Log Message
Add TypeHierarchyPermission. Permit any class starting with net.sf.proxy with the CGLIBProxyTypePermission. Allow internal XStream marker type for Java proxies with the ProxyTypePermission.
Modified Paths
- trunk/xstream/src/java/com/thoughtworks/xstream/security/CGLIBProxyTypePermission.java
- trunk/xstream/src/java/com/thoughtworks/xstream/security/ProxyTypePermission.java
- trunk/xstream-distribution/src/content/security.html
Added Paths
Diff
Modified: trunk/xstream/src/java/com/thoughtworks/xstream/security/CGLIBProxyTypePermission.java (2225 => 2226)
--- trunk/xstream/src/java/com/thoughtworks/xstream/security/CGLIBProxyTypePermission.java 2014-01-24 23:11:47 UTC (rev 2225)
+++ trunk/xstream/src/java/com/thoughtworks/xstream/security/CGLIBProxyTypePermission.java 2014-01-24 23:20:49 UTC (rev 2226)
@@ -23,7 +23,8 @@
@Override
public boolean allows(final Class<?> type) {
- return type != null && Proxy.isProxyClass(type);
+ return type != null
+ && (Proxy.isProxyClass(type) || type.getName().startsWith(Proxy.class.getPackage().getName() + "."));
}
@Override
Modified: trunk/xstream/src/java/com/thoughtworks/xstream/security/ProxyTypePermission.java (2225 => 2226)
--- trunk/xstream/src/java/com/thoughtworks/xstream/security/ProxyTypePermission.java 2014-01-24 23:11:47 UTC (rev 2225)
+++ trunk/xstream/src/java/com/thoughtworks/xstream/security/ProxyTypePermission.java 2014-01-24 23:20:49 UTC (rev 2226)
@@ -8,7 +8,9 @@
import java.lang.reflect.Proxy;
+import com.thoughtworks.xstream.mapper.DynamicProxyMapper;
+
/**
* Permission for any array type.
*
@@ -23,7 +25,7 @@
@Override
public boolean allows(final Class<?> type) {
- return type != null && Proxy.isProxyClass(type);
+ return type != null && (Proxy.isProxyClass(type) || type == DynamicProxyMapper.DynamicProxy.class);
}
@Override
Added: trunk/xstream/src/java/com/thoughtworks/xstream/security/TypeHierarchyPermission.java (0 => 2226)
--- trunk/xstream/src/java/com/thoughtworks/xstream/security/TypeHierarchyPermission.java (rev 0)
+++ trunk/xstream/src/java/com/thoughtworks/xstream/security/TypeHierarchyPermission.java 2014-01-24 23:20:49 UTC (rev 2226)
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2014 XStream Committers.
+ * All rights reserved.
+ *
+ * Created on 23. January 2014 by Joerg Schaible
+ */
+package com.thoughtworks.xstream.security;
+
+/**
+ * Permission for a type hierarchy with a name matching one in the provided list.
+ *
+ * @author Jörg Schaible
+ * @since upcoming
+ */
+public class TypeHierarchyPermission implements TypePermission {
+
+ private Class<?> type;
+
+ /**
+ * @since upcoming
+ */
+ public TypeHierarchyPermission(Class<?> type) {
+ this.type = type;
+ }
+
+ @Override
+ public boolean allows(Class<?> type) {
+ if (type == null)
+ return false;
+ return this.type.isAssignableFrom(type);
+ }
+
+}
Property changes on: trunk/xstream/src/java/com/thoughtworks/xstream/security/TypeHierarchyPermission.java
___________________________________________________________________
Added: svn:keywords
Added: svn:eol-style
Modified: trunk/xstream-distribution/src/content/security.html (2225 => 2226)
--- trunk/xstream-distribution/src/content/security.html 2014-01-24 23:11:47 UTC (rev 2225)
+++ trunk/xstream-distribution/src/content/security.html 2014-01-24 23:20:49 UTC (rev 2226)
@@ -197,6 +197,11 @@
<td class="example">.*\\.core\\..*<br/>[^$]+</td>
</tr>
<tr>
+ <td><a href=""
+ <td>Allow types of a hierarchy.</td>
+ <td> </td>
+ </tr>
+ <tr>
<td><a href=""
<td>Allow any type that matches with its name a wildcard _expression_.</td>
<td class="example">java.lang.*<br/>java.util.**</td>
To unsubscribe from this list please visit:
