Example 1 with ForbiddenClassException
use of com.thoughtworks.xstream.security.ForbiddenClassException in project camel by apache.
the class XStreamDataFormatPermissionsTest method testDenyAny.
@Test
public void testDenyAny() {
XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
xStreamDataFormat.setPermissions("-*");
XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader());
try {
xStream.fromXML(XML_PURCHASE_ORDER);
fail("should fail to unmarshall");
} catch (ForbiddenClassException e) {
// OK
}
}
Also used :
XStream(com.thoughtworks.xstream.XStream)
ForbiddenClassException(com.thoughtworks.xstream.security.ForbiddenClassException)
Test(org.junit.Test)
Example 2 with ForbiddenClassException
use of com.thoughtworks.xstream.security.ForbiddenClassException in project camel by apache.
the class XStreamDataFormatPermissionsTest method testAllowAndDeny.
@Test
public void testAllowAndDeny() {
XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
xStreamDataFormat.setPermissions("org.apache.camel.dataformat.xstream.PurchaseOrder,-org.apache.camel.dataformat.xstream.*");
XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader());
try {
xStream.fromXML(XML_PURCHASE_ORDER);
fail("should fail to unmarshall");
} catch (ForbiddenClassException e) {
// OK
}
}
Also used :
XStream(com.thoughtworks.xstream.XStream)
ForbiddenClassException(com.thoughtworks.xstream.security.ForbiddenClassException)
Test(org.junit.Test)
Example 3 with ForbiddenClassException
use of com.thoughtworks.xstream.security.ForbiddenClassException in project camel by apache.
the class XStreamDataFormatPermissionsTest method testDenyAnyAndAllow.
@Test
public void testDenyAnyAndAllow() {
XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
xStreamDataFormat.setPermissions("-*,org.apache.camel.dataformat.xstream.PurchaseOrder");
XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader());
Object po = xStream.fromXML(XML_PURCHASE_ORDER);
assertNotNull(po);
try {
xStream.fromXML(XML_PURCHASE_ORDERS_LIST);
fail("should fail to unmarshall");
} catch (ForbiddenClassException e) {
// OK
}
}
Also used :
XStream(com.thoughtworks.xstream.XStream)
ForbiddenClassException(com.thoughtworks.xstream.security.ForbiddenClassException)
Test(org.junit.Test)
Example 4 with ForbiddenClassException
use of com.thoughtworks.xstream.security.ForbiddenClassException in project camel by apache.
the class XStreamDataFormatPermissionsTest method testDeny.
@Test
public void testDeny() {
XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
xStreamDataFormat.setPermissions("-org.apache.camel.dataformat.xstream.PurchaseOrder");
XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader());
try {
xStream.fromXML(XML_PURCHASE_ORDER);
fail("should fail to unmarshall");
} catch (ForbiddenClassException e) {
// OK
}
}
Also used :
XStream(com.thoughtworks.xstream.XStream)
ForbiddenClassException(com.thoughtworks.xstream.security.ForbiddenClassException)
Test(org.junit.Test)
Example 5 with ForbiddenClassException
use of com.thoughtworks.xstream.security.ForbiddenClassException in project camel by apache.
the class XStreamDataFormatPermissionsTest method testNone.
@Test
public void testNone() {
XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
XStream xStream = xStreamDataFormat.createXStream(context.getClassResolver(), context.getApplicationContextClassLoader());
try {
xStream.fromXML(XML_PURCHASE_ORDER);
fail("should fail to unmarshall");
} catch (ForbiddenClassException e) {
// OK
}
}
Also used :
XStream(com.thoughtworks.xstream.XStream)
ForbiddenClassException(com.thoughtworks.xstream.security.ForbiddenClassException)
Test(org.junit.Test)
Aggregations
XStream (com.thoughtworks.xstream.XStream)6
ForbiddenClassException (com.thoughtworks.xstream.security.ForbiddenClassException)6
Test (org.junit.Test)6
