Author: cwiklik
Date: Mon Feb 12 21:04:01 2018
New Revision: 1824069

URL: http://svn.apache.org/viewvc?rev=1824069&view=rev
Log:
UIMA-5727 modified to reset xstream security to avoid warning msgs

Modified:
    
uima/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/XStreamUtils.java
    
uima/uima-ducc/trunk/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/config/ProcessManagerConfiguration.java
    
uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcher.java
    
uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcherCl.java

Modified: 
uima/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/XStreamUtils.java
URL: 
http://svn.apache.org/viewvc/uima/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/XStreamUtils.java?rev=1824069&r1=1824068&r2=1824069&view=diff
==============================================================================
--- 
uima/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/XStreamUtils.java
 (original)
+++ 
uima/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/utils/XStreamUtils.java
 Mon Feb 12 21:04:01 2018
@@ -21,20 +21,26 @@ package org.apache.uima.ducc.common.util
 import com.thoughtworks.xstream.XStream;
 import com.thoughtworks.xstream.io.xml.DomDriver;
 import com.thoughtworks.xstream.security.AnyTypePermission;
+import com.thoughtworks.xstream.security.NoTypePermission;
 
 public class XStreamUtils {
        
+       private static void initXStreanSecurity(XStream xStream) {
+               XStream.setupDefaultSecurity(xStream);
+               xStream.addPermission(NoTypePermission.NONE);
+               xStream.addPermission(AnyTypePermission.ANY);
+       }
        public static String marshall( Object targetToMarshall) throws 
Exception {
         synchronized(XStreamUtils.class) {
                XStream xStream = new XStream(new DomDriver());
-               xStream.addPermission(AnyTypePermission.ANY);
+               initXStreanSecurity(xStream);
             return xStream.toXML(targetToMarshall); 
         }
        }
        public static Object unmarshall( String targetToUnmarshall) throws 
Exception {
         synchronized(XStreamUtils.class) {
                XStream xStream = new XStream(new DomDriver());
-               xStream.addPermission(AnyTypePermission.ANY);
+               initXStreanSecurity(xStream);
                return xStream.fromXML(targetToUnmarshall);
         }
        }

Modified: 
uima/uima-ducc/trunk/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/config/ProcessManagerConfiguration.java
URL: 
http://svn.apache.org/viewvc/uima/uima-ducc/trunk/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/config/ProcessManagerConfiguration.java?rev=1824069&r1=1824068&r2=1824069&view=diff
==============================================================================
--- 
uima/uima-ducc/trunk/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/config/ProcessManagerConfiguration.java
 (original)
+++ 
uima/uima-ducc/trunk/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/config/ProcessManagerConfiguration.java
 Mon Feb 12 21:04:01 2018
@@ -28,6 +28,7 @@ import org.apache.camel.impl.DefaultClas
 import org.apache.uima.ducc.common.config.CommonConfiguration;
 import org.apache.uima.ducc.common.config.DuccBlastGuardPredicate;
 import org.apache.uima.ducc.common.utils.DuccLogger;
+import org.apache.uima.ducc.common.utils.XStreamUtils;
 import org.apache.uima.ducc.pm.ProcessManager;
 import org.apache.uima.ducc.pm.ProcessManagerComponent;
 import org.apache.uima.ducc.pm.event.ProcessManagerEventListener;
@@ -40,6 +41,7 @@ import org.springframework.context.annot
 import org.springframework.context.annotation.Import;
 
 import com.thoughtworks.xstream.XStream;
+import com.thoughtworks.xstream.security.AnyTypePermission;
 
 /**
  * A {@link ProcessManagerConfiguration} to configure Process Manager 
component. Depends on 
@@ -127,10 +129,15 @@ public class ProcessManagerConfiguration
                public void process(Exchange exchange) throws Exception {
                        String methodName="process";
                        if ( pm.getLogLevel().toLowerCase().equals("trace")) {
+                               String marshalledEvent = 
+                                               
XStreamUtils.marshall(exchange.getIn().getBody());
+                               /*
                                XStreamDataFormat xStreamDataFormat = new 
XStreamDataFormat();
                                xStreamDataFormat.setPermissions("*");
                        XStream xStream = xStreamDataFormat.getXStream(new 
DefaultClassResolver());
+                       xStream.addPermission(AnyTypePermission.ANY);
                                String marshalledEvent = 
xStream.toXML(exchange.getIn().getBody());
+                               */
                                pm.logAtTraceLevel(methodName, marshalledEvent);
                        }
 //                     if ( logger.isDebug() ) {

