Return-Path: X-Original-To: apmail-camel-commits-archive@www.apache.org Delivered-To: apmail-camel-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 863921811A for ; Wed, 11 Nov 2015 11:07:39 +0000 (UTC) Received: (qmail 10715 invoked by uid 500); 11 Nov 2015 11:07:39 -0000 Delivered-To: apmail-camel-commits-archive@camel.apache.org Received: (qmail 10666 invoked by uid 500); 11 Nov 2015 11:07:39 -0000 Mailing-List: contact commits-help@camel.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@camel.apache.org Delivered-To: mailing list commits@camel.apache.org Received: (qmail 10657 invoked by uid 99); 11 Nov 2015 11:07:39 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Nov 2015 11:07:39 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 03C9ADFFEF; Wed, 11 Nov 2015 11:07:39 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: ay@apache.org To: commits@camel.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: camel git commit: [CAMEL-9297] Expose more configuration options from Camel's XStream Date: Wed, 11 Nov 2015 11:07:39 +0000 (UTC) Repository: camel Updated Branches: refs/heads/camel-2.16.x f4e95d15a -> 369d0a6d6 [CAMEL-9297] Expose more configuration options from Camel's XStream Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/369d0a6d Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/369d0a6d Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/369d0a6d Branch: refs/heads/camel-2.16.x Commit: 369d0a6d605055cb843e7962b101e3bbcd113fec Parents: f4e95d1 Author: Akitoshi Yoshida Authored: Wed Nov 11 10:44:24 2015 +0100 Committer: Akitoshi Yoshida Committed: Wed Nov 11 12:06:40 2015 +0100 ---------------------------------------------------------------------- .../model/dataformat/XStreamDataFormat.java | 17 +- .../xstream/AbstractXStreamWrapper.java | 64 ++++++- .../xstream/MarshalDomainObjectTest.java | 12 ++ .../xstream/UnmarshalThenMarshalTest.java | 13 ++ .../xstream/XStreamConcurrencyTest.java | 12 ++ .../xstream/XStreamConfigurationTest.java | 12 ++ .../XStreamDataFormatDriverConfigTest.java | 1 - ...DataFormatPermissionsSystemPropertyTest.java | 47 +++++ .../XStreamDataFormatPermissionsTest.java | 178 +++++++++++++++++++ .../dataformat/xstream/XStreamTestUtils.java | 46 +++++ .../xstream/SpringXStreamConfigurationTest.xml | 3 +- parent/pom.xml | 2 +- 12 files changed, 401 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/camel/blob/369d0a6d/camel-core/src/main/java/org/apache/camel/model/dataformat/XStreamDataFormat.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/model/dataformat/XStreamDataFormat.java b/camel-core/src/main/java/org/apache/camel/model/dataformat/XStreamDataFormat.java index e1f86db..4d433d2 100644 --- a/camel-core/src/main/java/org/apache/camel/model/dataformat/XStreamDataFormat.java +++ b/camel-core/src/main/java/org/apache/camel/model/dataformat/XStreamDataFormat.java @@ -57,6 +57,8 @@ public class XStreamDataFormat extends DataFormatDefinition { private String driverRef; @XmlAttribute private String mode; + @XmlAttribute + private String permissions; @XmlJavaTypeAdapter(ConvertersAdapter.class) @XmlElement(name = "converters") @@ -180,6 +182,17 @@ public class XStreamDataFormat extends DataFormatDefinition { this.implicitCollections = implicitCollections; } + public String getPermissions() { + return permissions; + } + + /** + * Adds permissionsList + */ + public void setPermissions(String permissions) { + this.permissions = permissions; + } + @Override protected DataFormat createDataFormat(RouteContext routeContext) { if ("json".equals(this.driver)) { @@ -210,6 +223,9 @@ public class XStreamDataFormat extends DataFormatDefinition { if (this.implicitCollections != null) { setProperty(camelContext, dataFormat, "implicitCollections", this.implicitCollections); } + if (this.permissions != null) { + setProperty(camelContext, dataFormat, "permissions", this.permissions); + } if (this.mode != null) { setProperty(camelContext, dataFormat, "mode", mode); } @@ -547,5 +563,4 @@ public class XStreamDataFormat extends DataFormatDefinition { return "OmitField[" + clsName + ", fields=" + Arrays.asList(this.fields) + "]"; } } - } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/camel/blob/369d0a6d/components/camel-xstream/src/main/java/org/apache/camel/dataformat/xstream/AbstractXStreamWrapper.java ---------------------------------------------------------------------- diff --git a/components/camel-xstream/src/main/java/org/apache/camel/dataformat/xstream/AbstractXStreamWrapper.java b/components/camel-xstream/src/main/java/org/apache/camel/dataformat/xstream/AbstractXStreamWrapper.java index b98725e..41d6d7a 100644 --- a/components/camel-xstream/src/main/java/org/apache/camel/dataformat/xstream/AbstractXStreamWrapper.java +++ b/components/camel-xstream/src/main/java/org/apache/camel/dataformat/xstream/AbstractXStreamWrapper.java @@ -32,7 +32,10 @@ import com.thoughtworks.xstream.core.util.CompositeClassLoader; import com.thoughtworks.xstream.io.HierarchicalStreamDriver; import com.thoughtworks.xstream.io.HierarchicalStreamReader; import com.thoughtworks.xstream.io.HierarchicalStreamWriter; - +import com.thoughtworks.xstream.security.AnyTypePermission; +import com.thoughtworks.xstream.security.ExplicitTypePermission; +import com.thoughtworks.xstream.security.TypePermission; +import com.thoughtworks.xstream.security.WildcardTypePermission; import org.apache.camel.CamelContext; import org.apache.camel.Exchange; import org.apache.camel.converter.jaxp.StaxConverter; @@ -47,7 +50,9 @@ import org.apache.camel.util.ObjectHelper; * ({@link DataFormat}) interface which leverage the XStream library for XML or JSON's marshaling and unmarshaling */ public abstract class AbstractXStreamWrapper extends ServiceSupport implements DataFormat, DataFormatName { - + private static final String PERMISSIONS_PROPERTY_KEY = "org.apache.camel.xstream.permissions"; + private static final String PERMISSIONS_PROPERTY_DEFAULT = "-*,java.lang.*,java.util.*"; + private XStream xstream; private HierarchicalStreamDriver xstreamDriver; private StaxConverter staxConverter; @@ -55,6 +60,7 @@ public abstract class AbstractXStreamWrapper extends ServiceSupport implements D private Map aliases; private Map omitFields; private Map implicitCollections; + private String permissions; private String mode; public AbstractXStreamWrapper() { @@ -174,6 +180,14 @@ public abstract class AbstractXStreamWrapper extends ServiceSupport implements D } } + addDefaultPermissions(xstream); + if (this.permissions != null) { + // permissions ::= pterm (',' pterm)* # consits of one or more terms + // pterm ::= aod? wterm # each term preceded by an optional sign + // aod ::= '+' | '-' # indicates allow or deny where allow if omitted + // wterm ::= a class name with optional wildcard characters + addPermissions(xstream, permissions); + } } catch (Exception e) { throw new RuntimeException("Unable to build XStream instance", e); } @@ -181,6 +195,44 @@ public abstract class AbstractXStreamWrapper extends ServiceSupport implements D return xstream; } + private static void addPermissions(XStream xstream, String permissions) { + for (String pterm : permissions.split(",")) { + boolean aod; + pterm = pterm.trim(); + if (pterm.startsWith("-")) { + aod = false; + pterm = pterm.substring(1); + } else { + aod = true; + if (pterm.startsWith("+")) { + pterm = pterm.substring(1); + } + } + TypePermission typePermission = null; + if ("*".equals(pterm)) { + // accept or deny any + typePermission = AnyTypePermission.ANY; + } else if (pterm.indexOf('*') < 0) { + // exact type + typePermission = new ExplicitTypePermission(new String[]{pterm}); + } else if (pterm.length() > 0) { + // wildcard type + typePermission = new WildcardTypePermission(new String[]{pterm}); + } + if (typePermission != null) { + if (aod) { + xstream.addPermission(typePermission); + } else { + xstream.denyPermission(typePermission); + } + } + } + } + + private static void addDefaultPermissions(XStream xstream) { + addPermissions(xstream, System.getProperty(PERMISSIONS_PROPERTY_KEY, PERMISSIONS_PROPERTY_DEFAULT)); + } + protected int getModeFromString(String modeString) { int result; if ("NO_REFERENCES".equalsIgnoreCase(modeString)) { @@ -252,6 +304,14 @@ public abstract class AbstractXStreamWrapper extends ServiceSupport implements D this.xstreamDriver = xstreamDriver; } + public String getPermissions() { + return permissions; + } + + public void setPermissions(String permissions) { + this.permissions = permissions; + } + public String getMode() { return mode; } http://git-wip-us.apache.org/repos/asf/camel/blob/369d0a6d/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/MarshalDomainObjectTest.java ---------------------------------------------------------------------- diff --git a/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/MarshalDomainObjectTest.java b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/MarshalDomainObjectTest.java index 2992a12..63bc534 100644 --- a/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/MarshalDomainObjectTest.java +++ b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/MarshalDomainObjectTest.java @@ -19,6 +19,8 @@ package org.apache.camel.dataformat.xstream; import org.apache.camel.builder.RouteBuilder; import org.apache.camel.component.mock.MockEndpoint; import org.apache.camel.test.junit4.CamelTestSupport; +import org.junit.AfterClass; +import org.junit.BeforeClass; import org.junit.Test; /** @@ -26,6 +28,16 @@ import org.junit.Test; */ public class MarshalDomainObjectTest extends CamelTestSupport { + @BeforeClass + public static void setup() { + XStreamTestUtils.setPermissionSystemProperty(""); + } + + @AfterClass + public static void cleanup() { + XStreamTestUtils.revertPermissionSystemProperty(); + } + @Test public void testMarshalDomainObject() throws Exception { MockEndpoint mock = getMockEndpoint("mock:result"); http://git-wip-us.apache.org/repos/asf/camel/blob/369d0a6d/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/UnmarshalThenMarshalTest.java ---------------------------------------------------------------------- diff --git a/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/UnmarshalThenMarshalTest.java b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/UnmarshalThenMarshalTest.java index 6e0f550..6e936a5 100644 --- a/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/UnmarshalThenMarshalTest.java +++ b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/UnmarshalThenMarshalTest.java @@ -23,12 +23,25 @@ import org.apache.camel.Processor; import org.apache.camel.builder.RouteBuilder; import org.apache.camel.component.mock.MockEndpoint; import org.apache.camel.test.junit4.CamelTestSupport; +import org.junit.AfterClass; +import org.junit.BeforeClass; import org.junit.Test; /** * @version */ public class UnmarshalThenMarshalTest extends CamelTestSupport { + + @BeforeClass + public static void setup() { + XStreamTestUtils.setPermissionSystemProperty(""); + } + + @AfterClass + public static void cleanup() { + XStreamTestUtils.revertPermissionSystemProperty(); + } + @Test public void testSendXmlAndUnmarshal() throws Exception { http://git-wip-us.apache.org/repos/asf/camel/blob/369d0a6d/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamConcurrencyTest.java ---------------------------------------------------------------------- diff --git a/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamConcurrencyTest.java b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamConcurrencyTest.java index 7a34f40..b0e6aa2 100644 --- a/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamConcurrencyTest.java +++ b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamConcurrencyTest.java @@ -22,6 +22,8 @@ import java.util.concurrent.Executors; import org.apache.camel.builder.RouteBuilder; import