001/* 002 * Copyright 2002-2016 the original author or authors. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * https://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017package org.springframework.oxm.xstream; 018 019import com.thoughtworks.xstream.converters.Converter; 020import com.thoughtworks.xstream.converters.MarshallingContext; 021import com.thoughtworks.xstream.converters.UnmarshallingContext; 022import com.thoughtworks.xstream.io.HierarchicalStreamReader; 023import com.thoughtworks.xstream.io.HierarchicalStreamWriter; 024 025/** 026 * XStream {@link Converter} that supports all classes, but throws exceptions for 027 * (un)marshalling. 028 * 029 * <p>The main purpose of this class is to 030 * {@linkplain com.thoughtworks.xstream.XStream#registerConverter(com.thoughtworks.xstream.converters.Converter, int) register} 031 * this converter as a catch-all last converter with a 032 * {@linkplain com.thoughtworks.xstream.XStream#PRIORITY_NORMAL normal} 033 * or higher priority, in addition to converters that explicitly handle the domain 034 * classes that should be supported. As a result, default XStream converters with 035 * lower priorities and possible security vulnerabilities do not get invoked. 036 * 037 * <p>For instance: 038 * <pre class="code"> 039 * XStreamMarshaller unmarshaller = new XStreamMarshaller(); 040 * unmarshaller.getXStream().registerConverter(new MyDomainClassConverter(), XStream.PRIORITY_VERY_HIGH); 041 * unmarshaller.getXStream().registerConverter(new CatchAllConverter(), XStream.PRIORITY_NORMAL); 042 * MyDomainClass myObject = unmarshaller.unmarshal(source); 043 * </pre 044 * 045 * @author Arjen Poutsma 046 * @since 3.2.5 047 */ 048public class CatchAllConverter implements Converter { 049 050 @Override 051 @SuppressWarnings("rawtypes") 052 public boolean canConvert(Class type) { 053 return true; 054 } 055 056 @Override 057 public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) { 058 throw new UnsupportedOperationException("Marshalling not supported"); 059 } 060 061 @Override 062 public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) { 063 throw new UnsupportedOperationException("Unmarshalling not supported"); 064 } 065 066}