Java源码示例:com.thoughtworks.xstream.security.PrimitiveTypePermission
示例1
public static List<?> loadWmlFile(String hash) {
String name = OmFileHelper.getName(hash, EXTENSION_WML);
File file = new File(OmFileHelper.getUploadWmlDir(), name);
log.debug("filepathComplete: {}", file);
XStream xstream = new XStream(new XppDriver());
xstream.setMode(XStream.NO_REFERENCES);
xstream.addPermission(NoTypePermission.NONE);
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(List.class);
xstream.allowTypeHierarchy(String.class);
xstream.ignoreUnknownElements();
try (InputStream is = new FileInputStream(file); BufferedReader reader = new BufferedReader(new InputStreamReader(is, UTF_8))) {
return (List<?>) xstream.fromXML(reader);
} catch (Exception err) {
log.error("loadWmlFile", err);
}
return new ArrayList<>();
}
示例2
/**
*
* @return
*/
private XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
示例3
/**
*
* @return
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
示例4
/**
* gets an <code>XStream</code> reader. Creates, customizes, and returns
* <code>XStream</code> for XML serialization
*
* @pre <code>XStream</code> package is available @post <code>XStream</code>
* for XML decoding is returned
*
* @return <code>XStream</code> - for XML serialization decoding
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
示例5
/**
*
* @return
*/
private XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
示例6
/**
* gets an <code>XStream</code> reader. Creates, customizes, and returns
* <code>XStream</code> for XML serialization
*
* @pre <code>XStream</code> package is available @post <code>XStream</code>
* for XML decoding is returned
*
* @return <code>XStream</code> - for XML serialization decoding
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
示例7
/**
*
* @return
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
示例8
/**
*
* @return
*/
private XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
示例9
/**
*
* @return
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
示例10
/**
* gets an <code>XStream</code> reader. Creates, customizes, and returns
* <code>XStream</code> for XML serialization
*
* @pre <code>XStream</code> package is available
* @post <code>XStream</code> for XML decoding is returned
* @return <code>XStream</code> - for XML serialization decoding
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
示例11
/**
* gets an <code>XStream</code> reader. Creates, customizes, and returns
* <code>XStream</code> for XML serialization
*
* @pre <code>XStream</code> package is available
* @post <code>XStream</code> for XML decoding is returned
* @return <code>XStream</code> - for XML serialization decoding
*/
public XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
示例12
/**
*
* @return
*/
protected XStream getXStream() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
示例13
/**
*
* @return
*/
public default XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
示例14
/**
* gets an <code>XStream</code> reader. Creates, customizes, and returns
* <code>XStream</code> for XML serialization
*
* @pre <code>XStream</code> package is available @post <code>XStream</code>
* for XML decoding is returned
*
* @return <code>XStream</code> - for XML serialization decoding
*/
public static XStream getXStreamReader() {
XStream xstream = new XStream(new DomDriver());
customizeXstream(xstream);
// http://x-stream.github.io/security.html
XStream.setupDefaultSecurity(xstream);
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
xstream.addPermission(AnyTypePermission.ANY);
return xstream;
}
示例15
static Object readFromXml(InputStream bufferedInput) throws IOException {
final XStream xstream = createXStream(false);
// see http://x-stream.github.io/security.html
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypesByWildcard(
new String[] { "java.lang.*", "java.util.*", "java.util.concurrent.*" });
// allow any type from the same package
