com.thoughtworks.xstream.XStream.allowTypeHierarchy()方法的使用及代码示例

x33g5p2x  于2022-02-02 转载在 其他  
字(11.9k)|赞(0)|评价(0)|浏览(250)

本文整理了Java中com.thoughtworks.xstream.XStream.allowTypeHierarchy()方法的一些代码示例,展示了XStream.allowTypeHierarchy()的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。XStream.allowTypeHierarchy()方法的具体详情如下:
包路径:com.thoughtworks.xstream.XStream
类名称:XStream
方法名:allowTypeHierarchy

XStream.allowTypeHierarchy介绍

[英]Add security permission for a type hierarchy.
[中]为类型层次结构添加安全权限。

代码示例

代码示例来源:origin: com.thoughtworks.xstream/xstream

xstream.addPermission(ArrayTypePermission.ARRAYS);
xstream.addPermission(InterfaceTypePermission.INTERFACES);
xstream.allowTypeHierarchy(Calendar.class);
xstream.allowTypeHierarchy(Collection.class);
xstream.allowTypeHierarchy(Map.class);
xstream.allowTypeHierarchy(Map.Entry.class);
xstream.allowTypeHierarchy(Member.class);
xstream.allowTypeHierarchy(Number.class);
xstream.allowTypeHierarchy(Throwable.class);
xstream.allowTypeHierarchy(TimeZone.class);
  xstream.allowTypeHierarchy(type);
  xstream.allowTypeHierarchy(type);
  xstream.allowTypeHierarchy(JVM.loadClassForName("java.time.Clock"));
  types.add(JVM.loadClassForName("java.time.Duration"));
  types.add(JVM.loadClassForName("java.time.Instant"));
  types.add(JVM.loadClassForName("java.time.YearMonth"));
  types.add(JVM.loadClassForName("java.time.ZonedDateTime"));
  xstream.allowTypeHierarchy(JVM.loadClassForName("java.time.ZoneId"));
  types.add(JVM.loadClassForName("java.time.chrono.HijrahDate"));
  types.add(JVM.loadClassForName("java.time.chrono.JapaneseDate"));
  types.add(JVM.loadClassForName("java.time.chrono.ThaiBuddhistDate"));
  types.add(JVM.loadClassForName("java.time.chrono.Ser"));
  xstream.allowTypeHierarchy(JVM.loadClassForName("java.time.chrono.Chronology"));
  types.add(JVM.loadClassForName("java.time.temporal.ValueRange"));

代码示例来源:origin: geoserver/geoserver

xs.allowTypeHierarchy(Info.class);
xs.allowTypeHierarchy(Multimap.class);
xs.allowTypeHierarchy(JAIInfo.class);
xs.allowTypes(new Class[] {DynamicProxyMapper.DynamicProxy.class});
xs.allowTypes(new String[] {"java.util.Collections$SingletonList"});

代码示例来源:origin: org.geoserver.community/gs-dyndimension

@Override
  public void init(XStreamPersister persister) {
    persister.registerBreifMapComplexType(
        "DynamicDefaultValues", DefaultValueConfigurations.class);
    XStream xs = persister.getXStream();
    xs.alias("configuration", DefaultValueConfiguration.class);
    xs.allowTypeHierarchy(org.geoserver.wms.dimension.DefaultValueConfiguration.class);
    xs.allowTypeHierarchy(org.geoserver.wms.dimension.DefaultValueConfigurations.class);
  }
}

代码示例来源:origin: org.geoserver.community/gs-oseo-core

/**
 * Sets up aliases and allowed types for the xstream persister
 *
 * @param xs
 */
public static void initXStreamPersister(XStreamPersister xp) {
  XStream xs = xp.getXStream();
  xs.alias("oseo", OSEOInfo.class, OSEOInfoImpl.class);
  xs.alias("productClass", ProductClass.class, ProductClass.class);
  xs.allowTypeHierarchy(ProductClass.class);
}

代码示例来源:origin: org.geoserver/gs-gwc

DefaultTileLayerCatalog(GeoServerResourceLoader resourceLoader, XStream configuredXstream)
    throws IOException {
  this.resourceLoader = resourceLoader;
  this.baseDirectory = LAYERINFO_DIRECTORY;
  this.layersByName = new ConcurrentHashMap<>();
  this.layersById = new ConcurrentHashMap<>();
  this.initialized = false;
  // setup xstream security for local classes
  this.serializer = configuredXstream;
  this.serializer.allowTypeHierarchy(GeoServerTileLayerInfo.class);
  // have to use a string here because UnmodifiableSet is private
  this.serializer.allowTypes(new String[] {"java.util.Collections$UnmodifiableSet"});
}

