Java Code Examples for com.thoughtworks.xstream.security.PrimitiveTypePermission

The following examples show how to use com.thoughtworks.xstream.security.PrimitiveTypePermission. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: openmeetings   Source File: WbConverter.java    License: Apache License 2.0 6 votes vote down vote up
public static List<?> loadWmlFile(String hash) {
	String name = OmFileHelper.getName(hash, EXTENSION_WML);
	File file = new File(OmFileHelper.getUploadWmlDir(), name);
	log.debug("filepathComplete: {}", file);

	XStream xstream = new XStream(new XppDriver());
	xstream.setMode(XStream.NO_REFERENCES);
	xstream.addPermission(NoTypePermission.NONE);
	xstream.addPermission(NullPermission.NULL);
	xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
	xstream.allowTypeHierarchy(List.class);
	xstream.allowTypeHierarchy(String.class);
	xstream.ignoreUnknownElements();
	try (InputStream is = new FileInputStream(file); BufferedReader reader = new BufferedReader(new InputStreamReader(is, UTF_8))) {
		return (List<?>) xstream.fromXML(reader);
	} catch (Exception err) {
		log.error("loadWmlFile", err);
	}
	return new ArrayList<>();
}
 
Example 2
Source Project: ET_Redux   Source File: PhysicalConstants.java    License: Apache License 2.0 6 votes vote down vote up
/**
 *
 * @return
 */
private XStream getXStreamReader() {

    XStream xstream = new XStream(new DomDriver());

    customizeXstream(xstream);

    // http://x-stream.github.io/security.html
    XStream.setupDefaultSecurity(xstream);
    // clear out existing permissions and set own ones
    xstream.addPermission(NoTypePermission.NONE);
    // allow some basics
    xstream.addPermission(NullPermission.NULL);
    xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
    xstream.allowTypeHierarchy(Collection.class);
    xstream.addPermission(AnyTypePermission.ANY);

    return xstream;
}
 
Example 3
Source Project: ET_Redux   Source File: UThReduxAliquot.java    License: Apache License 2.0 6 votes vote down vote up
/**
 *
 * @return
 */
public XStream getXStreamReader() {

    XStream xstream = new XStream(new DomDriver());

    customizeXstream(xstream);

    // http://x-stream.github.io/security.html
    XStream.setupDefaultSecurity(xstream);
    // clear out existing permissions and set own ones
    xstream.addPermission(NoTypePermission.NONE);
    // allow some basics
    xstream.addPermission(NullPermission.NULL);
    xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
    xstream.allowTypeHierarchy(Collection.class);
    xstream.addPermission(AnyTypePermission.ANY);

    return xstream;
}
 
Example 4
Source Project: ET_Redux   Source File: PbBlank.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * gets an <code>XStream</code> reader. Creates, customizes, and returns
 * <code>XStream</code> for XML serialization
 *
 * @pre <code>XStream</code> package is available @post <code>XStream</code>
 * for XML decoding is returned
 *
 * @return <code>XStream</code> - for XML serialization decoding
 */
public XStream getXStreamReader() {

    XStream xstream = new XStream(new DomDriver());

    customizeXstream(xstream);

    // http://x-stream.github.io/security.html
    XStream.setupDefaultSecurity(xstream);
    // clear out existing permissions and set own ones
    xstream.addPermission(NoTypePermission.NONE);
    // allow some basics
    xstream.addPermission(NullPermission.NULL);
    xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
    xstream.allowTypeHierarchy(Collection.class);
    xstream.addPermission(AnyTypePermission.ANY);

    return xstream;
}
 
Example 5
Source Project: ET_Redux   Source File: MineralStandardModel.java    License: Apache License 2.0 6 votes vote down vote up
/**
 *
 * @return
 */
private XStream getXStreamReader() {
    XStream xstream = new XStream(new DomDriver());

    customizeXstream(xstream);

    // http://x-stream.github.io/security.html
    XStream.setupDefaultSecurity(xstream);
    // clear out existing permissions and set own ones
    xstream.addPermission(NoTypePermission.NONE);
    // allow some basics
    xstream.addPermission(NullPermission.NULL);
    xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
    xstream.allowTypeHierarchy(Collection.class);
    xstream.addPermission(AnyTypePermission.ANY);

    return xstream;
}
 
Example 6
Source Project: ET_Redux   Source File: ValueModel.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * gets an <code>XStream</code> reader. Creates, customizes, and returns
 * <code>XStream</code> for XML serialization
 *
 * @pre <code>XStream</code> package is available @post <code>XStream</code>
 * for XML decoding is returned
 *
 * @return <code>XStream</code> - for XML serialization decoding
 */
public XStream getXStreamReader() {

