001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one or more
003     * contributor license agreements.  See the NOTICE file distributed with
004     * this work for additional information regarding copyright ownership.
005     * The ASF licenses this file to You under the Apache License, Version 2.0
006     * (the "License"); you may not use this file except in compliance with
007     * the License.  You may obtain a copy of the License at
008     *
009     *      http://www.apache.org/licenses/LICENSE-2.0
010     *
011     * Unless required by applicable law or agreed to in writing, software
012     * distributed under the License is distributed on an "AS IS" BASIS,
013     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     * See the License for the specific language governing permissions and
015     * limitations under the License.
016     */
017    package org.apache.activemq.transport.stomp;
018    
019    import com.thoughtworks.xstream.XStream;
020    import com.thoughtworks.xstream.security.AnyTypePermission;
021    import com.thoughtworks.xstream.security.NoTypePermission;
022    import com.thoughtworks.xstream.security.PrimitiveTypePermission;
023    import org.apache.activemq.util.ClassLoadingAwareObjectInputStream;
024    
025    import java.util.Collection;
026    import java.util.Map;
027    
028    public class XStreamSupport {
029    
030        public static XStream createXStream() {
031            XStream stream = new XStream();
032            stream.addPermission(NoTypePermission.NONE);
033            stream.addPermission(PrimitiveTypePermission.PRIMITIVES);
034            stream.allowTypeHierarchy(Collection.class);
035            stream.allowTypeHierarchy(Map.class);
036            stream.allowTypes(new Class[]{String.class});
037            if (ClassLoadingAwareObjectInputStream.isAllAllowed()) {
038                stream.addPermission(AnyTypePermission.ANY);
039            } else {
040                for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) {
041                    stream.allowTypesByWildcard(new String[]{packageName + ".**"});
042                }
043            }
044            return stream;
045        }
046    
047    }