From 6593d7fb3682943a607e34f379dab39a05785e8e Mon Sep 17 00:00:00 2001 From: Ray Lee Date: Wed, 12 Apr 2023 17:37:51 -0400 Subject: [PATCH] Bump xstream from 1.4.10 to 1.4.19 in /services/id/service Whitelist the required id generator classes, as xstream has switched to a default whitelist instead of a default blacklist. --- services/id/service/pom.xml | 2 +- .../services/id/IDGeneratorSerializer.java | 28 ++++++++++++------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/services/id/service/pom.xml b/services/id/service/pom.xml index 4e85b3a8c..494c4d1c8 100644 --- a/services/id/service/pom.xml +++ b/services/id/service/pom.xml @@ -64,7 +64,7 @@ com.thoughtworks.xstream xstream - 1.4.10 + 1.4.19 diff --git a/services/id/service/src/main/java/org/collectionspace/services/id/IDGeneratorSerializer.java b/services/id/service/src/main/java/org/collectionspace/services/id/IDGeneratorSerializer.java index fc0c57567..4f455500c 100644 --- a/services/id/service/src/main/java/org/collectionspace/services/id/IDGeneratorSerializer.java +++ b/services/id/service/src/main/java/org/collectionspace/services/id/IDGeneratorSerializer.java @@ -14,7 +14,7 @@ * You may obtain a copy of the ECL 2.0 License at * https://source.collectionspace.org/collection-space/LICENSE.txt */ - + // @TODO: Revise exception handling to return custom Exceptions, // perhaps mirroring the subset of HTTP status codes returned. // @@ -28,6 +28,8 @@ import com.thoughtworks.xstream.XStreamException; import com.thoughtworks.xstream.io.xml.DomDriver; import org.collectionspace.services.common.document.BadRequestException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** @@ -39,11 +41,12 @@ import org.collectionspace.services.common.document.BadRequestException; * $LastChangedDate$ */ public class IDGeneratorSerializer { + static final Logger logger = LoggerFactory.getLogger(IDGeneratorSerializer.class); ////////////////////////////////////////////////////////////////////// /** * Constructor (no-argument). - */ + */ public void IDGeneratorSerializer() { } @@ -60,13 +63,13 @@ public class IDGeneratorSerializer { */ public static String serialize(SettableIDGenerator generator) throws BadRequestException { - + if (generator == null) { throw new BadRequestException("ID generator cannot be null."); } - - XStream xstream = new XStream(new DomDriver()); - + + XStream xstream = new XStream(new DomDriver()); + String serializedGenerator = ""; try { serializedGenerator = xstream.toXML(generator); @@ -74,9 +77,9 @@ public class IDGeneratorSerializer { throw new BadRequestException( "Could not convert ID generator to XML for storage in database."); } - + return serializedGenerator; - + } ////////////////////////////////////////////////////////////////////// @@ -99,16 +102,21 @@ public class IDGeneratorSerializer { XStream xstream = new XStream(new DomDriver()); + xstream.allowTypeHierarchy(IDGenerator.class); + xstream.allowTypeHierarchy(IDGeneratorPart.class); + SettableIDGenerator generator; try { generator = (SettableIDGenerator) xstream.fromXML(serializedGenerator); } catch (XStreamException e) { + logger.error(e.getMessage(), e); + throw new BadRequestException( "Could not understand or parse this representation of an ID generator.", e); } return generator; - + } - + } -- 2.47.3