xstream.allowTypesByWildcard(new String[] { PACKAGE_NAME + ".*" });
final InputStreamReader reader = new InputStreamReader(bufferedInput, XML_CHARSET_NAME);
try {
return xstream.fromXML(reader);
} finally {
reader.close();
}
}
示例16
public static XStream getInstance() {
XStream xstream = new XStream(new PureJavaReflectionProvider(), new XppDriver() {
@Override
public HierarchicalStreamWriter createWriter(Writer out) {
return new PrettyPrintWriter(out, getNameCoder()) {
protected String PREFIX_CDATA = "<![CDATA[";
protected String SUFFIX_CDATA = "]]>";
protected String PREFIX_MEDIA_ID = "<MediaId>";
protected String SUFFIX_MEDIA_ID = "</MediaId>";
@Override
protected void writeText(QuickWriter writer, String text) {
if (text.startsWith(this.PREFIX_CDATA) && text.endsWith(this.SUFFIX_CDATA)) {
writer.write(text);
} else if (text.startsWith(this.PREFIX_MEDIA_ID) && text.endsWith(this.SUFFIX_MEDIA_ID)) {
writer.write(text);
} else {
super.writeText(writer, text);
}
}
@Override
public String encodeNode(String name) {
//防止将_转换成__
return name;
}
};
}
});
xstream.ignoreUnknownElements();
xstream.setMode(XStream.NO_REFERENCES);
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.setClassLoader(Thread.currentThread().getContextClassLoader());
return xstream;
}
示例17
public XStreamDashboardPersister() {
this.file = getUserDashboard(getUserId());
xstream = new XStream(new DomDriver(UTF_8.name()));
xstream.setMode(XStream.NO_REFERENCES);
xstream.addPermission(NoTypePermission.NONE);
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypesByWildcard(new String[] {"org.apache.openmeetings.web.**"});
xstream.allowTypeHierarchy(ArrayList.class);
xstream.alias("dashboard", UserDashboard.class);
}
示例18
public static XStream getInstance() {
XStream xstream = new XStream(new XppDriver() {
@Override
public HierarchicalStreamWriter createWriter(Writer out) {
return new PrettyPrintWriter(out, getNameCoder()) {
protected String PREFIX_CDATA = "<![CDATA[";
protected String SUFFIX_CDATA = "]]>";
protected String PREFIX_MEDIA_ID = "<MediaId>";
protected String SUFFIX_MEDIA_ID = "</MediaId>";
@Override
protected void writeText(QuickWriter writer, String text) {
if (text.startsWith(PREFIX_CDATA) && text.endsWith(SUFFIX_CDATA)) {
writer.write(text);
} else if (text.startsWith(PREFIX_MEDIA_ID) && text.endsWith(SUFFIX_MEDIA_ID)) {
writer.write(text);
} else {
super.writeText(writer, text);
}
}
};
}
});
xstream.ignoreUnknownElements();
xstream.setMode(XStream.NO_REFERENCES);
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
return xstream;
}
示例19
/**
* Sets up the security framework for the passed <code>XStream</code> object.
*
* @param xStream the <code>XStream</code> object to set the security framework up for
* @see <a
* href="https://x-stream.github.io/security.html">https://x-stream.github.io/security.html</a>
*/
private static void setUpSecurityFramework(XStream xStream) {
// forbid all classes by default
xStream.addPermission(NoTypePermission.NONE);
// allow default java stuff
xStream.addPermission(NullPermission.NULL);
xStream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xStream.allowTypeHierarchy(Collection.class);
xStream.allowTypeHierarchy(Map.class);
xStream.allowTypes(new Class[] {String.class});
// allow all saros classes
xStream.allowTypesByWildcard(new String[] {"saros.**"});
}
示例20
public static App createHardened(int port) {
final XStream xstream = new XStream();
xstream.addPermission(NoTypePermission.NONE);
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypes(new Class<?>[] { Person.class });
return new App(port, xstream);
}
示例21
/**
* Setup the security framework of a XStream instance.
* <p>
* This method is a pure helper method for XStream 1.4.x. It initializes an XStream instance with a white list of
* well-known and simply types of the Java runtime as it is done in XStream 1.5.x by default. This method will do
* therefore nothing in XStream 1.5.
