001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.activemq.transport.stomp; 018 019 import com.thoughtworks.xstream.XStream; 020 import com.thoughtworks.xstream.security.AnyTypePermission; 021 import com.thoughtworks.xstream.security.NoTypePermission; 022 import com.thoughtworks.xstream.security.PrimitiveTypePermission; 023 import org.apache.activemq.util.ClassLoadingAwareObjectInputStream; 024 025 import java.util.Collection; 026 import java.util.Map; 027 028 public class XStreamSupport { 029 030 public static XStream createXStream() { 031 XStream stream = new XStream(); 032 stream.addPermission(NoTypePermission.NONE); 033 stream.addPermission(PrimitiveTypePermission.PRIMITIVES); 034 stream.allowTypeHierarchy(Collection.class); 035 stream.allowTypeHierarchy(Map.class); 036 stream.allowTypes(new Class[]{String.class}); 037 if (ClassLoadingAwareObjectInputStream.isAllAllowed()) { 038 stream.addPermission(AnyTypePermission.ANY); 039 } else { 040 for (String packageName : ClassLoadingAwareObjectInputStream.serializablePackages) { 041 stream.allowTypesByWildcard(new String[]{packageName + ".**"}); 042 } 043 } 044 return stream; 045 } 046 047 }