public boolean allows(final Class type) { if (permission == null || permission.allows(type)) { throw new ForbiddenClassException(type); } return false; } }
/** * @since 1.4.7 */ public WildcardTypePermission(final String[] patterns) { super(getRegExpPatterns(patterns)); }
public RegExpTypePermission(final String[] patterns) { this(getPatterns(patterns)); }
/** * Add security permission for explicit types. * * @param types the types to allow * @since 1.4.7 */ public void allowTypes(Class[] types) { addPermission(new ExplicitTypePermission(types)); }
/** * Add security permission forbidding types matching one of the specified wildcard patterns. * <p> * Supported are patterns with path expressions using dot as separator: * </p> * <ul> * <li>?: one non-control character except separator, e.g. for 'java.net.Inet?Address'</li> * <li>*: arbitrary number of non-control characters except separator, e.g. for types in a package like 'java.lang.*'</li> * <li>**: arbitrary number of non-control characters including separator, e.g. for types in a package and subpackages like 'java.lang.**'</li> * </ul> * * @param patterns the patterns to forbid names * @since 1.4.7 */ public void denyTypesByWildcard(String[] patterns) { denyPermission(new WildcardTypePermission(patterns)); }
/** * Add security permission for types matching one of the specified regular expressions. * * @param regexps the regular expressions to allow type names * @since 1.4.7 */ public void allowTypesByRegExp(Pattern[] regexps) { addPermission(new RegExpTypePermission(regexps)); }
/** * Add security permission for a type hierarchy. * * @param type the base type to allow * @since 1.4.7 */ public void allowTypeHierarchy(Class type) { addPermission(new TypeHierarchyPermission(type)); }
public boolean allows(Class type) { throw new ForbiddenClassException(type); }
/** * @since 1.4.7 */ public ExplicitTypePermission(final Class[] types) { this(new Object() { public String[] getNames() { if (types == null) return null; String[] names = new String[types.length]; for (int i = 0; i < types.length; ++i) names[i] = types[i].getName(); return names; } }.getNames()); }
/** * Add security permission denying another one. * * @param permission the permission to deny * @since 1.4.7 */ public void denyPermission(TypePermission permission) { addPermission(new NoPermission(permission)); }
public XStreamSolutionFileIO(Class... xStreamAnnotatedClasses) { xStream = new XStream(); xStream.setMode(XStream.ID_REFERENCES); xStream.processAnnotations(xStreamAnnotatedClasses); XStream.setupDefaultSecurity(xStream); // Presume the XML file comes from a trusted source so it works out of the box. See class javadoc. xStream.addPermission(new AnyTypePermission()); }
/** * Add security permission forbidding explicit types. * * @param types the types to forbid * @since 1.4.7 */ public void denyTypes(Class[] types) { denyPermission(new ExplicitTypePermission(types)); }
/** * Add security permission for types matching one of the specified wildcard patterns. * <p> * Supported are patterns with path expressions using dot as separator: * </p> * <ul> * <li>?: one non-control character except separator, e.g. for 'java.net.Inet?Address'</li> * <li>*: arbitrary number of non-control characters except separator, e.g. for types in a package like 'java.lang.*'</li> * <li>**: arbitrary number of non-control characters including separator, e.g. for types in a package and subpackages like 'java.lang.**'</li> * </ul> * * @param patterns the patterns to allow type names * @since 1.4.7 */ public void allowTypesByWildcard(String[] patterns) { addPermission(new WildcardTypePermission(patterns)); }
public Class realClass(final String elementName) { final Class type = super.realClass(elementName); for (int i = 0; i < permissions.size(); ++i) { final TypePermission permission = (TypePermission)permissions.get(i); if (permission.allows(type)) return type; } throw new ForbiddenClassException(type); } }
/** * Add security permission forbidding types matching one of the specified regular expressions. * * @param regexps the regular expressions to forbid type names * @since 1.4.7 */ public void denyTypesByRegExp(Pattern[] regexps) { denyPermission(new RegExpTypePermission(regexps)); }
/** * Add security permission forbidding a type hierarchy. * * @param type the base type to forbid * @since 1.4.7 */ public void denyTypeHierarchy(Class type) { denyPermission(new TypeHierarchyPermission(type)); }
/** * Add security permission for explicit types by name. * * @param names the type names to allow * @since 1.4.7 */ public void allowTypes(String[] names) { addPermission(new ExplicitTypePermission(names)); }
/** * Add security permission forbidding types matching one of the specified regular expressions. * * @param regexps the regular expressions to forbid type names * @since 1.4.7 */ public void denyTypesByRegExp(String[] regexps) { denyPermission(new RegExpTypePermission(regexps)); }
/** * Add security permission forbidding explicit types by name. * * @param names the type names to forbid * @since 1.4.7 */ public void denyTypes(String[] names) { denyPermission(new ExplicitTypePermission(names)); }
/** * Add security permission for types matching one of the specified regular expressions. * * @param regexps the regular expressions to allow type names * @since 1.4.7 */ public void allowTypesByRegExp(String[] regexps) { addPermission(new RegExpTypePermission(regexps)); }