You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@uima.apache.org by cw...@apache.org on 2018/02/12 21:04:01 UTC
svn commit: r1824069 - in /uima/uima-ducc/trunk:
uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/
uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/config/
uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/
Author: cwiklik
Date: Mon Feb 12 21:04:01 2018
New Revision: 1824069
URL: http://svn.apache.org/viewvc?rev=1824069&view=rev
Log:
UIMA-5727 modified to reset xstream security to avoid warning msgs
Modified:
uima/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/XStreamUtils.java
uima/uima-ducc/trunk/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/config/ProcessManagerConfiguration.java
uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcher.java
uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcherCl.java
Modified: uima/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/XStreamUtils.java
URL: http://svn.apache.org/viewvc/uima/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/XStreamUtils.java?rev=1824069&r1=1824068&r2=1824069&view=diff
==============================================================================
--- uima/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/XStreamUtils.java (original)
+++ uima/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/XStreamUtils.java Mon Feb 12 21:04:01 2018
@@ -21,20 +21,26 @@ package org.apache.uima.ducc.common.util
import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.io.xml.DomDriver;
import com.thoughtworks.xstream.security.AnyTypePermission;
+import com.thoughtworks.xstream.security.NoTypePermission;
public class XStreamUtils {
+ private static void initXStreanSecurity(XStream xStream) {
+ XStream.setupDefaultSecurity(xStream);
+ xStream.addPermission(NoTypePermission.NONE);
+ xStream.addPermission(AnyTypePermission.ANY);
+ }
public static String marshall( Object targetToMarshall) throws Exception {
synchronized(XStreamUtils.class) {
XStream xStream = new XStream(new DomDriver());
- xStream.addPermission(AnyTypePermission.ANY);
+ initXStreanSecurity(xStream);
return xStream.toXML(targetToMarshall);
}
}
public static Object unmarshall( String targetToUnmarshall) throws Exception {
synchronized(XStreamUtils.class) {
XStream xStream = new XStream(new DomDriver());
- xStream.addPermission(AnyTypePermission.ANY);
+ initXStreanSecurity(xStream);
return xStream.fromXML(targetToUnmarshall);
}
}
Modified: uima/uima-ducc/trunk/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/config/ProcessManagerConfiguration.java
URL: http://svn.apache.org/viewvc/uima/uima-ducc/trunk/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/config/ProcessManagerConfiguration.java?rev=1824069&r1=1824068&r2=1824069&view=diff
==============================================================================
--- uima/uima-ducc/trunk/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/config/ProcessManagerConfiguration.java (original)
+++ uima/uima-ducc/trunk/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/config/ProcessManagerConfiguration.java Mon Feb 12 21:04:01 2018
@@ -28,6 +28,7 @@ import org.apache.camel.impl.DefaultClas
import org.apache.uima.ducc.common.config.CommonConfiguration;
import org.apache.uima.ducc.common.config.DuccBlastGuardPredicate;
import org.apache.uima.ducc.common.utils.DuccLogger;
+import org.apache.uima.ducc.common.utils.XStreamUtils;
import org.apache.uima.ducc.pm.ProcessManager;
import org.apache.uima.ducc.pm.ProcessManagerComponent;
import org.apache.uima.ducc.pm.event.ProcessManagerEventListener;
@@ -40,6 +41,7 @@ import org.springframework.context.annot
import org.springframework.context.annotation.Import;
import com.thoughtworks.xstream.XStream;
+import com.thoughtworks.xstream.security.AnyTypePermission;
/**
* A {@link ProcessManagerConfiguration} to configure Process Manager component. Depends on
@@ -127,10 +129,15 @@ public class ProcessManagerConfiguration
public void process(Exchange exchange) throws Exception {
String methodName="process";
if ( pm.getLogLevel().toLowerCase().equals("trace")) {
+ String marshalledEvent =
+ XStreamUtils.marshall(exchange.getIn().getBody());
+ /*
XStreamDataFormat xStreamDataFormat = new XStreamDataFormat();
xStreamDataFormat.setPermissions("*");
XStream xStream = xStreamDataFormat.getXStream(new DefaultClassResolver());
+ xStream.addPermission(AnyTypePermission.ANY);
String marshalledEvent = xStream.toXML(exchange.getIn().getBody());
+ */
pm.logAtTraceLevel(methodName, marshalledEvent);
}
// if ( logger.isDebug() ) {
Modified: uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcher.java
URL: http://svn.apache.org/viewvc/uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcher.java?rev=1824069&r1=1824068&r2=1824069&view=diff
==============================================================================
--- uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcher.java (original)
+++ uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcher.java Mon Feb 12 21:04:01 2018
@@ -19,13 +19,10 @@
package org.apache.uima.ducc.transport.dispatcher;
+import org.apache.uima.ducc.common.utils.XStreamUtils;
import org.apache.uima.ducc.transport.event.DuccEvent;
import org.apache.uima.ducc.transport.event.SubmitJobDuccEvent;
import org.apache.uima.ducc.transport.event.SubmitJobReplyDuccEvent;
-
-import com.thoughtworks.xstream.XStream;
-import com.thoughtworks.xstream.io.xml.DomDriver;
-import com.thoughtworks.xstream.security.AnyTypePermission;
/**
* Implementation of the HTTP based dispatcher. Uses commons HTTPClient for
* messaging. The body of each message is converted to a String (xml format).