    XStream xstream = new XStream(new DomDriver());

    customizeXstream(xstream);

    // http://x-stream.github.io/security.html
    XStream.setupDefaultSecurity(xstream);
    // clear out existing permissions and set own ones
    xstream.addPermission(NoTypePermission.NONE);
    // allow some basics
    xstream.addPermission(NullPermission.NULL);
    xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
    xstream.allowTypeHierarchy(Collection.class);
    xstream.addPermission(AnyTypePermission.ANY);

    return xstream;
}
 
Example 7
Source Project: ET_Redux   Source File: AnalysisFraction.java    License: Apache License 2.0 6 votes vote down vote up
/**
 *
 * @return
 */
public XStream getXStreamReader() {

    XStream xstream = new XStream(new DomDriver());

    customizeXstream(xstream);

    // http://x-stream.github.io/security.html
    XStream.setupDefaultSecurity(xstream);
    // clear out existing permissions and set own ones
    xstream.addPermission(NoTypePermission.NONE);
    // allow some basics
    xstream.addPermission(NullPermission.NULL);
    xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
    xstream.allowTypeHierarchy(Collection.class);
    xstream.addPermission(AnyTypePermission.ANY);

    return xstream;
}
 
Example 8
Source Project: ET_Redux   Source File: UPbFraction.java    License: Apache License 2.0 6 votes vote down vote up
/**
 *
 * @return
 */
private XStream getXStreamReader() {

    XStream xstream = new XStream(new DomDriver());

    customizeXstream(xstream);

    // http://x-stream.github.io/security.html
    XStream.setupDefaultSecurity(xstream);
    // clear out existing permissions and set own ones
    xstream.addPermission(NoTypePermission.NONE);
    // allow some basics
    xstream.addPermission(NullPermission.NULL);
    xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
    xstream.allowTypeHierarchy(Collection.class);
    xstream.addPermission(AnyTypePermission.ANY);

    return xstream;
}
 
Example 9
Source Project: ET_Redux   Source File: UPbReduxAliquot.java    License: Apache License 2.0 6 votes vote down vote up
/**
 *
 * @return
 */
public XStream getXStreamReader() {

    XStream xstream = new XStream(new DomDriver());

    customizeXstream(xstream);
    
    // http://x-stream.github.io/security.html
    XStream.setupDefaultSecurity(xstream);
    // clear out existing permissions and set own ones
    xstream.addPermission(NoTypePermission.NONE);
    // allow some basics
    xstream.addPermission(NullPermission.NULL);
    xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
    xstream.allowTypeHierarchy(Collection.class);
    xstream.addPermission(AnyTypePermission.ANY);

    return xstream;
}
 
Example 10
Source Project: ET_Redux   Source File: SampleMetaData.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * gets an <code>XStream</code> reader. Creates, customizes, and returns
 * <code>XStream</code> for XML serialization
 *
 * @pre     <code>XStream</code> package is available
 * @post    <code>XStream</code> for XML decoding is returned
 * @return  <code>XStream</code> - for XML serialization decoding
 */
public XStream getXStreamReader() {

    XStream xstream = new XStream(new DomDriver());

    customizeXstream(xstream);

    // http://x-stream.github.io/security.html
    XStream.setupDefaultSecurity(xstream);
    // clear out existing permissions and set own ones
    xstream.addPermission(NoTypePermission.NONE);
    // allow some basics
    xstream.addPermission(NullPermission.NULL);
    xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
    xstream.allowTypeHierarchy(Collection.class);
    xstream.addPermission(AnyTypePermission.ANY);

    return xstream;
}
 
Example 11
Source Project: ET_Redux   Source File: SESARSampleMetadata.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * gets an <code>XStream</code> reader. Creates, customizes, and returns
 * <code>XStream</code> for XML serialization
 *
 * @pre     <code>XStream</code> package is available
 * @post    <code>XStream</code> for XML decoding is returned
 * @return  <code>XStream</code> - for XML serialization decoding
 */
public XStream getXStreamReader() {

    XStream xstream = new XStream(new DomDriver());

    customizeXstream(xstream);