org.apache.camel.test.junit4.CamelTestSupport; +import org.junit.AfterClass; +import org.junit.BeforeClass; import org.junit.Test; /** @@ -29,6 +31,16 @@ import org.junit.Test; */ public class XStreamConcurrencyTest extends CamelTestSupport { + @BeforeClass + public static void setup() { + XStreamTestUtils.setPermissionSystemProperty(""); + } + + @AfterClass + public static void cleanup() { + XStreamTestUtils.revertPermissionSystemProperty(); + } + @Test public void testNoConcurrentProducers() throws Exception { doSendMessages(1, 1); http://git-wip-us.apache.org/repos/asf/camel/blob/369d0a6d/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamConfigurationTest.java ---------------------------------------------------------------------- diff --git a/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamConfigurationTest.java b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamConfigurationTest.java index 5a9c641..b411abe 100644 --- a/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamConfigurationTest.java +++ b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamConfigurationTest.java @@ -33,6 +33,8 @@ import org.apache.camel.builder.RouteBuilder; import org.apache.camel.component.mock.MockEndpoint; import org.apache.camel.model.dataformat.XStreamDataFormat; import org.apache.camel.test.junit4.CamelTestSupport; +import org.junit.AfterClass; +import org.junit.BeforeClass; import org.junit.Test; /** @@ -42,6 +44,16 @@ public class XStreamConfigurationTest extends CamelTestSupport { private static volatile boolean constructorInjected; private static volatile boolean methodInjected; + + @BeforeClass + public static void setup() { + XStreamTestUtils.setPermissionSystemProperty(""); + } + + @AfterClass + public static void cleanup() { + XStreamTestUtils.revertPermissionSystemProperty(); + } @Override public void setUp() throws Exception { http://git-wip-us.apache.org/repos/asf/camel/blob/369d0a6d/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamDataFormatDriverConfigTest.java ---------------------------------------------------------------------- diff --git a/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamDataFormatDriverConfigTest.java b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamDataFormatDriverConfigTest.java index c3e44fe..207c26d 100644 --- a/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamDataFormatDriverConfigTest.java +++ b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamDataFormatDriverConfigTest.java @@ -18,7 +18,6 @@ package org.apache.camel.dataformat.xstream; import com.thoughtworks.xstream.XStream; import com.thoughtworks.xstream.io.json.JsonHierarchicalStreamDriver; -import org.apache.camel.impl.DefaultClassResolver; import org.apache.camel.test.junit4.CamelTestSupport; import org.junit.Test; http://git-wip-us.apache.org/repos/asf/camel/blob/369d0a6d/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamDataFormatPermissionsSystemPropertyTest.java ---------------------------------------------------------------------- diff --git a/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamDataFormatPermissionsSystemPropertyTest.java b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamDataFormatPermissionsSystemPropertyTest.java new file mode 100644 index 0000000..8da946d --- /dev/null +++ b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamDataFormatPermissionsSystemPropertyTest.java @@ -0,0 +1,47 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.dataformat.xstream; + +import com.thoughtworks.xstream.XStream; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; + +public class XStreamDataFormatPermissionsSystemPropertyTest extends XStreamDataFormatPermissionsTest { + + @BeforeClass + public static void setup() { + // clear the default permissions system property + // see AbstractXStreamWrapper.PERMISSIONS_PROPERTY_DEFAULT + XStreamTestUtils.setPermissionSystemProperty(""); + } + + @AfterClass + public static