Search in sources :

Example 1 with ForbiddenClassException

use of com.thoughtworks.xstream.security.ForbiddenClassException in project camel by apache.

the class XStreamDataFormatPermissionsTest method testDenyAny.

@Test
public void testDenyAny() {
    XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
    xStreamDataFormat.setPermissions("-*");
    XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader());
    try {
        xStream.fromXML(XML_PURCHASE_ORDER);
        fail("should fail to unmarshall");
    } catch (ForbiddenClassException e) {
    // OK
    }
}
Also used : XStream(com.thoughtworks.xstream.XStream) ForbiddenClassException(com.thoughtworks.xstream.security.ForbiddenClassException) Test(org.junit.Test)

Example 2 with ForbiddenClassException

use of com.thoughtworks.xstream.security.ForbiddenClassException in project camel by apache.

the class XStreamDataFormatPermissionsTest method testAllowAndDeny.

@Test
public void testAllowAndDeny() {
    XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
    xStreamDataFormat.setPermissions("org.apache.camel.dataformat.xstream.PurchaseOrder,-org.apache.camel.dataformat.xstream.*");
    XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader());
    try {
        xStream.fromXML(XML_PURCHASE_ORDER);
        fail("should fail to unmarshall");
    } catch (ForbiddenClassException e) {
    // OK
    }
}
Also used : XStream(com.thoughtworks.xstream.XStream) ForbiddenClassException(com.thoughtworks.xstream.security.ForbiddenClassException) Test(org.junit.Test)

Example 3 with ForbiddenClassException

use of com.thoughtworks.xstream.security.ForbiddenClassException in project camel by apache.

the class XStreamDataFormatPermissionsTest method testDenyAnyAndAllow.

@Test
public void testDenyAnyAndAllow() {
    XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
    xStreamDataFormat.setPermissions("-*,org.apache.camel.dataformat.xstream.PurchaseOrder");
    XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader());
    Object po = xStream.fromXML(XML_PURCHASE_ORDER);
    assertNotNull(po);
    try {
        xStream.fromXML(XML_PURCHASE_ORDERS_LIST);
        fail("should fail to unmarshall");
    } catch (ForbiddenClassException e) {
    // OK
    }
}
Also used : XStream(com.thoughtworks.xstream.XStream) ForbiddenClassException(com.thoughtworks.xstream.security.ForbiddenClassException) Test(org.junit.Test)

Example 4 with ForbiddenClassException

use of com.thoughtworks.xstream.security.ForbiddenClassException in project camel by apache.

the class XStreamDataFormatPermissionsTest method testDeny.

@Test
public void testDeny() {
    XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
    xStreamDataFormat.setPermissions("-org.apache.camel.dataformat.xstream.PurchaseOrder");
    XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader());
    try {
        xStream.fromXML(XML_PURCHASE_ORDER);
        fail("should fail to unmarshall");
    } catch (ForbiddenClassException e) {
    // OK
    }
}
Also used : XStream(com.thoughtworks.xstream.XStream) ForbiddenClassException(com.thoughtworks.xstream.security.ForbiddenClassException) Test(org.junit.Test)

Example 5 with ForbiddenClassException

use of com.thoughtworks.xstream.security.ForbiddenClassException in project camel by apache.

the class XStreamDataFormatPermissionsTest method testNone.

@Test
public void testNone() {
    XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
    XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader());
    try {
        xStream.fromXML(XML_PURCHASE_ORDER);
        fail("should fail to unmarshall");
    } catch (ForbiddenClassException e) {
    // OK
    }
}
Also used : XStream(com.thoughtworks.xstream.XStream) ForbiddenClassException(com.thoughtworks.xstream.security.ForbiddenClassException) Test(org.junit.Test)

Aggregations

XStream (com.thoughtworks.xstream.XStream)6 ForbiddenClassException (com.thoughtworks.xstream.security.ForbiddenClassException)6 Test (org.junit.Test)6