com.thoughtworks.xstream.security.NoTypePermission Java Examples
The following examples show how to use
com.thoughtworks.xstream.security.NoTypePermission.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: ValueModel.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
* gets an <code>XStream</code> reader. Creates, customizes, and returns
* <code>XStream</code> for XML serialization
*
* @pre <code>XStream</code> package is available @post <code>XStream</code>
* for XML decoding is returned
*
* @return <code>XStream</code> - for XML serialization decoding
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example #2
| Source File: SesarSample.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
* gets an <code>XStream</code> reader. Creates, customizes, and returns
* <code>XStream</code> for XML serialization
*
* @pre <code>XStream</code> package is available @post <code>XStream</code>
* for XML decoding is returned
*
* @return <code>XStream</code> - for XML serialization decoding
*/
public static XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example #3
| Source File: ReportSettingsInterface.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
*
* @return
*/
public default XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example #4
| Source File: AbstractRatiosDataModel.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
*
* @return
*/
protected XStream getXStream() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example #5
| Source File: SESARSampleMetadata.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
* gets an <code>XStream</code> reader. Creates, customizes, and returns
* <code>XStream</code> for XML serialization
*
* @pre <code>XStream</code> package is available
* @post <code>XStream</code> for XML decoding is returned
* @return <code>XStream</code> - for XML serialization decoding
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example #6
| Source File: SampleMetaData.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
* gets an <code>XStream</code> reader. Creates, customizes, and returns
* <code>XStream</code> for XML serialization
*
* @pre <code>XStream</code> package is available
* @post <code>XStream</code> for XML decoding is returned
* @return <code>XStream</code> - for XML serialization decoding
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example #7
| Source File: UPbReduxAliquot.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
*
* @return
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example #8
| Source File: UPbFraction.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
*
* @return
*/
private XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example #9
| Source File: AnalysisFraction.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
*
* @return
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example #10
| Source File: MineralStandardModel.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
*
* @return
*/
private XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example #11
| Source File: PbBlank.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
* gets an <code>XStream</code> reader. Creates, customizes, and returns
* <code>XStream</code> for XML serialization
*
* @pre <code>XStream</code> package is available @post <code>XStream</code>
* for XML decoding is returned
*
* @return <code>XStream</code> - for XML serialization decoding
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example #12
| Source File: UThReduxAliquot.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
*
* @return
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example #13
| Source File: PhysicalConstants.java From ET_Redux with Apache License 2.0 | 6 votes |
|
/**
*
* @return
*/
private XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
Example #14
| Source File: WbConverter.java From openmeetings with Apache License 2.0 | 6 votes |
|
public static List<?> loadWmlFile(String hash) {
String name = OmFileHelper.getName(hash, EXTENSION_WML);
File file = new File(OmFileHelper.getUploadWmlDir(), name);
log.debug("filepathComplete: {}", file);
XStream xstream = new XStream(new XppDriver());
xstream.setMode(XStream.NO_REFERENCES);
xstream.addPermission(NoTypePermission.NONE);
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(List.class);
xstream.allowTypeHierarchy(String.class);
xstream.ignoreUnknownElements();
try (InputStream is = new FileInputStream(file); BufferedReader reader = new BufferedReader(new InputStreamReader(is, UTF_8))) {
return (List<?>) xstream.fromXML(reader);
} catch (Exception err) {
log.error("loadWmlFile", err);
}
return new ArrayList<>();
}
Example #15
| Source File: TransportFormat.java From javamelody with Apache License 2.0 | 6 votes |
|
static Object readFromXml(InputStream bufferedInput) throws IOException {
final XStream xstream = createXStream(false);
// see http://x-stream.github.io/security.html
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypesByWildcard(
new String[] { "java.lang.*", "java.util.*", "java.util.concurrent.*" });
// allow any type from the same package
xstream.allowTypesByWildcard(new String[] { PACKAGE_NAME + ".*" });
final InputStreamReader reader = new InputStreamReader(bufferedInput, XML_CHARSET_NAME);
try {
return xstream.fromXML(reader);
} finally {
reader.close();
}
}
Example #16
| Source File: App.java From tutorials with MIT License | 5 votes |
|
public static App createHardened(int port) {
final XStream xstream = new XStream();
xstream.addPermission(NoTypePermission.NONE);
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypes(new Class<?>[] { Person.class });
return new App(port, xstream);
}
Example #17
| Source File: XStreamFactory.java From saros with GNU General Public License v2.0 | 5 votes |
|
/**
* Sets up the security framework for the passed <code>XStream</code> object.
*
* @param xStream the <code>XStream</code> object to set the security framework up for
* @see <a
* href="https://x-stream.github.io/security.html">https://x-stream.github.io/security.html</a>
*/
private static void setUpSecurityFramework(XStream xStream) {
// forbid all classes by default
xStream.addPermission(NoTypePermission.NONE);
// allow default java stuff
xStream.addPermission(NullPermission.NULL);
xStream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xStream.allowTypeHierarchy(Collection.class);
xStream.allowTypeHierarchy(Map.class);
xStream.allowTypes(new Class[] {String.class});
// allow all saros classes
xStream.allowTypesByWildcard(new String[] {"saros.**"});
}
Example #18
| Source File: UserDashboardPersister.java From openmeetings with Apache License 2.0 | 5 votes |
|
public XStreamDashboardPersister() {
this.file = getUserDashboard(getUserId());
xstream = new XStream(new DomDriver(UTF_8.name()));
xstream.setMode(XStream.NO_REFERENCES);
xstream.addPermission(NoTypePermission.NONE);
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypesByWildcard(new String[] {"org.apache.openmeetings.web.**"});
xstream.allowTypeHierarchy(ArrayList.class);
xstream.alias("dashboard", UserDashboard.class);
}
Example #19
| Source File: XStream.java From lams with GNU General Public License v2.0 | 4 votes |
|
/**
* Setup the security framework of a XStream instance.
