Developer
News and Updates
Get Support
Sign in
Developer
Get Support
Sign in
DOCUMENTATION
Cloud
Data Center
Resources
News and Updates
Get support
Sign in
Developer
Sign in
DOCUMENTATION
Cloud
Data Center
Resources
News and Updates
Get support
Sign in
Last updated Sep 25, 2025

Usage Examples

Allowlist Mode (Recommended)

1
2
import com.atlassian.security.serialblocklist.xstream.BlocklistRestrictedXStream;

// Create secure XStream instance
XStream xstream = new BlocklistRestrictedXStream();

// Explicitly allow your application's types
xstream.allowTypes(new Class<?>[] { 
    UserProfile.class, 
    ApplicationConfig.class,
    CacheEntry.class 
});

// Allow common collection types
xstream.allowTypeHierarchy(Collection.class);
xstream.allowTypeHierarchy(Map.class);

// Safe serialization/deserialization
UserProfile user = new UserProfile("john", "john@example.com");
String xml = xstream.toXML(user);
UserProfile restored = (UserProfile) xstream.fromXML(xml);

Blocklist Mode (Migration)

1
2
import com.thoughtworks.xstream.security.AnyTypePermission;

// Create XStream with blocklist protection
XStream xstream = new BlocklistRestrictedXStream();
xstream.addPermission(AnyTypePermission.ANY);

// Can process any type except blocklisted ones
String xml = xstream.toXML(anyObject);
Object restored = xstream.fromXML(xml);

Rate this page: