Class XStreamHandler

java.lang.Object
org.apache.struts2.rest.handler.XStreamHandler
All Implemented Interfaces:
ContentTypeHandler

@Deprecated(since="7.2.0", forRemoval=true) public class XStreamHandler extends Object implements ContentTypeHandler
Deprecated, for removal: This API element is subject to removal in a future version.
since 7.2.0, scheduled for removal in a future major version. XStream has a long history of deserialization vulnerabilities and requires per-class allowlist maintenance. The default xml binding in struts-plugin.xml uses JacksonXmlHandler, which respects @StrutsParameter authorization via the AuthorizationAwareContentTypeHandler mechanism. Users who have explicitly overridden the xml handler to XStreamHandler should migrate to JacksonXmlHandler.
Handles XML content via the XStream library.
  • Constructor Summary

    Constructors
    Constructor
    Description
    Deprecated, for removal: This API element is subject to removal in a future version.
     
  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    addDefaultPermissions(ActionInvocation invocation, com.thoughtworks.xstream.XStream stream)
    Deprecated, for removal: This API element is subject to removal in a future version.
     
    protected com.thoughtworks.xstream.XStream
    Deprecated, for removal: This API element is subject to removal in a future version.
     
    fromObject(ActionInvocation invocation, Object obj, String resultCode, Writer out)
    Deprecated, for removal: This API element is subject to removal in a future version.
     
    Deprecated, for removal: This API element is subject to removal in a future version.
    Gets the content type for this handler
    Deprecated, for removal: This API element is subject to removal in a future version.
    Gets the extension this handler supports
    void
    toObject(ActionInvocation invocation, Reader in, Object target)
    Deprecated, for removal: This API element is subject to removal in a future version.
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • XStreamHandler

      public XStreamHandler()
      Deprecated, for removal: This API element is subject to removal in a future version.
  • Method Details

    • fromObject

      public String fromObject(ActionInvocation invocation, Object obj, String resultCode, Writer out) throws IOException
      Deprecated, for removal: This API element is subject to removal in a future version.
      Specified by:
      fromObject in interface ContentTypeHandler
      Throws:
      IOException
    • toObject

      public void toObject(ActionInvocation invocation, Reader in, Object target)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Specified by:
      toObject in interface ContentTypeHandler
    • createXStream

      protected com.thoughtworks.xstream.XStream createXStream(ActionInvocation invocation)
      Deprecated, for removal: This API element is subject to removal in a future version.
    • addDefaultPermissions

      protected void addDefaultPermissions(ActionInvocation invocation, com.thoughtworks.xstream.XStream stream)
      Deprecated, for removal: This API element is subject to removal in a future version.
    • getContentType

      public String getContentType()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Description copied from interface: ContentTypeHandler
      Gets the content type for this handler
      Specified by:
      getContentType in interface ContentTypeHandler
      Returns:
      The mime type
    • getExtension

      public String getExtension()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Description copied from interface: ContentTypeHandler
      Gets the extension this handler supports
      Specified by:
      getExtension in interface ContentTypeHandler
      Returns:
      The extension