Java Code Examples for com.thoughtworks.xstream.XStream#allowTypesByWildcard()

The following examples show how to use com.thoughtworks.xstream.XStream#allowTypesByWildcard() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: javamelody   File: TransportFormat.java    License: Apache License 2.0 6 votes vote down vote up
static Object readFromXml(InputStream bufferedInput) throws IOException {
	final XStream xstream = createXStream(false);
	// see http://x-stream.github.io/security.html
	// clear out existing permissions and set own ones
	xstream.addPermission(NoTypePermission.NONE);
	// allow some basics
	xstream.addPermission(NullPermission.NULL);
	xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
	xstream.allowTypesByWildcard(
			new String[] { "java.lang.*", "java.util.*", "java.util.concurrent.*" });
	// allow any type from the same package
	xstream.allowTypesByWildcard(new String[] { PACKAGE_NAME + ".*" });
	final InputStreamReader reader = new InputStreamReader(bufferedInput, XML_CHARSET_NAME);
	try {
		return xstream.fromXML(reader);
	} finally {
		reader.close();
	}
}
 
Example 2
public EventView toEventView() {
    XStream xStream = new XStream();
    // Afin d'éviter le message "Security framework of XStream
    // not initialized, XStream is probably vulnerable"
    // cf. https://stackoverflow.com/questions/44698296/security-framework-of-xstream-not-initialized-xstream-is-probably-vulnerable
    xStream.allowTypesByWildcard(new String[]{
            "org.hesperides.core.domain.**"
    });

    return new EventView(
            payloadType,
            (UserEvent) xStream.fromXML(serializedPayload),
            Instant.parse(timestamp)
    );
}
 
Example 3
public XStreamDashboardPersister() {
	this.file = getUserDashboard(getUserId());

	xstream = new XStream(new DomDriver(UTF_8.name()));
	xstream.setMode(XStream.NO_REFERENCES);
	xstream.addPermission(NoTypePermission.NONE);
	xstream.addPermission(NullPermission.NULL);
	xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
	xstream.allowTypesByWildcard(new String[] {"org.apache.openmeetings.web.**"});
	xstream.allowTypeHierarchy(ArrayList.class);
	xstream.alias("dashboard", UserDashboard.class);
}
 
Example 4
/**
 * Sets up the security framework for the passed <code>XStream</code> object.
 *
 * @param xStream the <code>XStream</code> object to set the security framework up for
 * @see <a
 *     href="https://x-stream.github.io/security.html">https://x-stream.github.io/security.html</a>
 */
private static void setUpSecurityFramework(XStream xStream) {
  // forbid all classes by default
  xStream.addPermission(NoTypePermission.NONE);

  // allow default java stuff
  xStream.addPermission(NullPermission.NULL);
  xStream.addPermission(PrimitiveTypePermission.PRIMITIVES);
  xStream.allowTypeHierarchy(Collection.class);
  xStream.allowTypeHierarchy(Map.class);
  xStream.allowTypes(new Class[] {String.class});

  // allow all saros classes
  xStream.allowTypesByWildcard(new String[] {"saros.**"});
}
 
Example 5
Source Project: brooklyn-server   File: XmlSerializer.java    License: Apache License 2.0 4 votes vote down vote up
public XmlSerializer(ClassLoader loader, Map<String, String> deserializingClassRenames) {
    this.deserializingClassRenames = deserializingClassRenames;
    xstream = new XStream() {
        @Override
        protected MapperWrapper wrapMapper(MapperWrapper next) {
            return XmlSerializer.this.wrapMapperForNormalUsage( super.wrapMapper(next) );
        }
    };

    XStream.setupDefaultSecurity(xstream);
    xstream.allowTypesByWildcard(new String[] {
           "**"
    });

    if (loader!=null) {
        xstream.setClassLoader(loader);
    }
    
    xstream.registerConverter(newCustomJavaClassConverter(), XStream.PRIORITY_NORMAL);
    
    // list as array list is default
    xstream.alias("map", Map.class, LinkedHashMap.class);
    xstream.alias("set", Set.class, LinkedHashSet.class);
    
    xstream.registerConverter(new StringKeyMapConverter(xstream.getMapper()), /* priority */ 10);
    xstream.alias("MutableMap", MutableMap.class);
    xstream.alias("MutableSet", MutableSet.class);
    xstream.alias("MutableList", MutableList.class);
    
    // Needs an explicit MutableSet converter!
    // Without it, the alias for "set" seems to interfere with the MutableSet.map field, so it gets
    // a null field on deserialization.
    xstream.registerConverter(new MutableSetConverter(xstream.getMapper()));
    
    xstream.aliasType("ImmutableList", ImmutableList.class);
    xstream.registerConverter(new ImmutableListConverter(xstream.getMapper()));
    xstream.registerConverter(new ImmutableSetConverter(xstream.getMapper()));
    xstream.registerConverter(new ImmutableMapConverter(xstream.getMapper()));

    xstream.registerConverter(new EnumCaseForgivingConverter());
    xstream.registerConverter(new Inet4AddressConverter());
    
    // See ObjectWithDefaultStringImplConverter (and its usage) for why we want to auto-detect 
    // annotations (usages of this is in the camp project, so we can't just list it statically
    // here unfortunately).
    xstream.autodetectAnnotations(true);
}
 
Example 6
private static void initWriterSecurity( XStream chartWriter ) {
  XStream.setupDefaultSecurity( chartWriter );
  Class[] allowedTypes = new Class[]{ MqlQuery.class, Query.class };
  chartWriter.allowTypes( allowedTypes );
  chartWriter.allowTypesByWildcard( new String[]{ "org.pentaho.commons.metadata.mqleditor.beans.**" } );
}