@@ -61,20 +58,13 @@ public class DuccEventHttpDispatcher
String toXml(Object ev)
throws Exception
{
- DomDriver dd = new DomDriver();
- XStream xStream = new XStream(dd);
- xStream.addPermission(AnyTypePermission.ANY);
-
- return xStream.toXML(ev);
+ return XStreamUtils.marshall(ev);
}
Object fromXml(String str)
throws Exception
{
- DomDriver dd = new DomDriver();
- XStream xStream = new XStream(dd);
- xStream.addPermission(AnyTypePermission.ANY);
- return xStream.fromXML(str);
+ return XStreamUtils.unmarshall(str);
}
public static void main(String[] args) {
Modified: uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcherCl.java
URL: http://svn.apache.org/viewvc/uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcherCl.java?rev=1824069&r1=1824068&r2=1824069&view=diff
==============================================================================
--- uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcherCl.java (original)
+++ uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcherCl.java Mon Feb 12 21:04:01 2018
@@ -19,6 +19,12 @@
package org.apache.uima.ducc.transport.dispatcher;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.uima.ducc.common.utils.DuccProperties;
import org.apache.uima.ducc.transport.event.DuccEvent;
import org.apache.uima.ducc.transport.event.SubmitJobDuccEvent;
import org.apache.uima.ducc.transport.event.SubmitJobReplyDuccEvent;
@@ -61,40 +67,46 @@ public class DuccEventHttpDispatcherCl
classManager = new ClassManager(classpath);
}
+ private void secureXStream(Object xStream_obj) throws Exception {
+ Class<?> c = classManager.loadClass("com.thoughtworks.xstream.XStream");
+ Method m = c.getDeclaredMethod("setupDefaultSecurity", new Class[] {c});
+ m.invoke(null, new Object[] {xStream_obj });
+ Object noTypePermissionObject = classManager.construct("com.thoughtworks.xstream.security.NoTypePermission");
+ Field noneField = noTypePermissionObject.getClass().getDeclaredField("NONE");
+ Object anyTypePermissionObject = classManager.construct("com.thoughtworks.xstream.security.AnyTypePermission");
+ Field anyField = anyTypePermissionObject.getClass().getDeclaredField("ANY");
+
+ classManager.invoke(xStream_obj, "addPermission", new Object[] {noneField.get(null)});
+ classManager.invoke(xStream_obj, "addPermission", new Object[] {anyField.get(null)});
+ }
String toXml(Object ev)
throws Exception
{
- // DomDriver dd = new DomDriver();
-
Object dd_obj = classManager.construct("com.thoughtworks.xstream.io.xml.DomDriver", new Object[] {null});
- // XStream xStream = new XStream(dd);
Object xStream_obj = classManager.construct("com.thoughtworks.xstream.XStream", new Object[] {dd_obj});
- // return xStream.toXML(ev);
- return (String) classManager.invoke(xStream_obj, "toXML", new Object[] {ev});
+ secureXStream(xStream_obj);
+ String serializaedMsg = (String) classManager.invoke(xStream_obj, "toXML", new Object[] {ev});
+ return serializaedMsg;
+
}
Object fromXml(String str)
throws Exception
{
- // DomDriver dd = new DomDriver();
Object dd_obj = classManager.construct("com.thoughtworks.xstream.io.xml.DomDriver", new Object[] {null});
- // XStream xStream = new XStream(dd);
Object xStream_obj = classManager.construct("com.thoughtworks.xstream.XStream", new Object[] {dd_obj});