void cleanup() { + XStreamTestUtils.revertPermissionSystemProperty(); + } + + @Test + @Override + public void testNone() { + XStreamDataFormat xStreamDataFormat = new XStreamDataFormat(); + XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader()); + + Object po = xStream.fromXML(XML_PURCHASE_ORDER); + assertNotNull(po); + } +} http://git-wip-us.apache.org/repos/asf/camel/blob/369d0a6d/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamDataFormatPermissionsTest.java ---------------------------------------------------------------------- diff --git a/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamDataFormatPermissionsTest.java b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamDataFormatPermissionsTest.java new file mode 100644 index 0000000..3213624 --- /dev/null +++ b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamDataFormatPermissionsTest.java @@ -0,0 +1,178 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.dataformat.xstream; + +import com.thoughtworks.xstream.XStream; +import com.thoughtworks.xstream.security.ForbiddenClassException; +import org.apache.camel.test.junit4.CamelTestSupport; +import org.junit.Test; + +public class XStreamDataFormatPermissionsTest extends CamelTestSupport { + protected static final String XML_PURCHASE_ORDER = + "" + + "foo" + + "10.0" + + "1.0" + + ""; + protected static final String XML_PURCHASE_ORDERS_LIST = + "" + + "" + + "foo" + + "10.0" + + "1.0" + + "" + + "" + + "bar" + + "9.0" + + "2.0" + + "" + + ""; + + @Test + public void testNone() { + XStreamDataFormat xStreamDataFormat = new XStreamDataFormat(); + XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader()); + + try { + xStream.fromXML(XML_PURCHASE_ORDER); + fail("should fail to unmarshall"); + } catch (ForbiddenClassException e) { + // OK + } + } + + + @Test + public void testDeny() { + XStreamDataFormat xStreamDataFormat = new XStreamDataFormat(); + xStreamDataFormat.setPermissions("-org.apache.camel.dataformat.xstream.PurchaseOrder"); + + XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader()); + + try { + xStream.fromXML(XML_PURCHASE_ORDER); + fail("should fail to unmarshall"); + } catch (ForbiddenClassException e) { + // OK + } + } + + @Test + public void testAllow() { + XStreamDataFormat xStreamDataFormat = new XStreamDataFormat(); + xStreamDataFormat.setPermissions("org.apache.camel.dataformat.xstream.PurchaseOrder"); + + XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader()); + + Object po = xStream.fromXML(XML_PURCHASE_ORDER); + assertNotNull(po); + + po = xStream.fromXML(XML_PURCHASE_ORDERS_LIST); + assertNotNull(po); + } + + @Test + public void testAllowAndDeny() { + XStreamDataFormat xStreamDataFormat = new XStreamDataFormat(); + xStreamDataFormat.setPermissions("org.apache.camel.dataformat.xstream.PurchaseOrder,-org.apache.camel.dataformat.xstream.*"); + + XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader()); + + try { + xStream.fromXML(XML_PURCHASE_ORDER); + fail("should fail to unmarshall"); + } catch (ForbiddenClassException e) { + // OK + } + } + + @Test + public void testDenyAndAllowDeny() { + XStreamDataFormat xStreamDataFormat = new XStreamDataFormat(); + xStreamDataFormat.setPermissions("-org.apache.camel.dataformat.xstream.*,org.apache.camel.dataformat.xstream.PurchaseOrder"); + + XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader()); + + Object po = xStream.fromXML(XML_PURCHASE_ORDER); + assertNotNull(po); + + po = xStream.fromXML(XML_PURCHASE_ORDERS_LIST); + assertNotNull(po); + } + + @Test + public void testAllowAny() { + XStreamDataFormat xStreamDataFormat = new XStreamDataFormat(); + xStreamDataFormat.setPermissions("*"); + + XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader()); + + Object po = xStream.fromXML(XML_PURCHASE_ORDER); + assertNotNull(po); + + po = xStream.fromXML(XML_PURCHASE_ORDERS_LIST); + assertNotNull(po); + } + + @Test + public void testAllowAnyAndDeny() { + XStreamDataFormat