本文整理了Java中com.thoughtworks.xstream.XStream.allowTypesByWildcard()方法的一些代码示例,展示了XStream.allowTypesByWildcard()的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。XStream.allowTypesByWildcard()方法的具体详情如下:
包路径:com.thoughtworks.xstream.XStream
类名称:XStream
方法名:allowTypesByWildcard
[英]Add security permission for types matching one of the specified wildcard patterns.
Supported are patterns with path expressions using dot as separator:
代码示例来源:origin: javamelody/javamelody
static Object readFromXml(InputStream bufferedInput) throws IOException {
final XStream xstream = createXStream(false);
// see http://x-stream.github.io/security.html
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypesByWildcard(
new String[] { "java.lang.*", "java.util.*", "java.util.concurrent.*" });
// allow any type from the same package
xstream.allowTypesByWildcard(new String[] { PACKAGE_NAME + ".*" });
final InputStreamReader reader = new InputStreamReader(bufferedInput, XML_CHARSET_NAME);
try {
return xstream.fromXML(reader);
} finally {
reader.close();
}
}代码示例来源:origin: geoserver/geoserver
xs.allowTypes(new Class[] {DynamicProxyMapper.DynamicProxy.class});
xs.allowTypes(new String[] {"java.util.Collections$SingletonList"});
xs.allowTypesByWildcard(new String[] {"org.geoserver.catalog.**"});
xs.allowTypesByWildcard(new String[] {"org.geoserver.security.**"});代码示例来源:origin: psi-probe/psi-probe
/**
* Writes stats data to file on disk.
*
* @throws InterruptedException if a lock cannot be obtained
*/
public synchronized void serialize() throws InterruptedException {
lock.lockForCommit();
long start = System.currentTimeMillis();
try {
shiftFiles(0);
try (OutputStream os = Files.newOutputStream(makeFile().toPath())) {
XStream xstream = new XStream();
xstream.allowTypesByWildcard(new String[] {"psibrobe.model.stats.**"});
XStream.setupDefaultSecurity(xstream);
xstream.toXML(statsData, os);
}
} catch (Exception e) {
logger.error("Could not write stats data to '{}'", makeFile().getAbsolutePath(), e);
} finally {
lock.releaseCommitLock();
logger.debug("stats serialized in {}ms", System.currentTimeMillis() - start);
}
}代码示例来源:origin: psi-probe/psi-probe
@Override
protected ModelAndView handleRequestInternal(HttpServletRequest request,
HttpServletResponse response) throws Exception {
String path = request.getServletPath();
String internalPath = path.replaceAll(xmlMarker, "");
Controller controller = (Controller) getApplicationContext().getBean(internalPath);
if (controller != null) {
ModelAndView modelAndView = controller.handleRequest(request, response);
if (modelAndView.getModel() != null) {
TransportableModel tm = new TransportableModel();
tm.putAll(modelAndView.getModel());
XStream xstream = new XStream();
xstream.allowTypesByWildcard(new String[] {"psibrobe.controllers.**"});
XStream.setupDefaultSecurity(xstream);
xstream.toXML(tm, response.getWriter());
}
}
return null;
}
}代码示例来源:origin: EvoSuite/evosuite
public static void writeInheritanceTree(InheritanceTree tree, File file) throws IOException {
XStream xstream = new XStream();
XStream.setupDefaultSecurity(xstream);
xstream.allowTypesByWildcard(new String[] {"org.evosuite.**", "org.jgrapht.**"});
GZIPOutputStream output = new GZIPOutputStream(new FileOutputStream(file));
xstream.toXML(tree, output);
output.close();
}代码示例来源:origin: EvoSuite/evosuite
public static InheritanceTree readInheritanceTree(String fileName) throws IOException {
XStream xstream = new XStream();
XStream.setupDefaultSecurity(xstream);
xstream.allowTypesByWildcard(new String[] {"org.evosuite.**", "org.jgrapht.**"});
GZIPInputStream inheritance = new GZIPInputStream(new FileInputStream(new File(fileName)));