-
- // return xStream.fromXML(str);
- return classManager.invoke(xStream_obj, "fromXML", new Object[] {str});
+ secureXStream(xStream_obj);
+ return classManager.invoke(xStream_obj, "fromXML", new Object[] {str});
}
Object fromJson(String str, Class<?> cl)
throws Exception
{
- // DomDriver dd = new Gson
Object gson_obj = classManager.construct("com.google.gson.Gson");
- // return xStream.fromXML(targetToUnmarshall);
return classManager.invoke(gson_obj, "fromJson", new Object[] {str, cl});
}
@@ -117,6 +129,48 @@ public class DuccEventHttpDispatcherCl
}
public static void main(String[] args) {
try {
+ System.setProperty("DUCC_HOME","/users/cwiklik/releases/builds/uima-ducc/2.2.2/target/apache-uima-ducc-2.2.2-SNAPSHOT");
+ String[] classpath = {
+// "lib/apache-camel/xstream*",
+ "apache-uima/apache-activemq/lib/optional/xstream*",
+ "lib/google-gson/gson*",
+ };
+ ClassManager classManager = new ClassManager(classpath);
+ Class nullPermissionClaz = classManager.loadClass("com.thoughtworks.xstream.security.NullPermission");
+ Class primitiveTypePermissionClaz = classManager.loadClass("com.thoughtworks.xstream.security.PrimitiveTypePermission");
+ Object dd_obj = classManager.construct("com.thoughtworks.xstream.io.xml.DomDriver", new Object[] {null});
+
+ Object noTypePermissionObject = classManager.construct("com.thoughtworks.xstream.security.NoTypePermission");
+ Field noneField = noTypePermissionObject.getClass().getDeclaredField("NONE");
+
+ Object nullPermissionObject = classManager.construct("com.thoughtworks.xstream.security.NullPermission");
+ Field nullField = nullPermissionObject.getClass().getDeclaredField("NULL");
+
+ Object primitiveTypePermissionObject = classManager.construct("com.thoughtworks.xstream.security.PrimitiveTypePermission");
+ Field primitivesField = primitiveTypePermissionObject.getClass().getDeclaredField("PRIMITIVES");
+
+
+ Object xStream_obj = classManager.construct("com.thoughtworks.xstream.XStream", new Object[] {dd_obj});
+
+
+ Class c = classManager.loadClass("com.thoughtworks.xstream.XStream");
+ Method m = c.getDeclaredMethod("setupDefaultSecurity", new Class[] {c});
+ m.invoke(null, new Object[] {xStream_obj });
+
+ classManager.invoke(xStream_obj, "addPermission", new Object[] {noneField.get(null)});
+ classManager.invoke(xStream_obj, "addPermission", new Object[] {nullField.get(null)});
+ classManager.invoke(xStream_obj, "addPermission", new Object[] {primitivesField.get(null)});
+
+// classManager.invoke(xStream_obj, "allowTypeHierarchy", new Object[] {Collection.class});
+ classManager.invoke(xStream_obj, "allowTypesByWildcard", new Object[] {new String[] {"org.apache.uima.*"}});
+
+ Map<String,String> map = new HashMap<>();
+ String s = " Tests";
+ map.put("this", s);
+ org.apache.uima.ducc.transport.event.SubmitJobDuccEvent event1 =
+ new org.apache.uima.ducc.transport.event.SubmitJobDuccEvent(new DuccProperties(), 1);
+ String serializaedMsg = (String) classManager.invoke(xStream_obj, "toXML", new Object[] {event1});
+
DuccEventHttpDispatcherCl dispatcher =
new DuccEventHttpDispatcherCl("http://"+args[0]+":19988/or",1000*4);
SubmitJobDuccEvent duccEvent = new SubmitJobDuccEvent(null, 1);