    // http://x-stream.github.io/security.html
    XStream.setupDefaultSecurity(xstream);
    // clear out existing permissions and set own ones
    xstream.addPermission(NoTypePermission.NONE);
    // allow some basics
    xstream.addPermission(NullPermission.NULL);
    xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
    xstream.allowTypeHierarchy(Collection.class);
    xstream.addPermission(AnyTypePermission.ANY);

    return xstream;
}
 
Example 12
Source Project: ET_Redux   Source File: AbstractRatiosDataModel.java    License: Apache License 2.0 6 votes vote down vote up
/**
 *
 * @return
 */
protected XStream getXStream() {

    XStream xstream = new XStream(new DomDriver());

    customizeXstream(xstream);

    // http://x-stream.github.io/security.html
    XStream.setupDefaultSecurity(xstream);
    // clear out existing permissions and set own ones
    xstream.addPermission(NoTypePermission.NONE);
    // allow some basics
    xstream.addPermission(NullPermission.NULL);
    xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
    xstream.allowTypeHierarchy(Collection.class);
    xstream.addPermission(AnyTypePermission.ANY);
    

    return xstream;
}
 
Example 13
Source Project: ET_Redux   Source File: ReportSettingsInterface.java    License: Apache License 2.0 6 votes vote down vote up
/**
 *
 * @return
 */
public default XStream getXStreamReader() {

    XStream xstream = new XStream(new DomDriver());

    customizeXstream(xstream);

    // http://x-stream.github.io/security.html
    XStream.setupDefaultSecurity(xstream);
    // clear out existing permissions and set own ones
    xstream.addPermission(NoTypePermission.NONE);
    // allow some basics
    xstream.addPermission(NullPermission.NULL);
    xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
    xstream.allowTypeHierarchy(Collection.class);
    xstream.addPermission(AnyTypePermission.ANY);

    return xstream;
}
 
Example 14
Source Project: ET_Redux   Source File: SesarSample.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * gets an <code>XStream</code> reader. Creates, customizes, and returns
 * <code>XStream</code> for XML serialization
 *
 * @pre <code>XStream</code> package is available @post <code>XStream</code>
 * for XML decoding is returned
 *
 * @return <code>XStream</code> - for XML serialization decoding
 */
public static XStream getXStreamReader() {

    XStream xstream = new XStream(new DomDriver());

    customizeXstream(xstream);

    // http://x-stream.github.io/security.html
    XStream.setupDefaultSecurity(xstream);
    // clear out existing permissions and set own ones
    xstream.addPermission(NoTypePermission.NONE);
    // allow some basics
    xstream.addPermission(NullPermission.NULL);
    xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
    xstream.allowTypeHierarchy(Collection.class);
    xstream.addPermission(AnyTypePermission.ANY);

    return xstream;
}
 
Example 15
Source Project: javamelody   Source File: TransportFormat.java    License: Apache License 2.0 6 votes vote down vote up
static Object readFromXml(InputStream bufferedInput) throws IOException {
	final XStream xstream = createXStream(false);
	// see http://x-stream.github.io/security.html
	// clear out existing permissions and set own ones
	xstream.addPermission(NoTypePermission.NONE);
	// allow some basics
	xstream.addPermission(NullPermission.NULL);
	xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
	xstream.allowTypesByWildcard(
			new String[] { "java.lang.*", "java.util.*", "java.util.concurrent.*" });
	// allow any type from the same package
	xstream.allowTypesByWildcard(new String[] { PACKAGE_NAME + ".*" });
	final InputStreamReader reader = new InputStreamReader(bufferedInput, XML_CHARSET_NAME);
	try {
		return xstream.fromXML(reader);
	} finally {
		reader.close();
	}
}
 
Example 16
Source Project: weixin-java-tools   Source File: XStreamInitializer.java    License: Apache License 2.0 5 votes vote down vote up
public static XStream getInstance() {
  XStream xstream = new XStream(new PureJavaReflectionProvider(), new XppDriver() {

    @Override
    public HierarchicalStreamWriter createWriter(Writer out) {
      return new PrettyPrintWriter(out, getNameCoder()) {
        protected String PREFIX_CDATA = "<![CDATA[";
        protected String SUFFIX_CDATA = "]]>";
        protected String PREFIX_MEDIA_ID = "<MediaId>";
        protected String SUFFIX_MEDIA_ID = "</MediaId>";

