public class CatchAllConverter
extends java.lang.Object
Converter
that supports all classes but throws exceptions
for (un)marshalling.
Main purpose of this class is to register this converter as a catch-all converter with a normal or higher priority, in addition to converters that explicitly support the domain classes that should be supported. As a result, default XStream converters with lower priorities and possible security vulnerabilities do not get invoked.
For instance:
XStreamMarshaller unmarshaller = new XStreamMarshaller(); unmarshaller.getXStream().registerConverter(new MyDomainClassConverter(), XStream.PRIORITY_VERY_HIGH); unmarshaller.getXStream().registerConverter(new CatchAllConverter(), XStream.PRIORITY_NORMAL); MyDomainClass o = unmarshaller.unmarshal(source);
Constructor and Description |
---|
CatchAllConverter() |
Modifier and Type | Method and Description |
---|---|
boolean |
canConvert(java.lang.Class type) |
void |
marshal(java.lang.Object source,
HierarchicalStreamWriter writer,
MarshallingContext context) |
java.lang.Object |
unmarshal(HierarchicalStreamReader reader,
UnmarshallingContext context) |