Commit efcee727 authored by Jamin Collins's avatar Jamin Collins

configure XStream security for QuestPetStorage

Signed-off-by: Jamin Collins's avatarJamin W. Collins <jamin.collins@gmail.com>
parent 0e2f47dc
package forge.quest.bazaar;
import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.security.NoTypePermission;
import com.thoughtworks.xstream.security.NullPermission;
import com.thoughtworks.xstream.security.PrimitiveTypePermission;
import forge.quest.data.QuestAssets;
import forge.util.IgnoringXStream;
import forge.util.XmlUtil;
......@@ -42,6 +45,17 @@ public class QuestPetStorage {
final Document document = builder.parse(file);
final XStream xs = new IgnoringXStream();
// clear out existing permissions and set our own
xs.addPermission(NoTypePermission.NONE);
// allow some basics
xs.addPermission(NullPermission.NULL);
xs.addPermission(PrimitiveTypePermission.PRIMITIVES);
xs.allowTypeHierarchy(String.class);
// allow any type from the same package
xs.allowTypesByWildcard(new String[] {
QuestPetStorage.class.getPackage().getName()+".*"
});
xs.autodetectAnnotations(true);
final NodeList xmlPets = document.getElementsByTagName("pets").item(0).getChildNodes();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment