Hi Jörg This is an excellent implementation! Very clean, easy to use, flexible and extensible. I think even Paul will approve of the implementation :)
If anyone else wants to take a look, the code is here: https://fisheye.codehaus.org/changelog/xstream?cs=2210. I have one very minor nitpick. In XStream.addPermission(TypePermission), can you make it throw an exception instead of failing silently if a permission is added without a SecurityMapper. This would reduce the chance of a user error causing permissions to be silently dropped. Thanks for doing this! Thanks -Joe On Thu, Jan 9, 2014 at 1:08 PM, Jörg Schaible <[email protected]> wrote: > Hi Joe, > > Joe Walnes wrote: > > > On Tue, Jan 7, 2014 at 5:58 PM, Jörg Schaible > > <[email protected]> wrote: > > [snip] > > >> Since I already proposed an upcoming 1.5.0 to require Java 6 and 1.4.x > to > >> stay compatible, the best compromise is to turn whitelisting on for > 1.5.x > >> and port the mechanism back into the 1.4.x branch, without activating it > >> by default. Since the code base is currently not yet really different, > it > >> should be easy. > >> > >> So anyone who relies on 1.4.x to be a drop-in replacement can do so and > >> will > >> at least not suffer from the EventHandler (unless he has such instances > >> in his object graph) and for 1.5.x there might be more changes anyway. > >> > >> Sounds reasonable? > > > > Sounds excellent! :) > > I've committed now a version to trunk that contains the new security > framework. You may have a look (or at least to the diff). It allows > currently anything by default, but that will change after merging the > changes to the branch. I'll have to write some docs, too. > > Cheers, > Jörg > > > --------------------------------------------------------------------- > To unsubscribe from this list, please visit: > > http://xircles.codehaus.org/manage_email > > >
