlTestCases = (List<TestCase>)xstream.fromXML(testCaseFile);
return xmlTestCases;
}
Example 16
| Source File: XmlSerializer.java From brooklyn-server with Apache License 2.0 | 4 votes |
|
public XmlSerializer(ClassLoader loader, Map<String, String> deserializingClassRenames) {
this.deserializingClassRenames = deserializingClassRenames;
xstream = new XStream() {
@Override
protected MapperWrapper wrapMapper(MapperWrapper next) {
return XmlSerializer.this.wrapMapperForNormalUsage( super.wrapMapper(next) );
}
};
XStream.setupDefaultSecurity(xstream);
xstream.allowTypesByWildcard(new String[] {
"**"
});
if (loader!=null) {
xstream.setClassLoader(loader);
}
xstream.registerConverter(newCustomJavaClassConverter(), XStream.PRIORITY_NORMAL);
// list as array list is default
xstream.alias("map", Map.class, LinkedHashMap.class);
xstream.alias("set", Set.class, LinkedHashSet.class);
xstream.registerConverter(new StringKeyMapConverter(xstream.getMapper()), /* priority */ 10);
xstream.alias("MutableMap", MutableMap.class);
xstream.alias("MutableSet", MutableSet.class);
xstream.alias("MutableList", MutableList.class);
// Needs an explicit MutableSet converter!
// Without it, the alias for "set" seems to interfere with the MutableSet.map field, so it gets
// a null field on deserialization.
xstream.registerConverter(new MutableSetConverter(xstream.getMapper()));
xstream.aliasType("ImmutableList", ImmutableList.class);
xstream.registerConverter(new ImmutableListConverter(xstream.getMapper()));
xstream.registerConverter(new ImmutableSetConverter(xstream.getMapper()));
xstream.registerConverter(new ImmutableMapConverter(xstream.getMapper()));
xstream.registerConverter(new EnumCaseForgivingConverter());
xstream.registerConverter(new Inet4AddressConverter());
// See ObjectWithDefaultStringImplConverter (and its usage) for why we want to auto-detect
// annotations (usages of this is in the camp project, so we can't just list it statically
// here unfortunately).
xstream.autodetectAnnotations(true);
}
Example 17
| Source File: GatfTestGeneratorUtil.java From gatf with Apache License 2.0 | 4 votes |
|
public static void main(String[] args) throws Exception
{
if(args.length>=1) {
if(args.length>1 && args[0].equals("-generator") && !args[1].trim().isEmpty())
{
InputStream io = new FileInputStream(args[1]);
XStream xstream = new XStream(new DomDriver("UTF-8"));
XStream.setupDefaultSecurity(xstream);
xstream.allowTypes(new Class[]{GatfConfiguration.class});
xstream.processAnnotations(new Class[]{GatfConfiguration.class});
xstream.alias("testPaths", String[].class);
xstream.alias("testPath", String.class);
xstream.alias("soapWsdlKeyPairs", String[].class);
xstream.alias("soapWsdlKeyPair", String.class);
xstream.alias("string", String.class);
GatfConfiguration config = (GatfConfiguration)xstream.fromXML(io);
GatfTestGeneratorUtil testGenerator = new GatfTestGeneratorUtil();
testGenerator.setDebugEnabled(config.isDebugEnabled());
testGenerator.setEnabled(config.isEnabled());
testGenerator.setRequestDataType(config.getRequestDataType());
testGenerator.setTestPaths(config.getTestPaths());
testGenerator.setSoapWsdlKeyPairs(config.getSoapWsdlKeyPairs());
testGenerator.setUrlPrefix(config.getUrlPrefix());
testGenerator.setResourcepath(config.getResourcepath());
testGenerator.setOutDataType(config.getResponseDataType());
testGenerator.setOverrideSecure(config.isOverrideSecure());
testGenerator.setUrlSuffix(config.getUrlSuffix());
testGenerator.setUseSoapClient(config.isUseSoapClient());
testGenerator.setTestCaseFormat(config.getTestCaseFormat());
testGenerator.setPostmanCollectionVersion(config.getPostmanCollectionVersion());
testGenerator.setOverrideSecure(config.isOverrideSecure());
testGenerator.execute();
}
else if(args.length>1 && (args[0].equals("-executor") || args[0].equals("-selenium")) && !args[1].trim().isEmpty())
{
GatfTestCaseExecutorUtil.main(args);
}
else if(args.length>3 && args[0].equals("-configtool") && !args[1].trim().isEmpty()
&& !args[2].trim().isEmpty() && !args[3].trim().isEmpty())
{
GatfConfigToolUtil.main(args);
}
else if(args[0].equals("-listener"))
{
DistributedGatfListener.main(args);
}
else
{
System.out.println("Please specify proper arguments to the program - valid invocation options are, \n" +
"java -jar gatf-plugin-{version}.jar -generator {generator-config-file}.xml\n" +
"java -jar gatf-plugin-{version}.jar -executor {executor-config-file}.xml\n" +
"java -jar gatf-plugin-{version}.jar -configtool {http_port} {ip_address} {project_folder}\n" +
"java -jar gatf-plugin-{version}.jar -listener\n");
}
}
else
{
System.out.println("Invalid invocation - valid invocation options are, \n" +
"java -jar gatf-plugin-{version}.jar -generator {generator-config-file}.xml\n" +
"java -jar gatf-plugin-{version}.jar -executor {executor-config-file}.xml\n" +
"java -jar gatf-plugin-{version}.jar -configtool {http_port} {ip_address} {project_folder}\n" +
"java -jar gatf-plugin-{version}.jar -listener\n");
}
System.exit(0);
}
Example 18
| Source File: ModelSerializer.java From mql-editor with GNU Lesser General Public License v2.1 | 4 votes |
|
private static void initWriterSecurity( XStream chartWriter ) {
XStream.setupDefaultSecurity( chartWriter );
Class[] allowedTypes = new Class[]{ MqlQuery.class, Query.class };
chartWriter.allowTypes( allowedTypes );
chartWriter.allowTypesByWildcard( new String[]{ "org.pentaho.commons.metadata.mqleditor.beans.**" } );
}
Example 19
| Source File: XStreamUtils.java From kogito-runtimes with Apache License 2.0 | 4 votes |
|
private static XStream internalCreateNonTrustingXStream(XStream xstream) {
XStream.setupDefaultSecurity(xstream);
xstream.addPermission(new AnyAnnotationTypePermission());
xstream.addPermission(new WildcardTypePermission(WHITELISTED_PACKAGES));
return xstream;
}
Example 20
| Source File: XStreamUtils.java From kogito-runtimes with Apache License 2.0 | 4 votes |
|
private static XStream internalCreateTrustingXStream(XStream xstream) {
XStream.setupDefaultSecurity(xstream);
xstream.addPermission(new AnyTypePermission());
return xstream;
}
