/**
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @author Kevin Smith, Boundless, Copyright 2015
*/
package org.geowebcache.io;
import org.geowebcache.GeoWebCacheExtensions;
import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.converters.ConverterLookup;
import com.thoughtworks.xstream.converters.ConverterRegistry;
import com.thoughtworks.xstream.converters.reflection.ReflectionProvider;
import com.thoughtworks.xstream.core.ClassLoaderReference;
import com.thoughtworks.xstream.io.HierarchicalStreamDriver;
import com.thoughtworks.xstream.mapper.Mapper;
import com.thoughtworks.xstream.security.NoTypePermission;
import com.thoughtworks.xstream.security.PrimitiveTypePermission;
/**
* XStream subclass
* @author Kevin Smith, Boundless
*
*/
public class GeoWebCacheXStream extends XStream {
public GeoWebCacheXStream() {
super();
secure();
}
public GeoWebCacheXStream(HierarchicalStreamDriver hierarchicalStreamDriver) {
super(hierarchicalStreamDriver);
secure();
}
public GeoWebCacheXStream(ReflectionProvider reflectionProvider,
HierarchicalStreamDriver driver,
ClassLoaderReference classLoaderReference, Mapper mapper,
ConverterLookup converterLookup, ConverterRegistry converterRegistry) {
super(reflectionProvider, driver, classLoaderReference, mapper,
converterLookup, converterRegistry);
secure();
}
public GeoWebCacheXStream(ReflectionProvider reflectionProvider,
HierarchicalStreamDriver driver,
ClassLoaderReference classLoaderReference, Mapper mapper) {
super(reflectionProvider, driver, classLoaderReference, mapper);
secure();
}
public GeoWebCacheXStream(ReflectionProvider reflectionProvider,
HierarchicalStreamDriver driver,
ClassLoaderReference classLoaderReference) {
super(reflectionProvider, driver, classLoaderReference);
secure();
}
public GeoWebCacheXStream(ReflectionProvider reflectionProvider,
HierarchicalStreamDriver hierarchicalStreamDriver) {
super(reflectionProvider, hierarchicalStreamDriver);
secure();
}
public GeoWebCacheXStream(ReflectionProvider reflectionProvider) {
super(reflectionProvider);
secure();
}
@Deprecated
public GeoWebCacheXStream(ReflectionProvider reflectionProvider,
HierarchicalStreamDriver driver, ClassLoader classLoader,
Mapper mapper, ConverterLookup converterLookup,
ConverterRegistry converterRegistry) {
super(reflectionProvider, driver, classLoader, mapper, converterLookup,
converterRegistry);
secure();
}
@Deprecated
public GeoWebCacheXStream(ReflectionProvider reflectionProvider,
HierarchicalStreamDriver driver, ClassLoader classLoader,
Mapper mapper) {
super(reflectionProvider, driver, classLoader, mapper);
secure();
}
@Deprecated
public GeoWebCacheXStream(ReflectionProvider reflectionProvider,
HierarchicalStreamDriver driver, ClassLoader classLoader) {
super(reflectionProvider, driver, classLoader);
secure();
}
@Deprecated
public GeoWebCacheXStream(ReflectionProvider reflectionProvider,
Mapper mapper, HierarchicalStreamDriver driver) {
super(reflectionProvider, mapper, driver);
secure();
}
/**
* Add security permission for a type hierarchy.
*
* @param type the base type to allow
* @since 1.4.7
*/
public void allowTypeHierarchies(Class<?>... types){
for(Class<?> type: types) {
this.allowTypeHierarchy(type);
}
}
private void secure() {
// Require classes to be on whitelist
addPermission(NoTypePermission.NONE);
// Allow primitive types
addPermission(new PrimitiveTypePermission());
// Common non-primitives
allowTypes(new Class[] {
java.lang.String.class,
java.util.Date.class,
java.sql.Date.class,
java.sql.Timestamp.class,
java.sql.Time.class,
});
// Common collections
allowTypes(new Class[] {
java.util.TreeSet.class,
java.util.SortedSet.class,
java.util.Set.class,
java.util.HashSet.class,
java.util.List.class,
java.util.ArrayList.class,
java.util.Map.class,
java.util.HashMap.class,
java.util.concurrent.CopyOnWriteArrayList.class,
java.util.concurrent.ConcurrentHashMap.class,
});
String whitelistProp = GeoWebCacheExtensions.getProperty("GEOWEBCACHE_XSTREAM_WHITELIST");
if(whitelistProp != null) {
String[] wildcards = whitelistProp.split("\\s+|(\\s*;\\s*)");
this.allowTypesByWildcard(wildcards);
}
}
}