return (InheritanceTree) xstream.fromXML(inheritance);
}代码示例来源:origin: EvoSuite/evosuite
public static InheritanceTree readUncompressedInheritanceTree(String fileName)
throws IOException {
XStream xstream = new XStream();
XStream.setupDefaultSecurity(xstream);
xstream.allowTypesByWildcard(new String[] {"org.evosuite.**", "org.jgrapht.**"});
InputStream inheritance = new FileInputStream(new File(fileName));
return (InheritanceTree) xstream.fromXML(inheritance);
}代码示例来源:origin: GeoWebCache/geowebcache
public static XStream getConfiguredXStream(XStream xs) {
// Allow anything that's part of GWC Diskquota
// TODO: replace this with a more narrow whitelist
xs.allowTypesByWildcard(new String[] {"org.geowebcache.**"});
xs.setMode(XStream.NO_REFERENCES);
xs.alias("gwcQuotaConfiguration", DiskQuotaConfig.class);
xs.alias("layerQuotas", List.class);
xs.alias("LayerQuota", LayerQuota.class);
xs.alias("Quota", Quota.class);
xs.registerConverter(new QuotaXSTreamConverter());
return xs;
}代码示例来源:origin: GeoWebCache/geowebcache
private static XStream getXStream() {
XStream xs = new GeoWebCacheXStream();
// Allow anything that's part of GWC
// TODO: replace this with a more narrow whitelist
xs.allowTypesByWildcard(new String[] {"org.geowebcache.**"});
xs.setMode(XStream.NO_REFERENCES);
xs.alias("gwcJdbcConfiguration", JDBCConfiguration.class);
xs.alias("connectionPool", ConnectionPoolConfiguration.class);
return xs;
}代码示例来源:origin: EvoSuite/evosuite
public static InheritanceTree readJDKData() {
XStream xstream = new XStream();
XStream.setupDefaultSecurity(xstream);
xstream.allowTypesByWildcard(new String[] {"org.evosuite.**", "org.jgrapht.**"});
String fileName;
if(! PackageInfo.isCurrentlyShaded()) {
fileName = "/" + jdkFile;
} else {
fileName = "/" + shadedJdkFile;
}
InputStream inheritance = InheritanceTreeGenerator.class.getResourceAsStream(fileName);
if (inheritance != null) {
return (InheritanceTree) xstream.fromXML(inheritance);
} else {
logger.warn("Found no JDK inheritance tree in the resource path: "+fileName);
return null;
}
}代码示例来源:origin: x-stream/xstream
protected void setupSecurity(final XStream xstream) {
xstream.allowTypesByWildcard(AbstractAcceptanceTest.class.getPackage().getName() + ".*objects.**");
xstream.allowTypesByWildcard(this.getClass().getName() + "$*");
}代码示例来源:origin: net.bull.javamelody/javamelody-core
static Object readFromXml(InputStream bufferedInput) throws IOException {
final XStream xstream = createXStream(false);
// see http://x-stream.github.io/security.html
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypesByWildcard(
new String[] { "java.lang.*", "java.util.*", "java.util.concurrent.*" });
// allow any type from the same package
xstream.allowTypesByWildcard(new String[] { PACKAGE_NAME + ".*" });
final InputStreamReader reader = new InputStreamReader(bufferedInput, XML_CHARSET_NAME);
try {
return xstream.fromXML(reader);
} finally {
reader.close();
}
}代码示例来源:origin: de.sciss/submin
public static void install(boolean isDark) {
// cf. https://stackoverflow.com/questions/44698296/security-framework-of-xstream-not-initialized-xstream-is-probably-vulnerable
final XStream xs = XmlUtils.getXStream();
// XStream.setupDefaultSecurity(xs);
xs.allowTypesByWildcard(new String[] { "com.alee.**" });
if (isDark) SubminDarkSkin .install();
else SubminLightSkin.install();
}
}代码示例来源:origin: com.github.binarywang/weixin-java-common
public static XStream getInstance() {
XStream xstream = new XStream(new PureJavaReflectionProvider(), XPP_DRIVER);
xstream.ignoreUnknownElements();
xstream.setMode(XStream.NO_REFERENCES);
XStream.setupDefaultSecurity(xstream);
xstream.allowTypesByWildcard(new String[]{
"me.chanjar.weixin.**", "cn.binarywang.wx.**", "com.github.binarywang.**"
});
xstream.setClassLoader(Thread.currentThread().getContextClassLoader());
return xstream;
}代码示例来源:origin: binarywang/WxJava
public static XStream getInstance() {
XStream xstream = new XStream(new PureJavaReflectionProvider(), XPP_DRIVER);
xstream.ignoreUnknownElements();
xstream.setMode(XStream.NO_REFERENCES);
XStream.setupDefaultSecurity(xstream);
xstream.allowTypesByWildcard(new String[]{
"me.chanjar.weixin.**", "cn.binarywang.wx.**", "com.github.binarywang.**"
});
xstream.setClassLoader(Thread.currentThread().getContextClassLoader());
return xstream;
}代码示例来源:origin: org.apache.activemq/activemq-all
public static XStream createXStream() {
XStream stream = new XStream();
stream.addPermission(NoTypePermission.NONE);
stream.addPermission(PrimitiveTypePermission.PRIMITIVES);
stream.allowTypeHierarchy(Collection.class);
stream.allowTypeHierarchy(Map.class);
stream.allowTypes(new Class[]{String.class});
if (ClassLoadingAwareObjectInputStream.isAllAllowed()) {
stream.addPermission(AnyTypePermission.ANY);
} else {
for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) {
stream.allowTypesByWildcard(new String[]{packageName + ".**"});
}
}
return stream;
}代码示例来源:origin: org.apache.activemq/activemq-osgi
public static XStream createXStream() {
XStream stream = new XStream();
stream.addPermission(NoTypePermission.NONE);
stream.addPermission(PrimitiveTypePermission.PRIMITIVES);
stream.allowTypeHierarchy(Collection.class);
stream.allowTypeHierarchy(Map.class);
stream.allowTypes(new Class[]{String.class});
if (ClassLoadingAwareObjectInputStream.isAllAllowed()) {
stream.addPermission(AnyTypePermission.ANY);
} else {
for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) {
stream.allowTypesByWildcard(new String[]{packageName + ".**"});
}
}
return stream;
}代码示例来源:origin: org.apache.activemq/activemq-stomp
public static XStream createXStream() {
XStream stream = new XStream();
stream.addPermission(NoTypePermission.NONE);
stream.addPermission(PrimitiveTypePermission.PRIMITIVES);
stream.allowTypeHierarchy(Collection.class);
stream.allowTypeHierarchy(Map.class);
stream.allowTypes(new Class[]{String.class});
if (ClassLoadingAwareObjectInputStream.isAllAllowed()) {
stream.addPermission(AnyTypePermission.ANY);
} else {
for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) {
stream.allowTypesByWildcard(new String[]{packageName + ".**"});
}
}
return stream;
}代码示例来源:origin: GeoWebCache/geowebcache
private static XStream getConfiguredXStream(XStream xs) {
// Restrict classes that can be serialized/deserialized
// Allowing arbitrary classes to be deserialized is a security issue.
{
// Allow any implementation of these extension points
xs.allowTypeHierarchy(org.geowebcache.layer.TileLayer.class);
xs.allowTypeHierarchy(org.geowebcache.filter.parameters.ParameterFilter.class);
xs.allowTypeHierarchy(org.geowebcache.filter.request.RequestFilter.class);
xs.allowTypeHierarchy(org.geowebcache.config.BlobStoreInfo.class);
xs.allowTypeHierarchy(TileLayerConfiguration.class);
// Allow anything that's part of GWC
// TODO: replace this with a more narrow whitelist
xs.allowTypesByWildcard(new String[] {"org.geowebcache.**"});
}
xs.setMode(XStream.NO_REFERENCES);
xs.alias("gwcConfiguration", GeoWebCacheConfiguration.class);
xs.useAttributeFor(GeoWebCacheConfiguration.class, "xmlns_xsi");
xs.aliasField("xmlns:xsi", GeoWebCacheConfiguration.class, "xmlns_xsi");
xs.useAttributeFor(GeoWebCacheConfiguration.class, "xmlns");
xs.alias("wmsRasterFilterUpdate", WMSRasterFilterUpdate.class);
return xs;
}代码示例来源:origin: GeoWebCache/geowebcache
xs.allowTypesByWildcard(new String[] {"org.geowebcache.**"});内容来源于网络,如有侵权,请联系作者删除!