use of com.thoughtworks.xstream.security.ForbiddenClassException in project camel by apache.
the class XStreamDataFormatPermissionsTest method testDenyAny.
@Test
public void testDenyAny() {
XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
xStreamDataFormat.setPermissions("-*");
XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader());
try {
xStream.fromXML(XML_PURCHASE_ORDER);
fail("should fail to unmarshall");
} catch (ForbiddenClassException e) {
// OK
}
}
use of com.thoughtworks.xstream.security.ForbiddenClassException in project camel by apache.
the class XStreamDataFormatPermissionsTest method testAllowAndDeny.
@Test
public void testAllowAndDeny() {
XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
xStreamDataFormat.setPermissions("org.apache.camel.dataformat.xstream.PurchaseOrder,-org.apache.camel.dataformat.xstream.*");
XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader());
try {
xStream.fromXML(XML_PURCHASE_ORDER);
fail("should fail to unmarshall");
} catch (ForbiddenClassException e) {
// OK
}
}
use of com.thoughtworks.xstream.security.ForbiddenClassException in project camel by apache.
the class XStreamDataFormatPermissionsTest method testDenyAnyAndAllow.
@Test
public void testDenyAnyAndAllow() {
XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
xStreamDataFormat.setPermissions("-*,org.apache.camel.dataformat.xstream.PurchaseOrder");
XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader());
Object po = xStream.fromXML(XML_PURCHASE_ORDER);
assertNotNull(po);
try {
xStream.fromXML(XML_PURCHASE_ORDERS_LIST);
fail("should fail to unmarshall");
} catch (ForbiddenClassException e) {
// OK
}
}
use of com.thoughtworks.xstream.security.ForbiddenClassException in project camel by apache.
the class XStreamDataFormatPermissionsTest method testDeny.
@Test
public void testDeny() {
XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
xStreamDataFormat.setPermissions("-org.apache.camel.dataformat.xstream.PurchaseOrder");
XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader());
try {
xStream.fromXML(XML_PURCHASE_ORDER);
fail("should fail to unmarshall");
} catch (ForbiddenClassException e) {
// OK
}
}
use of com.thoughtworks.xstream.security.ForbiddenClassException in project camel by apache.
the class XStreamDataFormatPermissionsTest method testNone.
@Test
public void testNone() {
XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader());
try {
xStream.fromXML(XML_PURCHASE_ORDER);
fail("should fail to unmarshall");
} catch (ForbiddenClassException e) {
// OK
}
}
Aggregations