xstream icon indicating copy to clipboard operation
xstream copied to clipboard
verified publisher icon x-stream

ForbiddenClassException and how to avoid it ?

Open Shikari0744 opened this issue 3 years ago • 3 comments

Errors :

com.thoughtworks.xstream.security.ForbiddenClassException: com.*.Status
com.thoughtworks.xstream.security.ForbiddenClassException: com.*.Entry
.
.

I had similar problem. I want to know how do we do a proper initialization now to avoid ForbiddenClassException, because in newer it is failing during deserialization part.

 Object result;
        try (Reader sr = new StringReader(xmlData)) {
            result = xStream.fromXML(sr);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
        if (result == null) {
            throw new RuntimeException("ERROR: could not convert XML data to Object");
        }
        return (Status) result;

Note : I was using 1.4.17 earlier but I want to upgrade it to 1.4.19v.

Shikari0744 avatar Jul 11 '22 10:07 Shikari0744

See the description of the Security Framework to declare the proper rules for your types.

joehni avatar Jul 11 '22 22:07 joehni

I looked into the Security Framework you mentioned. I have included everything like alias, implicit array in addition to that I used ExplicitTypePermission for allowing certain types but still facing same issue ForbiddenClassException, eventhough I added that class manually inside allowTypes() method.

Shikari0744 avatar Jul 15 '22 13:07 Shikari0744

So, how do you actually initialize the XStream instance?

joehni avatar Jul 18 '22 23:07 joehni