You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by Chandan Singh <ma...@gmail.com> on 2023/05/15 18:53:04 UTC
System.proerties setting to set xtream(1.4.20) permission Globaly in Apache karaf 4.3.7
Hi All ,
Any idea how to set permissions for xtream packages to avoid the
forbidden exception as shown
below
Caused by: com.thoughtworks.xstream.security.ForbiddenClassException:
com.xx.xx.xx.parser.MyClass
at
com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
~[!/:?]
at
com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74)
~[!/:?]
at
com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125)
~[!/:?]
at
com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47)
~[!/:?]
at
com.thoughtworks.xstream.core.util.HierarchicalStreams.readClassType(HierarchicalStreams.java:29)
~[!/:?]
at
com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:135)
~[!/:?]
at
com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
~[!/:?]
at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1464)
~[!/:?]
at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1441)
~[!/:?]
at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1321)
~[!/:?]
at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1312)
~[!/:?]
I had the below seeting in pas Karaf System.properties and it used to
work in earlier versions .
org.apache.camel.xstream.permissions=com.xx.xx.**,java.lang.*,java.util.**
*com.thoughtworks.xstream.permissions=com.xx.xx.*,java.lang.*,java.util.* *
*Please advice if the there is any change in Syntax or any other config
required ? *
*Regards*
*Chandan*
Re: System.proerties setting to set xtream(1.4.20) permission Globaly in Apache karaf 4.3.7
Posted by Łukasz Dywicki <lu...@code-house.org>.
When you construct XStream mapper instance you can pass a whitelist for
permitted packages and/or types. This error comes from XStream itself.
An example of security settings for XStream:
https://github.com/opensmarthouse/opensmarthouse-core/blob/7a5fac046a6c110f5c85721b0e279916db6a18cf/bundles/org.opensmarthouse.core.binding.xml/src/main/java/org/openhab/core/binding/xml/internal/BindingInfoReader.java#L89
Best,
Łukasz
On 16.05.2023 16:00, Chandan Singh wrote:
>
> Hi All ,
>
> Any inputs on this , We want to set the permission globally on karaf
> to avoid setting at each Class level .
>
> On Tue, May 16, 2023 at 12:23 AM Chandan Singh
> <mailbox.chandansingh@gmail.com <ma...@gmail.com>>
> wrote:
>
>
> Hi All ,
>
> Any idea how to set permissions for xtream packages to avoid the
> forbidden exception as shown
> below
>
>
> Caused by:
> com.thoughtworks.xstream.security.ForbiddenClassException:
> com.xx.xx.xx.parser.MyClass
>
> at
> com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26) ~[!/:?]
>
> at
> com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74) ~[!/:?]
>
> at
> com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125) ~[!/:?]
>
> at
> com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47) ~[!/:?]
>
> at
> com.thoughtworks.xstream.core.util.HierarchicalStreams.readClassType(HierarchicalStreams.java:29) ~[!/:?]
>
> at
> com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:135) ~[!/:?]
>
> at
> com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32) ~[!/:?]
>
> at
> com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1464) ~[!/:?]
>
> at
> com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1441) ~[!/:?]
>
> at
> com.thoughtworks.xstream.XStream.fromXML(XStream.java:1321) ~[!/:?]
>
> at
> com.thoughtworks.xstream.XStream.fromXML(XStream.java:1312) ~[!/:?]
>
>
>
> I had the below seeting in pas Karaf System.properties and it
> used to work in earlier versions .
>
>
> org.apache.camel.xstream.permissions=com.xx.xx.**,java.lang.*,java.util.**
> *com.thoughtworks.xstream.permissions=com.xx.xx.*,java.lang.*,java.util.* *
> *
> *
> *
> *
> *Please advice if the there is any change in Syntax or any other
> config required ? *
> *
> *
> *
> *
> *Regards*
> *Chandan*
>
Re: System.proerties setting to set xtream(1.4.20) permission Globaly in Apache karaf 4.3.7
Posted by Chandan Singh <ma...@gmail.com>.
Hi All ,
Any inputs on this , We want to set the permission globally on karaf to
avoid setting at each Class level .
On Tue, May 16, 2023 at 12:23 AM Chandan Singh <
mailbox.chandansingh@gmail.com> wrote:
>
> Hi All ,
>
> Any idea how to set permissions for xtream packages to avoid the
> forbidden exception as shown
> below
>
>
> Caused by: com.thoughtworks.xstream.security.ForbiddenClassException:
> com.xx.xx.xx.parser.MyClass
>
> at
> com.thoughtworks.xstream.security.NoTypePermission.allows(NoTypePermission.java:26)
> ~[!/:?]
>
> at
> com.thoughtworks.xstream.mapper.SecurityMapper.realClass(SecurityMapper.java:74)
> ~[!/:?]
>
> at
> com.thoughtworks.xstream.mapper.MapperWrapper.realClass(MapperWrapper.java:125)
> ~[!/:?]
>
> at
> com.thoughtworks.xstream.mapper.CachingMapper.realClass(CachingMapper.java:47)
> ~[!/:?]
>
> at
> com.thoughtworks.xstream.core.util.HierarchicalStreams.readClassType(HierarchicalStreams.java:29)
> ~[!/:?]
>
> at
> com.thoughtworks.xstream.core.TreeUnmarshaller.start(TreeUnmarshaller.java:135)
> ~[!/:?]
>
> at
> com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.unmarshal(AbstractTreeMarshallingStrategy.java:32)
> ~[!/:?]
>
> at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1464)
> ~[!/:?]
>
> at com.thoughtworks.xstream.XStream.unmarshal(XStream.java:1441)
> ~[!/:?]
>
> at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1321)
> ~[!/:?]
>
> at com.thoughtworks.xstream.XStream.fromXML(XStream.java:1312)
> ~[!/:?]
>
>
> I had the below seeting in pas Karaf System.properties and it used to
> work in earlier versions .
>
>
> org.apache.camel.xstream.permissions=com.xx.xx.**,java.lang.*,java.util.**
>
> *com.thoughtworks.xstream.permissions=com.xx.xx.*,java.lang.*,java.util.* *
>
>
> *Please advice if the there is any change in Syntax or any other config
> required ? *
>
>
> *Regards*
> *Chandan*
>