代码示例来源:origin: GeoWebCache/geowebcache

private static XStream getConfiguredXStream(XStream xs) {
  // Restrict classes that can be serialized/deserialized
  // Allowing arbitrary classes to be deserialized is a security issue.
  {
    // Allow any implementation of these extension points
    xs.allowTypeHierarchy(org.geowebcache.layer.TileLayer.class);
    xs.allowTypeHierarchy(org.geowebcache.filter.parameters.ParameterFilter.class);
    xs.allowTypeHierarchy(org.geowebcache.filter.request.RequestFilter.class);
    xs.allowTypeHierarchy(org.geowebcache.config.BlobStoreInfo.class);
    xs.allowTypeHierarchy(TileLayerConfiguration.class);
    // Allow anything that's part of GWC
    // TODO: replace this with a more narrow whitelist
    xs.allowTypesByWildcard(new String[] {"org.geowebcache.**"});
  }
  xs.setMode(XStream.NO_REFERENCES);
  xs.alias("gwcConfiguration", GeoWebCacheConfiguration.class);
  xs.useAttributeFor(GeoWebCacheConfiguration.class, "xmlns_xsi");
  xs.aliasField("xmlns:xsi", GeoWebCacheConfiguration.class, "xmlns_xsi");
  xs.useAttributeFor(GeoWebCacheConfiguration.class, "xmlns");
  xs.alias("wmsRasterFilterUpdate", WMSRasterFilterUpdate.class);
  return xs;
}

代码示例来源:origin: openl-tablets/openl-tablets

public BaseProjectDescriptorSerializer(boolean postProcess, ObjectVersionConverter<ProjectDescriptor, T> projectDescriptorVersionConverter) {
  this.postProcess = postProcess;
  this.projectDescriptorVersionConverter = projectDescriptorVersionConverter;
  xstream = new XStream(new DomDriver()) {
    @Override
    public void aliasType(String name, Class type) {
      super.aliasType(name, type);
      allowTypeHierarchy(type);
    }
  };
  xstream.addPermission(NoTypePermission.NONE);
  xstream.allowTypeHierarchy(String.class);
}

代码示例来源:origin: org.openl.rules/org.openl.rules.webstudio

public BaseRulesDeploySerializer(ObjectVersionConverter<RulesDeploy, T> rulesDeployVersionConverter) {
  xstream = new XStream(new DomDriver()) {
    @Override
    public void aliasType(String name, Class type) {
      super.aliasType(name, type);
      allowTypeHierarchy(type);
    }
  };
  xstream.addPermission(NoTypePermission.NONE);
  xstream.allowTypeHierarchy(String.class);
  this.rulesDeployVersionConverter = rulesDeployVersionConverter;
}

代码示例来源:origin: spotbugs/sonar-findbugs

public static XStream createXStream() {
 XStream xstream = new XStream(new StaxDriver());
 XStream.setupDefaultSecurity(xstream); //Setup the default hardening of types disallowed.
 xstream.setClassLoader(FindBugsFilter.class.getClassLoader());
 for (Class modelClass : ALL_XSTREAM_TYPES) {
  xstream.processAnnotations(modelClass);
  xstream.allowTypeHierarchy(modelClass); //Build a whitelist of the class allowed
 }
 return xstream;
}

代码示例来源:origin: org.apache.activemq/activemq-all

public static XStream createXStream() {
  XStream stream = new XStream();
  stream.addPermission(NoTypePermission.NONE);
  stream.addPermission(PrimitiveTypePermission.PRIMITIVES);
  stream.allowTypeHierarchy(Collection.class);
  stream.allowTypeHierarchy(Map.class);
  stream.allowTypes(new Class[]{String.class});
  if (ClassLoadingAwareObjectInputStream.isAllAllowed()) {
    stream.addPermission(AnyTypePermission.ANY);
  } else {
    for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) {
      stream.allowTypesByWildcard(new String[]{packageName + ".**"});
    }
  }
  return stream;
}

代码示例来源:origin: openl-tablets/openl-tablets

public BaseRulesDeploySerializer(ObjectVersionConverter<RulesDeploy, T> rulesDeployVersionConverter) {
  xstream = new XStream(new DomDriver()) {
    @Override
    public void aliasType(String name, Class type) {
      super.aliasType(name, type);
      allowTypeHierarchy(type);
    }
  };
  xstream.addPermission(NoTypePermission.NONE);
  xstream.allowTypeHierarchy(String.class);
  this.rulesDeployVersionConverter = rulesDeployVersionConverter;
}

代码示例来源:origin: org.openl.rules/org.openl.rules.webstudio

public BaseProjectDescriptorSerializer(boolean postProcess, ObjectVersionConverter<ProjectDescriptor, T> projectDescriptorVersionConverter) {
  this.postProcess = postProcess;
  this.projectDescriptorVersionConverter = projectDescriptorVersionConverter;
  xstream = new XStream(new DomDriver()) {
    @Override
    public void aliasType(String name, Class type) {
      super.aliasType(name, type);
      allowTypeHierarchy(type);
    }
  };
  xstream.addPermission(NoTypePermission.NONE);
  xstream.allowTypeHierarchy(String.class);
}

代码示例来源:origin: org.apache.activemq/activemq-osgi

public static XStream createXStream() {
  XStream stream = new XStream();
  stream.addPermission(NoTypePermission.NONE);
  stream.addPermission(PrimitiveTypePermission.PRIMITIVES);
  stream.allowTypeHierarchy(Collection.class);
  stream.allowTypeHierarchy(Map.class);
  stream.allowTypes(new Class[]{String.class});
  if (ClassLoadingAwareObjectInputStream.isAllAllowed()) {
    stream.addPermission(AnyTypePermission.ANY);
  } else {
    for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) {
      stream.allowTypesByWildcard(new String[]{packageName + ".**"});
    }
  }
  return stream;
}