        @Override
        protected void writeText(QuickWriter writer, String text) {
          if (text.startsWith(this.PREFIX_CDATA) && text.endsWith(this.SUFFIX_CDATA)) {
            writer.write(text);
          } else if (text.startsWith(this.PREFIX_MEDIA_ID) && text.endsWith(this.SUFFIX_MEDIA_ID)) {
            writer.write(text);
          } else {
            super.writeText(writer, text);
          }

        }

        @Override
        public String encodeNode(String name) {
          //防止将_转换成__
          return name;
        }
      };
    }
  });

  xstream.ignoreUnknownElements();
  xstream.setMode(XStream.NO_REFERENCES);
  xstream.addPermission(NullPermission.NULL);
  xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
  xstream.setClassLoader(Thread.currentThread().getContextClassLoader());
  return xstream;
}
 
Example 17
Source Project: openmeetings   Source File: UserDashboardPersister.java    License: Apache License 2.0 5 votes vote down vote up
public XStreamDashboardPersister() {
	this.file = getUserDashboard(getUserId());

	xstream = new XStream(new DomDriver(UTF_8.name()));
	xstream.setMode(XStream.NO_REFERENCES);
	xstream.addPermission(NoTypePermission.NONE);
	xstream.addPermission(NullPermission.NULL);
	xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
	xstream.allowTypesByWildcard(new String[] {"org.apache.openmeetings.web.**"});
	xstream.allowTypeHierarchy(ArrayList.class);
	xstream.alias("dashboard", UserDashboard.class);
}
 
Example 18
Source Project: weixin-java-tools   Source File: XStreamInitializer.java    License: Apache License 2.0 5 votes vote down vote up
public static XStream getInstance() {
  XStream xstream = new XStream(new XppDriver() {

    @Override
    public HierarchicalStreamWriter createWriter(Writer out) {
      return new PrettyPrintWriter(out, getNameCoder()) {
        protected String PREFIX_CDATA = "<![CDATA[";
        protected String SUFFIX_CDATA = "]]>";
        protected String PREFIX_MEDIA_ID = "<MediaId>";
        protected String SUFFIX_MEDIA_ID = "</MediaId>";
        @Override
        protected void writeText(QuickWriter writer, String text) {
          if (text.startsWith(PREFIX_CDATA) && text.endsWith(SUFFIX_CDATA)) {
            writer.write(text);
          } else if (text.startsWith(PREFIX_MEDIA_ID) && text.endsWith(SUFFIX_MEDIA_ID)) {
            writer.write(text);
          } else {
            super.writeText(writer, text);
          }

        }
      };
    }
  });
  xstream.ignoreUnknownElements();
  xstream.setMode(XStream.NO_REFERENCES);
  xstream.addPermission(NullPermission.NULL);
  xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
  return xstream;
}
 
Example 19
Source Project: saros   Source File: XStreamFactory.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Sets up the security framework for the passed <code>XStream</code> object.
 *
 * @param xStream the <code>XStream</code> object to set the security framework up for
 * @see <a
 *     href="https://x-stream.github.io/security.html">https://x-stream.github.io/security.html</a>
 */
private static void setUpSecurityFramework(XStream xStream) {
  // forbid all classes by default
  xStream.addPermission(NoTypePermission.NONE);

  // allow default java stuff
  xStream.addPermission(NullPermission.NULL);
  xStream.addPermission(PrimitiveTypePermission.PRIMITIVES);
  xStream.allowTypeHierarchy(Collection.class);
  xStream.allowTypeHierarchy(Map.class);
  xStream.allowTypes(new Class[] {String.class});

  // allow all saros classes
  xStream.allowTypesByWildcard(new String[] {"saros.**"});
}
 
Example 20
Source Project: tutorials   Source File: App.java    License: MIT License 5 votes vote down vote up
public static App createHardened(int port) {
    final XStream xstream = new XStream();
    xstream.addPermission(NoTypePermission.NONE);
    xstream.addPermission(NullPermission.NULL);
    xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
    xstream.allowTypes(new Class<?>[] { Person.class });
    return new App(port, xstream);
}
 
