CatchAllConverter()
XStream Converter that supports all classes, but throws exceptions for (un)marshalling.
The main purpose of this class is to register this converter as a catch-all last converter with a normal or higher priority, in addition to converters that explicitly handle the domain classes that should be supported. As a result, default XStream converters with lower priorities and possible security vulnerabilities do not get invoked.
For instance:
XStreamMarshaller unmarshaller = new XStreamMarshaller(); unmarshaller.getXStream().registerConverter(new MyDomainClassConverter(), XStream.PRIORITY_VERY_HIGH); unmarshaller.getXStream().registerConverter(new CatchAllConverter(), XStream.PRIORITY_NORMAL); MyDomainClass myObject = unmarshaller.unmarshal(source); Author
Arjen Poutsma
Since
3.2.5