本文整理了Java中com.thoughtworks.xstream.XStream.setupDefaultSecurity()方法的一些代码示例,展示了XStream.setupDefaultSecurity()的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。XStream.setupDefaultSecurity()方法的具体详情如下:
包路径:com.thoughtworks.xstream.XStream
类名称:XStream
方法名:setupDefaultSecurity
[英]Setup the security framework of a XStream instance.
This method is a pure helper method for XStream 1.4.x. It initializes an XStream instance with a white list of well-known and simply types of the Java runtime as it is done in XStream 1.5.x by default. This method will do therefore nothing in XStream 1.5.
[中]设置XStream实例的安全框架。
此方法是XStream 1.4的纯辅助方法。x、 它使用已知且简单的Java运行时类型的白名单初始化XStream实例,就像在XStream 1.5中一样。默认情况下为x。因此,这种方法在XStream 1.5中不起任何作用。
代码示例来源:origin: com.thoughtworks.xstream/xstream
/**
* Serialize an object including the XStream to the given Writer as pretty-printed XML.
* <p>
* Warning: XStream will serialize itself into this XML stream. To read such an XML code, you
* should use {@link XStreamer#fromXML(Reader)} or one of the other overloaded
* methods. Since a lot of internals are written into the stream, you cannot expect to use such
* an XML to work with another XStream version or with XStream running on different JDKs and/or
* versions. We have currently no JDK 1.3 support, nor will the PureReflectionConverter work
* with a JDK less than 1.5.
* </p>
*
* @throws IOException if an error occurs reading from the Writer.
* @throws com.thoughtworks.xstream.XStreamException if the object cannot be serialized
* @since 1.2
*/
public void toXML(final XStream xstream, final Object obj, final Writer out)
throws IOException {
final XStream outer = new XStream();
XStream.setupDefaultSecurity(outer);
final ObjectOutputStream oos = outer.createObjectOutputStream(out);
try {
oos.writeObject(xstream);
oos.flush();
xstream.toXML(obj, out);
} finally {
oos.close();
}
}代码示例来源:origin: kiegroup/optaplanner
public XStreamSolutionFileIO(Class... xStreamAnnotatedClasses) {
xStream = new XStream();
xStream.setMode(XStream.ID_REFERENCES);
xStream.processAnnotations(xStreamAnnotatedClasses);
XStream.setupDefaultSecurity(xStream);
// Presume the XML file comes from a trusted source so it works out of the box. See class javadoc.
xStream.addPermission(new AnyTypePermission());
}代码示例来源:origin: com.thoughtworks.xstream/xstream
throws IOException, ClassNotFoundException {
final XStream outer = new XStream(driver);
XStream.setupDefaultSecurity(outer);
for(int i = 0; i < permissions.length; ++i) {
outer.addPermission(permissions[i]);代码示例来源:origin: kiegroup/optaplanner
/**
* Builds the {@link XStream} setup which is used to read/write {@link SolverConfig solver configs} and benchmark configs.
* It should never be used to read/write {@link PlanningSolution solutions}.
* Use XStreamSolutionFileIO for that instead.
* @return never null.