* <p>
* This method is a pure helper method for XStream 1.4.x. It initializes an XStream instance with a white list of
* well-known and simply types of the Java runtime as it is done in XStream 1.5.x by default. This method will do
* therefore nothing in XStream 1.5.
* </p>
*
* @param xstream
* @since 1.4.10
*/
public static void setupDefaultSecurity(final XStream xstream) {
if (!xstream.securityInitialized) {
xstream.addPermission(NoTypePermission.NONE);
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.addPermission(ArrayTypePermission.ARRAYS);
xstream.addPermission(InterfaceTypePermission.INTERFACES);
xstream.allowTypeHierarchy(Calendar.class);
xstream.allowTypeHierarchy(Collection.class);
xstream.allowTypeHierarchy(Map.class);
xstream.allowTypeHierarchy(Map.Entry.class);
xstream.allowTypeHierarchy(Member.class);
xstream.allowTypeHierarchy(Number.class);
xstream.allowTypeHierarchy(Throwable.class);
xstream.allowTypeHierarchy(TimeZone.class);
Class type = JVM.loadClassForName("java.lang.Enum");
if (type != null) {
xstream.allowTypeHierarchy(type);
}
type = JVM.loadClassForName("java.nio.file.Path");
if (type != null) {
xstream.allowTypeHierarchy(type);
}
final Set types = new HashSet();
types.add(BitSet.class);
types.add(Charset.class);
types.add(Class.class);
types.add(Currency.class);
types.add(Date.class);
types.add(DecimalFormatSymbols.class);
types.add(File.class);
types.add(Locale.class);
types.add(Object.class);
types.add(Pattern.class);
types.add(StackTraceElement.class);
types.add(String.class);
types.add(StringBuffer.class);
types.add(JVM.loadClassForName("java.lang.StringBuilder"));
types.add(URL.class);
types.add(URI.class);
types.add(JVM.loadClassForName("java.util.UUID"));
if (JVM.isSQLAvailable()) {
types.add(JVM.loadClassForName("java.sql.Timestamp"));
types.add(JVM.loadClassForName("java.sql.Time"));
types.add(JVM.loadClassForName("java.sql.Date"));
}
if (JVM.isVersion(8)) {
xstream.allowTypeHierarchy(JVM.loadClassForName("java.time.Clock"));
types.add(JVM.loadClassForName("java.time.Duration"));
types.add(JVM.loadClassForName("java.time.Instant"));
types.add(JVM.loadClassForName("java.time.LocalDate"));
types.add(JVM.loadClassForName("java.time.LocalDateTime"));
types.add(JVM.loadClassForName("java.time.LocalTime"));
types.add(JVM.loadClassForName("java.time.MonthDay"));
types.add(JVM.loadClassForName("java.time.OffsetDateTime"));
types.add(JVM.loadClassForName("java.time.OffsetTime"));
types.add(JVM.loadClassForName("java.time.Period"));
types.add(JVM.loadClassForName("java.time.Ser"));
types.add(JVM.loadClassForName("java.time.Year"));
types.add(JVM.loadClassForName("java.time.YearMonth"));
types.add(JVM.loadClassForName("java.time.ZonedDateTime"));
xstream.allowTypeHierarchy(JVM.loadClassForName("java.time.ZoneId"));
types.add(JVM.loadClassForName("java.time.chrono.HijrahDate"));
types.add(JVM.loadClassForName("java.time.chrono.JapaneseDate"));
types.add(JVM.loadClassForName("java.time.chrono.JapaneseEra"));
types.add(JVM.loadClassForName("java.time.chrono.MinguoDate"));
types.add(JVM.loadClassForName("java.time.chrono.ThaiBuddhistDate"));
types.add(JVM.loadClassForName("java.time.chrono.Ser"));
xstream.allowTypeHierarchy(JVM.loadClassForName("java.time.chrono.Chronology"));
types.add(JVM.loadClassForName("java.time.temporal.ValueRange"));
types.add(JVM.loadClassForName("java.time.temporal.WeekFields"));
}
types.remove(null);
final Iterator iter = types.iterator();
final Class[] classes = new Class[types.size()];
for (int i = 0; i < classes.length; ++i) {
classes[i] = (Class)iter.next();
}
xstream.allowTypes(classes);
} else {
throw new IllegalArgumentException("Security framework of XStream instance already initialized");
}
}
Example #20
| Source File: SecurityMapper.java From lams with GNU General Public License v2.0 | 2 votes |
|
/**
* Add a new permission.
* <p>
* Permissions are evaluated in the added sequence. An instance of {@link NoTypePermission} or
* {@link AnyTypePermission} will implicitly wipe any existing permission.
* </p>
*
* @param permission the permission to add.
* @since 1.4.7
*/
public void addPermission(final TypePermission permission) {
if (permission.equals(NoTypePermission.NONE) || permission.equals(AnyTypePermission.ANY))
permissions.clear();
permissions.add(0, permission);
}