Modified: 
uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcher.java
URL: 
http://svn.apache.org/viewvc/uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcher.java?rev=1824069&r1=1824068&r2=1824069&view=diff
==============================================================================
--- 
uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcher.java
 (original)
+++ 
uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcher.java
 Mon Feb 12 21:04:01 2018
@@ -19,13 +19,10 @@
 package org.apache.uima.ducc.transport.dispatcher;
 
 
+import org.apache.uima.ducc.common.utils.XStreamUtils;
 import org.apache.uima.ducc.transport.event.DuccEvent;
 import org.apache.uima.ducc.transport.event.SubmitJobDuccEvent;
 import org.apache.uima.ducc.transport.event.SubmitJobReplyDuccEvent;
-
-import com.thoughtworks.xstream.XStream;
-import com.thoughtworks.xstream.io.xml.DomDriver;
-import com.thoughtworks.xstream.security.AnyTypePermission;
 /**
  * Implementation of the HTTP based dispatcher. Uses commons HTTPClient for 
  * messaging. The body of each message is converted to a String (xml format).
@@ -61,20 +58,13 @@ public class DuccEventHttpDispatcher
     String toXml(Object ev)
         throws Exception
     {        
-        DomDriver dd = new DomDriver();        
-        XStream xStream = new XStream(dd);
-        xStream.addPermission(AnyTypePermission.ANY);
-        
-        return xStream.toXML(ev);
+       return XStreamUtils.marshall(ev);
     }
 
     Object fromXml(String str)
         throws Exception
     {        
-        DomDriver dd = new DomDriver();
-        XStream xStream = new XStream(dd);
-        xStream.addPermission(AnyTypePermission.ANY);
-        return xStream.fromXML(str);
+       return XStreamUtils.unmarshall(str);
     }
 
     public static void main(String[] args) {

Modified: 
uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcherCl.java
URL: 
http://svn.apache.org/viewvc/uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcherCl.java?rev=1824069&r1=1824068&r2=1824069&view=diff
==============================================================================
--- 
uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcherCl.java
 (original)
+++ 
uima/uima-ducc/trunk/uima-ducc-transport/src/main/java/org/apache/uima/ducc/transport/dispatcher/DuccEventHttpDispatcherCl.java
 Mon Feb 12 21:04:01 2018
@@ -19,6 +19,12 @@
 package org.apache.uima.ducc.transport.dispatcher;
 
 
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.uima.ducc.common.utils.DuccProperties;
 import org.apache.uima.ducc.transport.event.DuccEvent;
 import org.apache.uima.ducc.transport.event.SubmitJobDuccEvent;
 import org.apache.uima.ducc.transport.event.SubmitJobReplyDuccEvent;
@@ -61,40 +67,46 @@ public class DuccEventHttpDispatcherCl
         classManager = new ClassManager(classpath);
     }
 
+    private void secureXStream(Object xStream_obj) throws Exception {
+        Class<?> c = 
classManager.loadClass("com.thoughtworks.xstream.XStream");
+        Method m = c.getDeclaredMethod("setupDefaultSecurity", new Class[] 
{c});
+        m.invoke(null, new Object[] {xStream_obj });
+        Object noTypePermissionObject = 
classManager.construct("com.thoughtworks.xstream.security.NoTypePermission");
+        Field noneField = 
noTypePermissionObject.getClass().getDeclaredField("NONE");
+        Object anyTypePermissionObject = 
classManager.construct("com.thoughtworks.xstream.security.AnyTypePermission");
+        Field anyField = 
anyTypePermissionObject.getClass().getDeclaredField("ANY");
+        
+        classManager.invoke(xStream_obj, "addPermission", new Object[] 
{noneField.get(null)});
+        classManager.invoke(xStream_obj, "addPermission", new Object[] 
{anyField.get(null)});
+   }
     String toXml(Object ev)
         throws Exception
     {        
-        //  DomDriver dd = new DomDriver();
-
         Object dd_obj = 
classManager.construct("com.thoughtworks.xstream.io.xml.DomDriver", new 
Object[] {null});
 
-        //    XStream xStream = new XStream(dd);
         Object   xStream_obj = 
classManager.construct("com.thoughtworks.xstream.XStream", new Object[] 
{dd_obj});
 
-        //    return xStream.toXML(ev);
-        return (String) classManager.invoke(xStream_obj, "toXML", new Object[] 
{ev});
+        secureXStream(xStream_obj);
+        String serializaedMsg =  (String) classManager.invoke(xStream_obj, 
"toXML", new Object[] {ev});
+        return serializaedMsg;
+    
     }
 
