Re: System.proerties setting to set xtream(1.4.20) permission Globaly in Apache karaf 4.3.7

Thu, 29 Jun 2023 10:43:11 -0700

When you construct XStream mapper instance you can pass a whitelist for permitted packages and/or types. This error comes from XStream itself. 
An example of security settings for XStream:
https://github.com/opensmarthouse/opensmarthouse-core/blob/7a5fac046a6c110f5c85721b0e279916db6a18cf/bundles/org.opensmarthouse.core.binding.xml/src/main/java/org/openhab/core/binding/xml/internal/BindingInfoReader.java#L89

Best,
Łukasz

On 16.05.2023 16:00, Chandan Singh wrote:


Hi All ,
Any inputs on this ,  We want to set the permission globally on karaf  to avoid  setting at  each Class level .
On Tue, May 16, 2023 at 12:23 AM Chandan Singh <[email protected] <mailto:[email protected]>> wrote: 


    Hi All ,

    Any idea how to set  permissions for xtream packages  to avoid the
    forbidden exception as shown
    below


    Caused by:
    com.thoughtworks.xstream.security.ForbiddenClassException:
    com.xx.xx.xx.parser.MyClass

             at
    
com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
 ~[!/:?]

             at
    
com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74)
 ~[!/:?]

             at
    
com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125) 
~[!/:?]

             at
    
com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47) 
~[!/:?]

             at
    
com.thoughtworks.xstream.core.util.HierarchicalStreams.readClassType(HierarchicalStreams.java:29)
 ~[!/:?]

             at
    
com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:135) 
~[!/:?]

             at
    
com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
 ~[!/:?]

             at
    com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1464) ~[!/:?]

             at
    com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1441) ~[!/:?]

             at
    com.thoughtworks.xstream.XStream.fromXML(XStream.java:1321) ~[!/:?]

             at
    com.thoughtworks.xstream.XStream.fromXML(XStream.java:1312) ~[!/:?]



    I had the below seeting in  pas Karaf  System.properties  and it
    used to work in earlier  versions  .


    org.apache.camel.xstream.permissions=com.xx.xx.**,java.lang.*,java.util.**
    *com.thoughtworks.xstream.permissions=com.xx.xx.*,java.lang.*,java.util.* *
    *
    *
    *
    *
    *Please advice if the there is any change in Syntax or  any other
    config required ? *
    *
    *
    *
    *
    *Regards*
    *Chandan*

Reply via email to