|
Restlet Framework 2.2.3 Google App Engine |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.restlet.engine.Helper
org.restlet.engine.converter.ConverterHelper
org.restlet.ext.xstream.XstreamConverter
public class XstreamConverter
Converter between the XML/JSON and Representation classes based on XStream.
SECURITY WARNING: XStream applies various techniques under the hood to ensure
it is able to handle all types of objects. This includes using undocumented
Java features and reflection. The XML generated by XStream includes all
information required to build objects of almost any type. This introduces a
potential security problem.
The XML provided to XStream for conversion to a Java object can be
manipulated to inject objects into the unmarshalled object graph, which were
not present at marshalling time. An attacker could exploit this to execute
arbitrary code or shell commands in the context of the server running the
XStream process. This issue has been addressed and is clearly documented
here: XStream
Security Framework.
You can configure the Xstream object used by this converter by overriding the
createXstream(MediaType, Class)
method and apply your own security
permissions, and provide this new converter to the Restlet Engine (see
org.restlet.engine.Engine#getRegisteredConverters method).
Constructor Summary | |
---|---|
XstreamConverter()
Constructor. |
Method Summary | ||
---|---|---|
protected
|
create(MediaType mediaType,
T source)
Creates the marshaling XstreamRepresentation . |
|
protected
|
create(Representation source,
Class<T> target)
Creates the unmarshaling XstreamRepresentation . |
|
|
createXstream(MediaType mediaType,
Class<T> target)
Creates an XStream object based on a media type. |
|
Class<? extends HierarchicalStreamDriver> |
getJsonDriverClass()
Returns the XStream JSON driver class. |
|
List<Class<?>> |
getObjectClasses(Variant source)
|
|
List<VariantInfo> |
getVariants(Class<?> source)
|
|
Class<? extends HierarchicalStreamDriver> |
getXmlDriverClass()
Returns the XStream XML driver class. |
|
float |
score(Object source,
Variant target,
Resource resource)
|
|
|
score(Representation source,
Class<T> target,
Resource resource)
|
|
void |
setJsonDriverClass(Class<? extends HierarchicalStreamDriver> jsonDriverClass)
Sets the XStream JSON driver class. |
|
void |
setXmlDriverClass(Class<? extends HierarchicalStreamDriver> xmlDriverClass)
Sets the XStream XML driver class. |
|
|
toObject(Representation source,
Class<T> target,
Resource resource)
|
|
Representation |
toRepresentation(Object source,
Variant target,
Resource resource)
|
|
|
updatePreferences(List<Preference<MediaType>> preferences,
Class<T> entity)
|
Methods inherited from class org.restlet.engine.converter.ConverterHelper |
---|
addObjectClass, addVariant, addVariants, getVariants, updatePreferences |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public XstreamConverter()
Method Detail |
---|
protected <T> XstreamRepresentation<T> create(MediaType mediaType, T source)
XstreamRepresentation
.
T
- mediaType
- The target media type.source
- The source object to marshal.
XstreamRepresentation
.protected <T> XstreamRepresentation<T> create(Representation source, Class<T> target) throws IOException
XstreamRepresentation
.
T
- source
- The source representation to unmarshal.target
- The expected class of the Java object.
XstreamRepresentation
.
IOException
public <T> XStream createXstream(MediaType mediaType, Class<T> target) throws IOException
HierarchicalStreamDriver
or a DomDriver
. To be overriden
in order to customize security permissions.
T
- mediaType
- The serialization media type.target
- The expected class of the Java object.
IOException
public Class<? extends HierarchicalStreamDriver> getJsonDriverClass()
public List<Class<?>> getObjectClasses(Variant source)
getObjectClasses
in class ConverterHelper
public List<VariantInfo> getVariants(Class<?> source)
getVariants
in class ConverterHelper
public Class<? extends HierarchicalStreamDriver> getXmlDriverClass()
public float score(Object source, Variant target, Resource resource)
score
in class ConverterHelper
public <T> float score(Representation source, Class<T> target, Resource resource)
score
in class ConverterHelper
public void setJsonDriverClass(Class<? extends HierarchicalStreamDriver> jsonDriverClass)
jsonDriverClass
- The XStream JSON driver class.public void setXmlDriverClass(Class<? extends HierarchicalStreamDriver> xmlDriverClass)
xmlDriverClass
- The XStream XML driver class.public <T> T toObject(Representation source, Class<T> target, Resource resource) throws IOException
toObject
in class ConverterHelper
IOException
public Representation toRepresentation(Object source, Variant target, Resource resource)
toRepresentation
in class ConverterHelper
public <T> void updatePreferences(List<Preference<MediaType>> preferences, Class<T> entity)
updatePreferences
in class ConverterHelper
|
Restlet Framework 2.2.3 Google App Engine |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |