xstream icon indicating copy to clipboard operation
xstream copied to clipboard

Published 20 hours ago verified publisher icon x-stream

Security by class fields

Open thhart opened this issue 4 years ago • 1 comments

It would be nice to initialize the security to allow all classes recursively which are referenced members of a class? Or would this harm any security considerations?

thhart avatar May 29 '20 10:05 thhart

Actually, it is always your configuration of XStream. It would be your own risk to use such a functionality. Said that, if you know your object graph, why not. The types with XStream annotations are found the same way. There's actually another proposal to allow automatically all annotated types. You will have just to consider that XStream will test the types against the concrete Java type, which will be rejected if the member is declared e.g. using an interface.

joehni avatar May 29 '20 17:05 joehni