     Object fromXml(String str)
         throws Exception
     {        
-        //  DomDriver dd = new DomDriver();
         Object   dd_obj = 
classManager.construct("com.thoughtworks.xstream.io.xml.DomDriver", new 
Object[] {null});
 
-        //    XStream xStream = new XStream(dd);
         Object   xStream_obj = 
classManager.construct("com.thoughtworks.xstream.XStream", new Object[] 
{dd_obj});
-
-        //    return xStream.fromXML(str);
-        return classManager.invoke(xStream_obj, "fromXML", new Object[] 
{str});        
+        secureXStream(xStream_obj);
+       return classManager.invoke(xStream_obj, "fromXML", new Object[] {str}); 
       
     }
 
     Object fromJson(String str, Class<?> cl)
         throws Exception
     {        
-       //  DomDriver dd = new Gson
         Object   gson_obj = classManager.construct("com.google.gson.Gson");
 
-        //    return xStream.fromXML(targetToUnmarshall);
         return classManager.invoke(gson_obj, "fromJson", new Object[] {str, 
cl});        
     }
 
@@ -117,6 +129,48 @@ public class DuccEventHttpDispatcherCl
     }
     public static void main(String[] args) {
         try {
+               
System.setProperty("DUCC_HOME","/users/cwiklik/releases/builds/uima-ducc/2.2.2/target/apache-uima-ducc-2.2.2-SNAPSHOT");
+               String[] classpath = {
+//                  "lib/apache-camel/xstream*",
+              "apache-uima/apache-activemq/lib/optional/xstream*",
+              "lib/google-gson/gson*",
+          };      
+               ClassManager classManager = new ClassManager(classpath);
+            Class nullPermissionClaz = 
classManager.loadClass("com.thoughtworks.xstream.security.NullPermission");
+            Class primitiveTypePermissionClaz = 
classManager.loadClass("com.thoughtworks.xstream.security.PrimitiveTypePermission");
+            Object dd_obj = 
classManager.construct("com.thoughtworks.xstream.io.xml.DomDriver", new 
Object[] {null});
+            
+            Object noTypePermissionObject = 
classManager.construct("com.thoughtworks.xstream.security.NoTypePermission");
+            Field noneField = 
noTypePermissionObject.getClass().getDeclaredField("NONE");
+            
+            Object nullPermissionObject = 
classManager.construct("com.thoughtworks.xstream.security.NullPermission");
+            Field nullField = 
nullPermissionObject.getClass().getDeclaredField("NULL");
+
+            Object primitiveTypePermissionObject = 
classManager.construct("com.thoughtworks.xstream.security.PrimitiveTypePermission");
+            Field primitivesField = 
primitiveTypePermissionObject.getClass().getDeclaredField("PRIMITIVES");
+
+            
+            Object   xStream_obj = 
classManager.construct("com.thoughtworks.xstream.XStream", new Object[] 
{dd_obj});
+            
+            
+            Class c = 
classManager.loadClass("com.thoughtworks.xstream.XStream");
+            Method m = c.getDeclaredMethod("setupDefaultSecurity", new Class[] 
{c});
+            m.invoke(null, new Object[] {xStream_obj });
+
+            classManager.invoke(xStream_obj, "addPermission", new Object[] 
{noneField.get(null)});
+            classManager.invoke(xStream_obj, "addPermission", new Object[] 
{nullField.get(null)});
+            classManager.invoke(xStream_obj, "addPermission", new Object[] 
{primitivesField.get(null)});
+            
+//            classManager.invoke(xStream_obj, "allowTypeHierarchy", new 
Object[] {Collection.class});
+            classManager.invoke(xStream_obj, "allowTypesByWildcard", new 
Object[] {new String[] {"org.apache.uima.*"}});
+
+            Map<String,String> map = new HashMap<>();
+            String s = " Tests";
+            map.put("this", s);
+            org.apache.uima.ducc.transport.event.SubmitJobDuccEvent event1 = 
+                       new 
org.apache.uima.ducc.transport.event.SubmitJobDuccEvent(new DuccProperties(), 
1);
+            String serializaedMsg =  (String) classManager.invoke(xStream_obj, 
"toXML", new Object[] {event1});
+            
             DuccEventHttpDispatcherCl dispatcher = 
                 new 
DuccEventHttpDispatcherCl("http://"+args[0]+":19988/or",1000*4);
             SubmitJobDuccEvent duccEvent = new SubmitJobDuccEvent(null, 1);


Reply via email to