Package org.springframework.oxm.xstream

Class CatchAllConverter

  • All Implemented Interfaces:
    com.thoughtworks.xstream.converters.Converter, com.thoughtworks.xstream.converters.ConverterMatcher
    public class CatchAllConverter
extends Object
implements com.thoughtworks.xstream.converters.Converter
    XStream Converter that supports all classes, but throws exceptions for (un)marshalling.

    The main purpose of this class is to register this converter as a catch-all last converter with a normal or higher priority, in addition to converters that explicitly handle the domain classes that should be supported. As a result, default XStream converters with lower priorities and possible security vulnerabilities do not get invoked.

    For instance: 

     XStreamMarshaller unmarshaller = new XStreamMarshaller();
 unmarshaller.getXStream().registerConverter(new MyDomainClassConverter(), XStream.PRIORITY_VERY_HIGH);
 unmarshaller.getXStream().registerConverter(new CatchAllConverter(), XStream.PRIORITY_NORMAL);
 MyDomainClass myObject = unmarshaller.unmarshal(source);
    Since:
    3.2.5
    Author:
    Arjen Poutsma

    • Method Detail

      • canConvert

        public boolean canConvert​(Class type)
        Specified by:
        canConvert in interface com.thoughtworks.xstream.converters.ConverterMatcher

      • marshal

        public void marshal​(Object source,
                    com.thoughtworks.xstream.io.HierarchicalStreamWriter writer,
                    com.thoughtworks.xstream.converters.MarshallingContext context)
        Specified by:
        marshal in interface com.thoughtworks.xstream.converters.Converter

      • unmarshal

        public Object unmarshal​(com.thoughtworks.xstream.io.HierarchicalStreamReader reader,
                        com.thoughtworks.xstream.converters.UnmarshallingContext context)
        Specified by:
        unmarshal in interface com.thoughtworks.xstream.converters.Converter