Java Code Examples for com.thoughtworks.xstream.XStream#allowTypesByWildcard()
The following examples show how to use
com.thoughtworks.xstream.XStream#allowTypesByWildcard() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: TransportFormat.java From javamelody with Apache License 2.0 | 6 votes |
|
static Object readFromXml(InputStream bufferedInput) throws IOException {
final XStream xstream = createXStream(false);
// see http://x-stream.github.io/security.html
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypesByWildcard(
new String[] { "java.lang.*", "java.util.*", "java.util.concurrent.*" });
// allow any type from the same package
xstream.allowTypesByWildcard(new String[] { PACKAGE_NAME + ".*" });
final InputStreamReader reader = new InputStreamReader(bufferedInput, XML_CHARSET_NAME);
try {
return xstream.fromXML(reader);
} finally {
reader.close();
}
}
Example 2
| Source File: EventDocument.java From hesperides with GNU General Public License v3.0 | 5 votes |
|
public EventView toEventView() {
XStream xStream = new XStream();
// Afin d'éviter le message "Security framework of XStream
// not initialized, XStream is probably vulnerable"
// cf. https://stackoverflow.com/questions/44698296/security-framework-of-xstream-not-initialized-xstream-is-probably-vulnerable
xStream.allowTypesByWildcard(new String[]{
"org.hesperides.core.domain.**"
});
return new EventView(
payloadType,
(UserEvent) xStream.fromXML(serializedPayload),
Instant.parse(timestamp)
);
}
Example 3
| Source File: UserDashboardPersister.java From openmeetings with Apache License 2.0 | 5 votes |
|
public XStreamDashboardPersister() {
this.file = getUserDashboard(getUserId());
xstream = new XStream(new DomDriver(UTF_8.name()));
xstream.setMode(XStream.NO_REFERENCES);
xstream.addPermission(NoTypePermission.NONE);
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypesByWildcard(new String[] {"org.apache.openmeetings.web.**"});
xstream.allowTypeHierarchy(ArrayList.class);
xstream.alias("dashboard", UserDashboard.class);
}
Example 4
| Source File: XStreamFactory.java From saros with GNU General Public License v2.0 | 5 votes |
|
/**
* Sets up the security framework for the passed <code>XStream</code> object.
*
* @param xStream the <code>XStream</code> object to set the security framework up for
* @see <a
* href="https://x-stream.github.io/security.html">https://x-stream.github.io/security.html</a>
*/
private static void setUpSecurityFramework(XStream xStream) {
// forbid all classes by default
xStream.addPermission(NoTypePermission.NONE);
// allow default java stuff
xStream.addPermission(NullPermission.NULL);
xStream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xStream.allowTypeHierarchy(Collection.class);
xStream.allowTypeHierarchy(Map.class);
xStream.allowTypes(new Class[] {String.class});
// allow all saros classes
xStream.allowTypesByWildcard(new String[] {"saros.**"});
}
Example 5
| Source File: XmlSerializer.java From brooklyn-server with Apache License 2.0 | 4 votes |
|
public XmlSerializer(ClassLoader loader, Map<String, String> deserializingClassRenames) {
this.deserializingClassRenames = deserializingClassRenames;
xstream = new XStream() {
@Override
protected MapperWrapper wrapMapper(MapperWrapper next) {
return XmlSerializer.this.wrapMapperForNormalUsage( super.wrapMapper(next) );
}
};
XStream.setupDefaultSecurity(xstream);
xstream.allowTypesByWildcard(new String[] {
"**"
});
if (loader!=null) {
xstream.setClassLoader(loader);
}
xstream.registerConverter(newCustomJavaClassConverter(), XStream.PRIORITY_NORMAL);
// list as array list is default
xstream.alias("map", Map.class, LinkedHashMap.class);
xstream.alias("set", Set.class, LinkedHashSet.class);
xstream.registerConverter(new StringKeyMapConverter(xstream.getMapper()), /* priority */ 10);
xstream.alias("MutableMap", MutableMap.class);
xstream.alias("MutableSet", MutableSet.class);
xstream.alias("MutableList", MutableList.class);
// Needs an explicit MutableSet converter!
// Without it, the alias for "set" seems to interfere with the MutableSet.map field, so it gets
// a null field on deserialization.
xstream.registerConverter(new MutableSetConverter(xstream.getMapper()));
xstream.aliasType("ImmutableList", ImmutableList.class);
xstream.registerConverter(new ImmutableListConverter(xstream.getMapper()));
xstream.registerConverter(new ImmutableSetConverter(xstream.getMapper()));
xstream.registerConverter(new ImmutableMapConverter(xstream.getMapper()));
xstream.registerConverter(new EnumCaseForgivingConverter());
xstream.registerConverter(new Inet4AddressConverter());
// See ObjectWithDefaultStringImplConverter (and its usage) for why we want to auto-detect
// annotations (usages of this is in the camp project, so we can't just list it statically
// here unfortunately).
xstream.autodetectAnnotations(true);
}
Example 6
| Source File: ModelSerializer.java From mql-editor with GNU Lesser General Public License v2.1 | 4 votes |
|
private static void initWriterSecurity( XStream chartWriter ) {
XStream.setupDefaultSecurity( chartWriter );
Class[] allowedTypes = new Class[]{ MqlQuery.class, Query.class };
chartWriter.allowTypes( allowedTypes );
chartWriter.allowTypesByWildcard( new String[]{ "org.pentaho.commons.metadata.mqleditor.beans.**" } );
}