Example 21
Source Project: lams   Source File: XStream.java    License: GNU General Public License v2.0 4 votes vote down vote up
/**
 * Setup the security framework of a XStream instance.
 * <p>
 * This method is a pure helper method for XStream 1.4.x. It initializes an XStream instance with a white list of
 * well-known and simply types of the Java runtime as it is done in XStream 1.5.x by default. This method will do
 * therefore nothing in XStream 1.5.
 * </p>
 * 
 * @param xstream
 * @since 1.4.10
 */
public static void setupDefaultSecurity(final XStream xstream) {
    if (!xstream.securityInitialized) {
        xstream.addPermission(NoTypePermission.NONE);
        xstream.addPermission(NullPermission.NULL);
        xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
        xstream.addPermission(ArrayTypePermission.ARRAYS);
        xstream.addPermission(InterfaceTypePermission.INTERFACES);
        xstream.allowTypeHierarchy(Calendar.class);
        xstream.allowTypeHierarchy(Collection.class);
        xstream.allowTypeHierarchy(Map.class);
        xstream.allowTypeHierarchy(Map.Entry.class);
        xstream.allowTypeHierarchy(Member.class);
        xstream.allowTypeHierarchy(Number.class);
        xstream.allowTypeHierarchy(Throwable.class);
        xstream.allowTypeHierarchy(TimeZone.class);

        Class type = JVM.loadClassForName("java.lang.Enum");
        if (type != null) {
            xstream.allowTypeHierarchy(type);
        }
        type = JVM.loadClassForName("java.nio.file.Path");
        if (type != null) {
            xstream.allowTypeHierarchy(type);
        }

        final Set types = new HashSet();
        types.add(BitSet.class);
        types.add(Charset.class);
        types.add(Class.class);
        types.add(Currency.class);
        types.add(Date.class);
        types.add(DecimalFormatSymbols.class);
        types.add(File.class);
        types.add(Locale.class);
        types.add(Object.class);
        types.add(Pattern.class);
        types.add(StackTraceElement.class);
        types.add(String.class);
        types.add(StringBuffer.class);
        types.add(JVM.loadClassForName("java.lang.StringBuilder"));
        types.add(URL.class);
        types.add(URI.class);
        types.add(JVM.loadClassForName("java.util.UUID"));
        if (JVM.isSQLAvailable()) {
            types.add(JVM.loadClassForName("java.sql.Timestamp"));
            types.add(JVM.loadClassForName("java.sql.Time"));
            types.add(JVM.loadClassForName("java.sql.Date"));
        }
        if (JVM.isVersion(8)) {
            xstream.allowTypeHierarchy(JVM.loadClassForName("java.time.Clock"));
            types.add(JVM.loadClassForName("java.time.Duration"));
            types.add(JVM.loadClassForName("java.time.Instant"));
            types.add(JVM.loadClassForName("java.time.LocalDate"));
            types.add(JVM.loadClassForName("java.time.LocalDateTime"));
            types.add(JVM.loadClassForName("java.time.LocalTime"));
            types.add(JVM.loadClassForName("java.time.MonthDay"));
            types.add(JVM.loadClassForName("java.time.OffsetDateTime"));
            types.add(JVM.loadClassForName("java.time.OffsetTime"));
            types.add(JVM.loadClassForName("java.time.Period"));
            types.add(JVM.loadClassForName("java.time.Ser"));
            types.add(JVM.loadClassForName("java.time.Year"));
            types.add(JVM.loadClassForName("java.time.YearMonth"));
            types.add(JVM.loadClassForName("java.time.ZonedDateTime"));
            xstream.allowTypeHierarchy(JVM.loadClassForName("java.time.ZoneId"));
            types.add(JVM.loadClassForName("java.time.chrono.HijrahDate"));
            types.add(JVM.loadClassForName("java.time.chrono.JapaneseDate"));
            types.add(JVM.loadClassForName("java.time.chrono.JapaneseEra"));
            types.add(JVM.loadClassForName("java.time.chrono.MinguoDate"));
            types.add(JVM.loadClassForName("java.time.chrono.ThaiBuddhistDate"));
            types.add(JVM.loadClassForName("java.time.chrono.Ser"));
            xstream.allowTypeHierarchy(JVM.loadClassForName("java.time.chrono.Chronology"));
            types.add(JVM.loadClassForName("java.time.temporal.ValueRange"));
            types.add(JVM.loadClassForName("java.time.temporal.WeekFields"));
        }
        types.remove(null);

        final Iterator iter = types.iterator();
        final Class[] classes = new Class[types.size()];
        for (int i = 0; i < classes.length; ++i) {
            classes[i] = (Class)iter.next();
        }
        xstream.allowTypes(classes);
    } else {
        throw new IllegalArgumentException("Security framework of XStream instance already initialized");
    }
}