* </p>
*
* @param xstream
* @since 1.4.10
*/
public static void setupDefaultSecurity(final XStream xstream) {
if (!xstream.securityInitialized) {
xstream.addPermission(NoTypePermission.NONE);
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.addPermission(ArrayTypePermission.ARRAYS);
xstream.addPermission(InterfaceTypePermission.INTERFACES);
xstream.allowTypeHierarchy(Calendar.class);
xstream.allowTypeHierarchy(Collection.class);
xstream.allowTypeHierarchy(Map.class);
xstream.allowTypeHierarchy(Map.Entry.class);
xstream.allowTypeHierarchy(Member.class);
xstream.allowTypeHierarchy(Number.class);
xstream.allowTypeHierarchy(Throwable.class);
xstream.allowTypeHierarchy(TimeZone.class);
Class type = JVM.loadClassForName("java.lang.Enum");
if (type != null) {
xstream.allowTypeHierarchy(type);
}
type = JVM.loadClassForName("java.nio.file.Path");
if (type != null) {
xstream.allowTypeHierarchy(type);
}
final Set types = new HashSet();
types.add(BitSet.class);
types.add(Charset.class);
types.add(Class.class);
types.add(Currency.class);
types.add(Date.class);
types.add(DecimalFormatSymbols.class);
types.add(File.class);
types.add(Locale.class);
types.add(Object.class);
types.add(Pattern.class);
types.add(StackTraceElement.class);
types.add(String.class);
types.add(StringBuffer.class);
types.add(JVM.loadClassForName("java.lang.StringBuilder"));
types.add(URL.class);
types.add(URI.class);
types.add(JVM.loadClassForName("java.util.UUID"));
if (JVM.isSQLAvailable()) {
types.add(JVM.loadClassForName("java.sql.Timestamp"));
types.add(JVM.loadClassForName("java.sql.Time"));
types.add(JVM.loadClassForName("java.sql.Date"));
}
if (JVM.isVersion(8)) {
xstream.allowTypeHierarchy(JVM.loadClassForName("java.time.Clock"));
types.add(JVM.loadClassForName("java.time.Duration"));
types.add(JVM.loadClassForName("java.time.Instant"));
types.add(JVM.loadClassForName("java.time.LocalDate"));
types.add(JVM.loadClassForName("java.time.LocalDateTime"));
types.add(JVM.loadClassForName("java.time.LocalTime"));
types.add(JVM.loadClassForName("java.time.MonthDay"));
types.add(JVM.loadClassForName("java.time.OffsetDateTime"));
types.add(JVM.loadClassForName("java.time.OffsetTime"));
types.add(JVM.loadClassForName("java.time.Period"));
types.add(JVM.loadClassForName("java.time.Ser"));
types.add(JVM.loadClassForName("java.time.Year"));
types.add(JVM.loadClassForName("java.time.YearMonth"));
types.add(JVM.loadClassForName("java.time.ZonedDateTime"));
xstream.allowTypeHierarchy(JVM.loadClassForName("java.time.ZoneId"));
types.add(JVM.loadClassForName("java.time.chrono.HijrahDate"));
types.add(JVM.loadClassForName("java.time.chrono.JapaneseDate"));
types.add(JVM.loadClassForName("java.time.chrono.JapaneseEra"));
types.add(JVM.loadClassForName("java.time.chrono.MinguoDate"));
types.add(JVM.loadClassForName("java.time.chrono.ThaiBuddhistDate"));
types.add(JVM.loadClassForName("java.time.chrono.Ser"));
xstream.allowTypeHierarchy(JVM.loadClassForName("java.time.chrono.Chronology"));
types.add(JVM.loadClassForName("java.time.temporal.ValueRange"));
types.add(JVM.loadClassForName("java.time.temporal.WeekFields"));
}
types.remove(null);
final Iterator iter = types.iterator();
final Class[] classes = new Class[types.size()];
for (int i = 0; i < classes.length; ++i) {
classes[i] = (Class)iter.next();
}
xstream.allowTypes(classes);
} else {
throw new IllegalArgumentException("Security framework of XStream instance already initialized");
}
}