xStreamDataFormat = new XStreamDataFormat(); + xStreamDataFormat.setPermissions("*,-org.apache.camel.dataformat.xstream.PurchaseOrder"); + + XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader()); + + try { + xStream.fromXML(XML_PURCHASE_ORDER); + fail("should fail to unmarshall"); + } catch (ForbiddenClassException e) { + // OK + } + } + + @Test + public void testDenyAny() { + XStreamDataFormat xStreamDataFormat = new XStreamDataFormat(); + xStreamDataFormat.setPermissions("-*"); + + XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader()); + + try { + xStream.fromXML(XML_PURCHASE_ORDER); + fail("should fail to unmarshall"); + } catch (ForbiddenClassException e) { + // OK + } + } + + @Test + public void testDenyAnyAndAllow() { + XStreamDataFormat xStreamDataFormat = new XStreamDataFormat(); + xStreamDataFormat.setPermissions("-*,org.apache.camel.dataformat.xstream.PurchaseOrder"); + + XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader()); + + Object po = xStream.fromXML(XML_PURCHASE_ORDER); + assertNotNull(po); + + try { + xStream.fromXML(XML_PURCHASE_ORDERS_LIST); + fail("should fail to unmarshall"); + } catch (ForbiddenClassException e) { + // OK + } + } +} http://git-wip-us.apache.org/repos/asf/camel/blob/369d0a6d/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamTestUtils.java ---------------------------------------------------------------------- diff --git a/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamTestUtils.java b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamTestUtils.java new file mode 100644 index 0000000..ff6cf35 --- /dev/null +++ b/components/camel-xstream/src/test/java/org/apache/camel/dataformat/xstream/XStreamTestUtils.java @@ -0,0 +1,46 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.camel.dataformat.xstream; + +/** + * + */ +final class XStreamTestUtils { + static final String PERMISSIONS_PROPERTY_KEY = "org.apache.camel.xstream.permissions"; + private static String oldProperty; + + private XStreamTestUtils() { + } + + public static void setPermissionSystemProperty(String value) { + oldProperty = System.getProperty(PERMISSIONS_PROPERTY_KEY); + if (value == null) { + System.clearProperty(PERMISSIONS_PROPERTY_KEY); + } else { + System.setProperty(PERMISSIONS_PROPERTY_KEY, value); + } + } + + public static void revertPermissionSystemProperty() { + if (oldProperty == null) { + System.clearProperty(PERMISSIONS_PROPERTY_KEY); + } else { + System.setProperty(PERMISSIONS_PROPERTY_KEY, oldProperty); + } + } +} http://git-wip-us.apache.org/repos/asf/camel/blob/369d0a6d/components/camel-xstream/src/test/resources/org/apache/camel/dataformat/xstream/SpringXStreamConfigurationTest.xml ---------------------------------------------------------------------- diff --git a/components/camel-xstream/src/test/resources/org/apache/camel/dataformat/xstream/SpringXStreamConfigurationTest.xml b/components/camel-xstream/src/test/resources/org/apache/camel/dataformat/xstream/SpringXStreamConfigurationTest.xml index a171086..97a5e80 100644 --- a/components/camel-xstream/src/test/resources/org/apache/camel/dataformat/xstream/SpringXStreamConfigurationTest.xml +++ b/components/camel-xstream/src/test/resources/org/apache/camel/dataformat/xstream/SpringXStreamConfigurationTest.xml @@ -29,7 +29,8 @@ - + http://git-wip-us.apache.org/repos/asf/camel/blob/369d0a6d/parent/pom.xml ---------------------------------------------------------------------- diff --git a/parent/pom.xml b/parent/pom.xml index 98ad5c6..498babb 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -570,7 +570,7 @@ org.apache.velocity.*;version="[1.6.2,2)", org.apache.xmlbeans.*;version="[2.4,3)", org.eclipse.jetty.*;version="[8.0,10)", - com.thoughtworks.xstream.*;version="[1.3,2)", + com.thoughtworks.xstream.*;version="[1.4.7,2)", org.antlr.stringtemplate.*;version="[3.0,4)", org.ccil.cowan.tagsoup.*;version="[1.2,2)", org.mortbay.cometd.*;version="[6.1,7)",