XStream的介绍
XStream是一种OXMapping 技术,是用来处理XML文件序列化的框架,在将JavaBean序列化,或将XML文件反序列化的时候,不需要其它辅助类和映射文件,使得XML序列化不再繁索。XStream也可以将JavaBean序列化成Json或反序列化,使用非常方便。
使用问题及解决方法
## 使用时抛出警告
XStream1.4.10 出现警告:Security framework of XStream not initialized, XStream is probably vulnerable
XStream的安全框架没有初始化,xstream 容易受攻击
## 解决方法:
XStream对象设置默认安全防护,同时设置允许的类
---------------------------我是分割线,代码如下--------------------------
'''
XStream xStream = new XStream();
xStream.setupDefaultSecurity(xStream);
xStream.allowTypes(new Class[]{Person.class});
'''
XStream的基本使用
pom依赖
'''
com.thoughtworks.xstream
xstream
1.4.10
'''
Xstream序列化XML
'''
XStream xStream = new XStream(new StaxDriver());
xStream.setupDefaultSecurity(xStream);
xStream.allowTypes(new Class[]{Person.class});
Person bean = new Person("杨大壮",18);
xStream.alias("人",Person.class);
//XML序列化
String xml = xStream.toXML(bean);
System.out.println(xml);
//XML反序列化
bean=(Person)xStream.fromXML(xml);
System.out.println(bean);
'''
程序运行结果:
<人>
Person [name=杨大壮, age=18]
Xstream序列化Json
注意:Xstream序列化Json时,需要引入jettison-[version].jar
'''
org.codehaus.jettison
jettison
1.4.0
'''
'''
XStream xstream = new XStream(new JettisonMappedXmlDriver());//设置Json解析器
xstream.setMode(XStream.NO_REFERENCES);//设置reference模型,不引用
Person bean=new Person("杨大壮",20);
xstream.alias("人",Person.class);//为类名节点重命名
//Json序列化
String xml = xstream.toXML(bean);
System.out.println(xml);
//Json反序列化
bean=(Person)xstream.fromXML(xml);
System.out.println(bean);
'''
运行结果:
{"人":{"name":"杨大壮","age":20}}
Person [name=杨大壮, age=20]
Xstream注解的使用
设置Xstream应用注解
XStream xstream = new XStream();
xstream.processAnnotations(Person.class);
xstream.autodetectAnnotations(true);
重命名注解:@XStreamAlias()
@XStreamAlias("人")
class Person {
@XStreamAlias("姓名")
private String name;
@XStreamAlias("年龄")
private int age;
@XStreamAlias("朋友")
private List friends;
public Person(String name, int age, String... friends) {
this.name = name;
this.age = age;
this.friends = Arrays.asList(friends);
}
@Override
public String toString() {
return "Person [name=" + name + ", age=" + age + ", friends=" + friends + "]";
}
}
···
程序运行结果:
<人>
<姓名>杨大壮
<年龄>20
<朋友 class="java.util.Arrays$ArrayList">
李四
王五
赵六
Person [name=杨大壮, age=20, friends=[李四, 王五, 赵六]]
##把字段节点设置成属性:@XStreamAsAttribute
class Person {
@XStreamAsAttribute
private String name;
@XStreamAsAttribute
private int age;
private List friends;
public Person(String name, int age, String... friends) {
this.name = name;
this.age = age;
this.friends = Arrays.asList(friends);
}
@Override
public String toString() {
return "Person [name=" + name + ", age=" + age + ", friends=" + friends + "]";
}
}
程序运行结果:
李四
王五
赵六
Person [name=杨大壮, age=20, friends=[李四, 王五, 赵六]]
## Xstream对象流的使用
**Xstream对象输出流**
class Person {
private String name;
private int age;
public Person(String name, int age) {
this.name = name;
this.age = age;
}
}
public class Test {
public static void main(String[] args) throws IOException {
XStream xstream = new XStream();
ObjectOutputStream out = xstream.createObjectOutputStream(System.out);
out.writeObject(new Person("张三",12));
out.writeObject(new Person("李四",19));
out.writeObject("Hello");
out.writeInt(12345);
out.close();
}
}
程序运行结果:
张三
12
李四
19
Hello
12345
**Xstream对象输出流**
class Person {
private String name;
private int age;
public Person(String name, int age)
{
this.name = name;
this.age = age;
}
@Override
public String toString() {
return "Person [name=" + name + ", age=" + age + "]";
}
}
public class Test {
public static void main(String[] args) throws IOException, ClassNotFoundException {
String s="张三 12 12345