代码示例来源:origin: org.apache.activemq/activemq-stomp

public static XStream createXStream() {
  XStream stream = new XStream();
  stream.addPermission(NoTypePermission.NONE);
  stream.addPermission(PrimitiveTypePermission.PRIMITIVES);
  stream.allowTypeHierarchy(Collection.class);
  stream.allowTypeHierarchy(Map.class);
  stream.allowTypes(new Class[]{String.class});
  if (ClassLoadingAwareObjectInputStream.isAllAllowed()) {
    stream.addPermission(AnyTypePermission.ANY);
  } else {
    for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) {
      stream.allowTypesByWildcard(new String[]{packageName + ".**"});
    }
  }
  return stream;
}

代码示例来源:origin: openl-tablets/openl-tablets

public XmlRulesDeploySerializer() {
  xstream = new XStream(new DomDriver());
  xstream.addPermission(NoTypePermission.NONE);
  xstream.allowTypeHierarchy(String.class);
  xstream.allowTypeHierarchy(RulesDeploy.PublisherType.class);
  xstream.allowTypeHierarchy(RulesDeploy.class);
  xstream.allowTypeHierarchy(RulesDeploy.WildcardPattern.class);
  xstream.ignoreUnknownElements();
  xstream.omitField(RulesDeploy.class, "log");
  xstream.setMode(XStream.NO_REFERENCES);
  
  xstream.aliasType("publisher", RulesDeploy.PublisherType.class);
  xstream.aliasType(RULES_DEPLOY_DESCRIPTOR_TAG, RulesDeploy.class);
  xstream.aliasType(MODULE_NAME, RulesDeploy.WildcardPattern.class);
  
  xstream.aliasField(LAZY_MODULES_FOR_COMPILATION, RulesDeploy.class, "lazyModulesForCompilationPatterns");
  
  xstream.aliasField("name", RulesDeploy.WildcardPattern.class, "value");
  xstream.useAttributeFor(RulesDeploy.WildcardPattern.class, "value");
}

代码示例来源:origin: org.openl.rules/org.openl.rules.project

public XmlRulesDeploySerializer() {
  xstream = new XStream(new DomDriver());
  xstream.addPermission(NoTypePermission.NONE);
  xstream.allowTypeHierarchy(String.class);
  xstream.allowTypeHierarchy(RulesDeploy.PublisherType.class);
  xstream.allowTypeHierarchy(RulesDeploy.class);
  xstream.allowTypeHierarchy(RulesDeploy.WildcardPattern.class);
  xstream.ignoreUnknownElements();
  xstream.omitField(RulesDeploy.class, "log");
  xstream.setMode(XStream.NO_REFERENCES);
  
  xstream.aliasType("publisher", RulesDeploy.PublisherType.class);
  xstream.aliasType(RULES_DEPLOY_DESCRIPTOR_TAG, RulesDeploy.class);
  xstream.aliasType(MODULE_NAME, RulesDeploy.WildcardPattern.class);
  
  xstream.aliasField(LAZY_MODULES_FOR_COMPILATION, RulesDeploy.class, "lazyModulesForCompilationPatterns");
  
  xstream.aliasField("name", RulesDeploy.WildcardPattern.class, "value");
  xstream.useAttributeFor(RulesDeploy.WildcardPattern.class, "value");
}

代码示例来源:origin: com.haulmont.cuba/cuba-core

xStream.allowTypeHierarchy(Serializable.class);
xStream.omitField(BaseGenericIdEntity.class, "createTs");
xStream.omitField(BaseGenericIdEntity.class, "createdBy");

代码示例来源:origin: com.haulmont.cuba/cuba-core

protected XStream createXStream() {
  XStream xStream = new CubaXStream();
  XStream.setupDefaultSecurity(xStream);
  xStream.allowTypeHierarchy(Serializable.class);
  //createTs and createdBy removed from BaseGenericIdEntity,
  //and import from old versions (platform 6.2) is performed with errors
  //so omit field processing
  xStream.omitField(BaseGenericIdEntity.class, "createTs");
  xStream.omitField(BaseGenericIdEntity.class, "createdBy");
  return xStream;
}

代码示例来源:origin: org.geoserver.importer/gs-importer-core

xs.allowTypeHierarchy(TransformChain.class);
xs.allowTypeHierarchy(DataFormat.class);
xs.allowTypeHierarchy(ImportData.class);
xs.allowTypeHierarchy(ImportTransform.class);

代码示例来源:origin: org.geoserver.extension/gs-wps-core

new NumberRangeConverter(xs.getMapper(), xs.getReflectionProvider()));
xs.allowTypeHierarchy(ProcessGroupInfo.class);
xs.allowTypeHierarchy(WPSInputValidator.class);

内容来源于网络,如有侵权,请联系作者删除!

xstream

相关文章

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新文章

    更多

    XStream类方法

    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com