XStreamMarshaller marshaller = new XStreamMarshaller(); marshaller.getXStream().ignoreUnknownElements(); ...
public XStreamMarshaller(Set<Class<?>> classes, final ClassLoader classLoader) { this.classLoader = classLoader; buildMarshaller(classes, classLoader); configureMarshaller(classes, classLoader); // Extend the marshaller with optional extensions EXTENSIONS.forEach(ext -> ext.extend(this)); }
private MapperWrapper chainMapperWrappers(List<XStreamMarshallerExtension> extensions, MapperWrapper last) { if (extensions.isEmpty()) { return last; } else { XStreamMarshallerExtension head = extensions.remove(0); return head.chainMapperWrapper(chainMapperWrappers(extensions, last)); } }
@Configuration @ComponentScan({ "yourpackage" }) public class WebConfig extends WebMvcConfigurerAdapter { @Override public void configureMessageConverters( List<HttpMessageConverter<?>> converters) { messageConverters.add(createXmlHttpMessageConverter()); messageConverters.add(new MappingJackson2HttpMessageConverter()); super.configureMessageConverters(converters); } private HttpMessageConverter<Object> createXmlHttpMessageConverter() { MarshallingHttpMessageConverter xmlConverter = new MarshallingHttpMessageConverter(); XStreamMarshaller xstreamMarshaller = new XStreamMarshaller(); xmlConverter.setMarshaller(xstreamMarshaller); xmlConverter.setUnmarshaller(xstreamMarshaller); return xmlConverter; } }
@Test public void testDefaultForbiddenClasses() { KieServerTypePermission permission = new KieServerTypePermission(new HashSet<>()); assertFalse(permission.allows(Top.class)); }
XStreamMarshaller xstream=new XStreamMarshaller();//org.springframework.data.redis.serializer.XStreamMarshaller xstream.afterPropertiesSet(); //set serializer for all Redis type - convert object to XML string redisTemplate.setDefaultSerializer(new OxmSerializer(xstream, xstream)); //set serializer for Redis key type //redisTemplate.setKeySerializer(new StringRedisSerializer()); //set serializer for Redis value type //redisTemplate.setValueSerializer(new OxmSerializer(xstream, xstream));
this.xstream.denyTypes(voidDeny); this.xstream.addPermission(new KieServerTypePermission(classes));
public KieServerTypePermission(Set<Class<?>> classes) { super(patterns()); this.classes = classes == null ? new HashSet<>() : classes; }
protected void buildMarshaller(Set<Class<?>> classes, final ClassLoader classLoader) { this.xstream = XStreamXML.newXStreamMarshaller(createNonTrustingXStream(new PureJavaReflectionProvider(), next -> { return new MapperWrapper(chainMapperWrappers(new ArrayList<>(EXTENSIONS), next)) { public Class realClass(String elementName) { Class customClass = classNames.get(elementName); if (customClass != null) { return customClass; } return super.realClass(elementName); } }; })); }
@Override public void extend(XStreamMarshaller marshaller) { XStream xstream = marshaller.getXstream(); xstream.registerConverter(new HibernateProxyConverter()); xstream.registerConverter(new HibernatePersistentCollectionConverter(xstream.getMapper())); xstream.registerConverter(new HibernatePersistentMapConverter(xstream.getMapper())); xstream.registerConverter(new HibernatePersistentSortedMapConverter(xstream.getMapper())); xstream.registerConverter(new HibernatePersistentSortedSetConverter(xstream.getMapper())); }
@Override public Marshaller build(Set<Class<?>> classes, MarshallingFormat format, ClassLoader classLoader) { switch ( format ) { case XSTREAM: logger.debug("About to build default instance of XStream marshaller with classes {} and class loader {}", classes, classLoader); return new XStreamMarshaller( classes, classLoader ); case JAXB: logger.debug("About to build default instance of JAXB marshaller with classes {} and class loader {}", classes, classLoader); return new JaxbMarshaller(classes, classLoader); case JSON: logger.debug("About to build default instance of JSON marshaller with classes {} and class loader {}", classes, classLoader); return new JSONMarshaller(classes, classLoader); default: logger.error( "Unsupported marshalling format: " + format ); } return null; } }
@Test public void testDefaultAcceptableClasses() { KieServerTypePermission permission = new KieServerTypePermission(new HashSet<>()); assertTrue(permission.allows(KieContainerResource.class)); assertTrue(permission.allows(ProcessDefinition.class)); assertTrue(permission.allows(EmailNotification.class)); assertTrue(permission.allows(CaseDefinition.class)); assertTrue(permission.allows(DMNModelInfo.class)); }
XStreamMarshaller marshaller = new XStreamMarshaller(); marshaller.getXStream().ignoreUnknownElements(); ...
public static Marshaller getMarshaller(MarshallingFormat format, ClassLoader classLoader) { switch ( format ) { case XSTREAM: return new XStreamMarshaller( classLoader ); case JAXB: return new JaxbMarshaller(); // has to be implemented case JSON: return new JSONMarshaller(); // has to be implemented default: logger.error( "Unsupported marshalling format: " + format ); } return null; } }
@Test public void testSystemPropertyGivenClasses() { System.setProperty(SYSTEM_XSTREAM_ENABLED_PACKAGES, "org.kie.server.api.marshalling.objects.Top,org.kie.server.api.marshalling.objects.Message"); Set<Class<?>> classes = new HashSet<>(); KieServerTypePermission permission = new KieServerTypePermission(classes); assertTrue(permission.allows(Top.class)); assertTrue(permission.allows(Message.class)); assertFalse(permission.allows(AnotherMessage.class)); } }
return new XStreamMarshaller();
@Test public void testExplicitlyGivenClasses() { Set<Class<?>> classes = new HashSet<>(); classes.add(Top.class); KieServerTypePermission permission = new KieServerTypePermission(classes); assertTrue(permission.allows(Top.class)); }