*/
public static XStream buildXStream() {
XStream xStream = new XStream();
xStream.setMode(XStream.ID_REFERENCES);
xStream.aliasSystemAttribute("xStreamId", "id");
xStream.aliasSystemAttribute("xStreamRef", "reference");
xStream.processAnnotations(SolverConfig.class);
XStream.setupDefaultSecurity(xStream);
xStream.allowTypesByRegExp(new String[]{"org\\.optaplanner\\.\\w+\\.config\\..*"});
return xStream;
}代码示例来源:origin: kiegroup/optaplanner
public static <T> T serializeAndDeserializeWithXStream(T input) {
XStream xStream = new XStream();
xStream.setMode(XStream.ID_REFERENCES);
if (input != null) {
xStream.processAnnotations(input.getClass());
}
XStream.setupDefaultSecurity(xStream);
xStream.addPermission(new AnyTypePermission());
String xmlString = xStream.toXML(input);
return (T) xStream.fromXML(xmlString);
}代码示例来源:origin: kiegroup/optaplanner
protected <S extends Score, W extends TestScoreWrapper<S>> void assertSerializeAndDeserialize(S expectedScore, W input) {
XStream xStream = new XStream();
xStream.setMode(XStream.ID_REFERENCES);
xStream.processAnnotations(input.getClass());
XStream.setupDefaultSecurity(xStream);
xStream.allowTypesByRegExp(new String[]{"org\\.optaplanner\\.\\w+\\.config\\..*",
"org\\.optaplanner\\.persistence\\.xstream\\..*\\$Test\\w+ScoreWrapper"});
String xmlString = xStream.toXML(input);
W output = (W) xStream.fromXML(xmlString);
assertEquals(expectedScore, output.getScore());
String regex;
if (expectedScore != null) {
regex = "<([\\w\\-\\.]+)( id=\"\\d+\")?>" // Start of element
+ "\\s*<score( id=\"\\d+\")?>"
+ expectedScore.toString().replaceAll("\\[", "\\\\[").replaceAll("\\]", "\\\\]") // Score
+ "</score>"
+ "\\s*</\\1>"; // End of element
} else {
regex = "<([\\w\\-\\.]+)( id=\"\\d+\")?/>"; // Start and end of element
}
if (!xmlString.matches(regex)) {
fail("Regular expression match failed.\nExpected regular expression: " + regex + "\nActual string: " + xmlString);
}
}代码示例来源:origin: psi-probe/psi-probe
/**
* Writes stats data to file on disk.
*
* @throws InterruptedException if a lock cannot be obtained
*/
public synchronized void serialize() throws InterruptedException {
lock.lockForCommit();
long start = System.currentTimeMillis();
try {
shiftFiles(0);
try (OutputStream os = Files.newOutputStream(makeFile().toPath())) {
XStream xstream = new XStream();
xstream.allowTypesByWildcard(new String[] {"psibrobe.model.stats.**"});
XStream.setupDefaultSecurity(xstream);
xstream.toXML(statsData, os);
}
} catch (Exception e) {
logger.error("Could not write stats data to '{}'", makeFile().getAbsolutePath(), e);
} finally {
lock.releaseCommitLock();
logger.debug("stats serialized in {}ms", System.currentTimeMillis() - start);
}
}代码示例来源:origin: psi-probe/psi-probe
@Override
protected ModelAndView handleRequestInternal(HttpServletRequest request,
HttpServletResponse response) throws Exception {
String path = request.getServletPath();
String internalPath = path.replaceAll(xmlMarker, "");
Controller controller = (Controller) getApplicationContext().getBean(internalPath);
if (controller != null) {
ModelAndView modelAndView = controller.handleRequest(request, response);
if (modelAndView.getModel() != null) {
TransportableModel tm = new TransportableModel();
tm.putAll(modelAndView.getModel());
XStream xstream = new XStream();
xstream.allowTypesByWildcard(new String[] {"psibrobe.controllers.**"});
XStream.setupDefaultSecurity(xstream);
xstream.toXML(tm, response.getWriter());
}
}
return null;
}
}代码示例来源:origin: org.apache.camel/camel-xstream
private static void addDefaultPermissions(XStream xstream) {
XStream.setupDefaultSecurity(xstream);
String value = System.getProperty(PERMISSIONS_PROPERTY_KEY);
if (value != null) {
// using custom permissions
addPermissions(xstream, value);
}
}代码示例来源:origin: EvoSuite/evosuite
public static void writeInheritanceTree(InheritanceTree tree, File file) throws IOException {
XStream xstream = new XStream();
XStream.setupDefaultSecurity(xstream);
xstream.allowTypesByWildcard(new String[] {"org.evosuite.**", "org.jgrapht.**"});
GZIPOutputStream output = new GZIPOutputStream(new FileOutputStream(file));
xstream.toXML(tree, output);
output.close();
}代码示例来源:origin: EvoSuite/evosuite
public static InheritanceTree readInheritanceTree(String fileName) throws IOException {
XStream xstream = new XStream();
XStream.setupDefaultSecurity(xstream);
xstream.allowTypesByWildcard(new String[] {"org.evosuite.**", "org.jgrapht.**"});
GZIPInputStream inheritance = new GZIPInputStream(new FileInputStream(new File(fileName)));
return (InheritanceTree) xstream.fromXML(inheritance);
}代码示例来源:origin: EvoSuite/evosuite
public static InheritanceTree readUncompressedInheritanceTree(String fileName)
throws IOException {
XStream xstream = new XStream();
XStream.setupDefaultSecurity(xstream);
xstream.allowTypesByWildcard(new String[] {"org.evosuite.**", "org.jgrapht.**"});
InputStream inheritance = new FileInputStream(new File(fileName));
return (InheritanceTree) xstream.fromXML(inheritance);
}代码示例来源:origin: org.apache.uima/uimaj-as-core
public static void initXStream(XStream xstreamInstance) {
Class<?>[] classes = new Class[] { Properties.class,ArrayList.class,List.class,AnalysisEnginePerformanceMetrics.class};
XStream.setupDefaultSecurity(xstreamInstance);
xstreamInstance.allowTypes(classes);
}
}代码示例来源:origin: org.kie.soup/kie-soup-commons
/**
* Vulnerable to CVE-210137285 variants. Do not use. Will be removed in the next few days!
