Log Message
Document security defaults.
Modified Paths
Diff
Modified: branches/v-1.4.x/xstream-distribution/src/content/security.html (2253 => 2254)
--- branches/v-1.4.x/xstream-distribution/src/content/security.html 2014-02-06 21:56:57 UTC (rev 2253)
+++ branches/v-1.4.x/xstream-distribution/src/content/security.html 2014-02-07 17:36:31 UTC (rev 2254)
@@ -94,9 +94,9 @@
<h2 id="validation">XML Validation</h2>
<p>XML itself supports input validation using a schema and a validating parser. With XStream, you can use e.g. a
- StAX parser for validation, but it will take some effort to ensure that the XML read and written by XStream matches
- the schema in first place. Typically you will have to write some custom converters, but it can be worth the effort
- depending on the use case.</p>
+ StAX parser for validation, but it will take some effort to ensure that the XML read and written by XStream matches
+ the schema in first place. Typically you will have to write some custom converters, but it can be worth the effort
+ depending on the use case.</p>
<h1 id="framework">Security Framework</h1>
@@ -150,73 +150,87 @@
<th>Permission</th>
<th>Description</th>
<th>Example</th>
+ <th>Default</th>
</tr>
<tr>
<td><a href=""
<td>Allow any type. You may use the ANY instance directly. A registration of this permission will wipe any
prior one.</td>
<td> </td>
+ <td>yes</td>
</tr>
<tr>
<td><a href=""
<td>Allow any array type. You may use the ARRAYS instance directly.</td>
<td> </td>
+ <td>no</td>
</tr>
<tr>
<td><a href=""
<td>Allow any CGLIB proxy type. You may use the PROXIES instance directly.</td>
<td> </td>
+ <td>no</td>
</tr>
<tr>
<td><a href=""
<td>Allow types explicitly by name.</td>
<td> </td>
+ <td>–</td>
</tr>
<tr>
<td><a href=""
<td>Allow any interface type. You may use the INTERFACES instance directly.</td>
<td> </td>
+ <td>no</td>
</tr>
<tr>
<td><a href=""
<td>Invert any other permission. Instances of this type are used by XStream in the deny methods.</td>
- <td class="example"> </td>
+ <td> </td>
+ <td>no</td>
</tr>
<tr>
<td><a href=""
<td>Allow no type. You may use the NONE instance directly. A registration of this permission will wipe any
prior one.</td>
<td> </td>
+ <td>–</td>
</tr>
<tr>
<td><a href=""
<td>Allow null as type. You may use the NULL instance directly.</td>
<td> </td>
+ <td>no</td>
</tr>
<tr>
<td><a href=""
<td>Allow any primitive type and its boxed counterpart (incl void). You may use the PROXIES instance directly.</td>
<td> </td>
+ <td>no</td>
</tr>
<tr>
<td><a href=""
<td>Allow any Java proxy type. You may use the PROXIES instance directly.</td>
<td> </td>
+ <td>no</td>
</tr>
<tr>
<td><a href=""
<td>Allow any type that matches with its name a regular _expression_.</td>
<td class="example">.*\\.core\\..*<br/>[^$]+</td>
+ <td>–</td>
</tr>
<tr>
<td><a href=""
<td>Allow types of a hierarchy.</td>
<td> </td>
+ <td>–</td>
</tr>
<tr>
<td><a href=""
<td>Allow any type that matches with its name a wildcard _expression_.</td>
<td class="example">java.lang.*<br/>java.util.**</td>
+ <td>–</td>
</tr>
</table>
@@ -234,7 +248,7 @@
xstream.allowTypeHierarchy(Collection.class);
// allow any type from the same package
xstream.allowTypesByWildcard(new String[] {
- Blog.class.getPackage().getName()+".**"
+ Blog.class.getPackage().getName()+".*"
});
</pre></div>
To unsubscribe from this list please visit:
