Hi Joe, Joe Walnes wrote:
> Hi Jörg > > This is an excellent implementation! Very clean, easy to use, flexible and > extensible. I think even Paul will approve of the implementation :) > > If anyone else wants to take a look, the code is here: > https://fisheye.codehaus.org/changelog/xstream?cs=2210. I've activated the security permission now locally, the setupSecurity method contains the following lines as default: ========================== %< =========================== addPermission(NullPermission.NULL); addPermission(PrimitiveTypePermission.PRIMITIVES); addPermission(ArrayTypePermission.ARRAYS); addPermission(InterfaceTypePermission.INTERFACES); allowTypeHierarchy(Calendar.class); allowTypeHierarchy(Collection.class); allowTypeHierarchy(Enum.class); allowTypeHierarchy(Map.class); allowTypeHierarchy(Map.Entry.class); allowTypeHierarchy(Member.class); allowTypeHierarchy(Number.class); allowTypeHierarchy(TimeZone.class); allowTypes(BitSet.class, Charset.class, Class.class, Currency.class, Date.class, File.class, Locale.class, Object.class, Pattern.class, String.class, StringBuffer.class, StringBuilder.class, URL.class, URI.class, UUID.class); ========================== %< =========================== Is it too lenient - especially regarding the type hierarchies of Collection, Map or Member? The following types I have to enable explicitly for some of the unit tests: - java.awt.* (incl. Color, Font, TextAttribute, ...) - java.beans.* - java.lang.Throwable - java.lang.StackTraceElement - java.security.Principal - java.sql.Date - java.sql.Time - java.sql.Timestamp - java.text.DecimalFormatSymbols - javax.xml.datatype.DatatypeFactory (for DurationConverter) - javax.security.auth.Subject - javax.swing.* - Java Proxies - CGLIB Proxies Should I allow some of these also by default? E.g. Throwable & StackTraceElement or the java.sql.* types? > I have one very minor nitpick. In XStream.addPermission(TypePermission), > can you make it throw an exception instead of failing silently if a > permission is added without a SecurityMapper. This would reduce the chance > of a user error causing permissions to be silently dropped. By default we have *always* one. But what about people who provide an own Mapper chain explicitly without the SecurityMapper (a valid use case)? All those null checks for mappers are only there because of this possibility. Cheers, Jörg --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