* @deprecated in favor of {@link #createTrustingXStream()} and {@link #createNonTrustingXStream()}
*/
@Deprecated
private static XStream internalCreateXStream( XStream xstream ) {
setupDefaultSecurity(xstream);
xstream.addPermission( new WildcardTypePermission( new String[] {
"java.**", "javax.**", "org.kie.**", "org.drools.**", "org.jbpm.**", "org.optaplanner.**", "org.appformer.**"
} ) );
return xstream;
}代码示例来源:origin: org.kie.soup/kie-soup-commons
/**
* Only use for XML or JSON that comes from a 100% trusted source.
* The XML/JSON must be as safe as executable java code.
* Otherwise, you MUST use {@link #createNonTrustingXStream()}.
*/
private static XStream internalCreateTrustingXStream( XStream xstream ) {
setupDefaultSecurity(xstream);
// Presumes the XML content comes from a trusted source!
xstream.addPermission(new AnyTypePermission());
return xstream;
}代码示例来源:origin: org.apache.uima/uima-ducc-common
private static void initXStreanSecurity(XStream xStream) {
XStream.setupDefaultSecurity(xStream);
xStream.addPermission(NoTypePermission.NONE);
xStream.addPermission(AnyTypePermission.ANY);
}
public static String marshall( Object targetToMarshall) throws Exception {代码示例来源:origin: spotbugs/sonar-findbugs
public static XStream createXStream() {
XStream xstream = new XStream(new StaxDriver());
XStream.setupDefaultSecurity(xstream); //Setup the default hardening of types disallowed.
xstream.setClassLoader(FindBugsFilter.class.getClassLoader());
for (Class modelClass : ALL_XSTREAM_TYPES) {
xstream.processAnnotations(modelClass);
xstream.allowTypeHierarchy(modelClass); //Build a whitelist of the class allowed
}
return xstream;
}代码示例来源:origin: org.optaplanner/optaplanner-persistence-xstream
public XStreamSolutionFileIO(Class... xStreamAnnotatedClasses) {
xStream = new XStream();
xStream.setMode(XStream.ID_REFERENCES);
xStream.processAnnotations(xStreamAnnotatedClasses);
XStream.setupDefaultSecurity(xStream);
// Presume the XML file comes from a trusted source so it works out of the box. See class javadoc.
xStream.addPermission(new AnyTypePermission());
}代码示例来源:origin: com.github.binarywang/weixin-java-common
public static XStream getInstance() {
XStream xstream = new XStream(new PureJavaReflectionProvider(), XPP_DRIVER);
xstream.ignoreUnknownElements();
xstream.setMode(XStream.NO_REFERENCES);
XStream.setupDefaultSecurity(xstream);
xstream.allowTypesByWildcard(new String[]{
"me.chanjar.weixin.**", "cn.binarywang.wx.**", "com.github.binarywang.**"
});
xstream.setClassLoader(Thread.currentThread().getContextClassLoader());
return xstream;
}代码示例来源:origin: com.haulmont.cuba/cuba-core
protected XStream createXStream() {
XStream xStream = new CubaXStream();
XStream.setupDefaultSecurity(xStream);
xStream.allowTypeHierarchy(Serializable.class);
//createTs and createdBy removed from BaseGenericIdEntity,
//and import from old versions (platform 6.2) is performed with errors
//so omit field processing
xStream.omitField(BaseGenericIdEntity.class, "createTs");
xStream.omitField(BaseGenericIdEntity.class, "createdBy");
return xStream;
}内容来源于网络,如有侵权,请联系作者删除!