前言
第一次接觸Xstream,是在做一個socket通信的項目,由於是二次重新開發,所以有部分代碼沿用了原來的代碼(改造前用的webservice),其中xml字符串轉換為對象,以及對象轉換為xml字符串的代碼用到了這個包,所以我也就照葫蘆畫瓢,最終把項目順利做完了,由於沒有遇到什么問題,所以也就沒有對Xstream做深入的了解和探索,直到前幾天又接手到一個新的項目,里面接口調用涉及到同樣的業務需求,然后就再次想到Xstream,然后很自然地遇到了一些問題,所以也就有了這篇文章,好了,廢話少說,直接開始吧。
過程:我太難了^|^
由於上次用過,所以我就自以為輕車熟路的開始了,下面是收到的消息體(也就是需要轉換成對象的xml字符串):
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<result>
<message>認證成功</message>
<data>
<AAC003>張三</AAC003>
<AAC002>610123456789012345</AAC002>
</data>
<code>1</code>
</result>
然后我就按照自己的理解,創建了消息體對象:
// 為了方便,我省略了get/set方法,一下同
// 文件名: MsgText.java
public class MsgText {
private Result result;// 結果
}
// 文件名: Result.java
public class Result {
private String message;// 消息
private Data data; // 數據
private String code; // 消息代碼
}
// 文件名: Data.java
public class Data {
private String AAC003;
private String AAC002;
}
下面是業務代碼,也是以及我的理解寫:
String result = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?><result><message>認證成功</message><data><AAC003>張三</AAC003><AAC002>610123456789012345</AAC002></data><code>1</code></result>";
XStream xstream = new XStream(new StaxDriver());
xstream.alias("MsgText", MsgText.class);
MsgText fromXML = (MsgText)xstream.fromXML(result);
毫無疑問地報錯,以下是報錯信息:
Security framework of XStream not initialized, XStream is probably vulnerable.
Exception in thread "main" com.thoughtworks.xstream.mapper.CannotResolveClassException: result
經過查找資料,第一行錯誤是初始化失敗,查到的資料如下:
意思是:xstream 的安全框架沒有初始化,xstream 容易受攻擊。
解決方法:xStream對象設置默認安全防護,同時設置允許的類
解決代碼如下:
XStream.setupDefaultSecurity(xStream); // 其中xStream是你實例的XStream的變量名,這是個靜態方法
xStream.allowTypes(new Class[]{Test.class, Test1.class});
設置完成后,第二行依然報錯,查了很多資料,問題依然沒有解決,然后我打算按照自己的理解先做一些嘗試,然后在設置別名那里增加了一行代碼:
xstream.alias("Result", Result.class);
錯誤依舊,然后我又加入了一行代碼:
xstream.alias("Data", Data.class);
可依然還是相同的錯誤,我都快瘋了,但問題總是要解決吧,可能是運氣好,我都不知道自己怎么想到的,覺得可能是alias方法的大小寫有問題,然后就經過N次的嘗試和摸索,終於報錯變了,變成類轉換異常:
代碼如下:
XStream xstream = new XStream(new StaxDriver());
xstream.alias("msgtext", MsgText.class);
xstream.alias("result", Result.class);
xstream.alias("data", Data.class);
Class<?>[] classes = new Class[] { MsgText.class, Result.class,Data.class };
XStream.setupDefaultSecurity(xstream);
xstream.allowTypes(classes);
MsgText fromXML = (MsgText)xstream.fromXML(result);
錯誤如下:
Exception in thread "main" java.lang.ClassCastException: lss.test.reckoner.util.Result cannot be cast to lss.test.reckoner.ejb.MsgText
at lss.test.reckoner.ejb.Test.main(Test.java:20)
然后,這時候我才恍然大悟,原來報文根對象必須是根節點(result),接着我把最后一行代碼改成如下:
Result fromXML = (Result)xstream.fromXML(result);
然后就再也不報錯了,接着我覺得那應該和msgtext和data都沒有關系,然后刪除了下面的代碼:
xstream.alias("msgtext", MsgText.class);
xstream.alias("data", Data.class);
也把這里:
Class<?>[] classes = new Class[] { MsgText.class, Result.class,Data.class };
改成:
Class<?>[] classes = new Class[] { Result.class};
到此問題已經完美解決了
總結
-
xml對象對應的是xml字符串的根節點,本例中就是Result,而不是我理解的MsgText
-
xstream.alias("msgtext", MsgText.class)這個方法設置別名對應是xml的節點名,大小寫要一致
拓展
這里再拓展些xstream的知識點
關於XStream
XStream是一個簡單的庫,用於將對象序列化為XML並再次返回。
特征
- 使用方便。提供高級外觀,簡化了常見用例。
- 不需要映射。大多數對象都可以序列化,而無需指定映射。
- 性能。速度和低內存占用是設計的關鍵部分,使其適用於具有高消息吞吐量的大型對象圖或系統。
- 清潔XML。沒有重復的信息可以通過反射獲得。這導致XML更容易為人類閱讀,並且比本機Java序列化更緊湊。
- 不需要修改對象。序列化內部字段,包括私有和最終字段。支持非公開和內部類。類不需要具有默認構造函數。
- 完整對象圖支持。將維護在對象模型中遇到的重復引用。支持循環引用。
- 與其他XML API集成。通過實現接口,XStream可以直接與任何樹結構(而不僅僅是XML)進行串行化。
- 可定制的轉換策略。可以注冊策略,允許自定義特定類型如何表示為XML。
- 安全框架。對未編組類型進行精細控制,以防止受操縱輸入的安全問題。
- 錯誤消息。當由於格式錯誤的XML而發生異常時,會提供詳細的診斷信息以幫助隔離和修復問題。
- 替代輸出格式。模塊化設計允許其他輸出格式。XStream目前提供JSON支持和變形。
使用
創建XStream 對象
有兩種創建方式:
- 第一種:不需要XPP3庫 開始使用Java6
XStream xstream = new XStream(new StaxDriver());
- 第二種:需要XPP3庫
XStream xstream = new XStream();//需要XPP3庫
注意: Xstream序列化XML時需要引用的jar包:xstream-[version].jar、xpp3-[version].jar、xmlpull-[version].jar。Xstream序列化Json需要引用的jar包:jettison-[version].jar。
使用Xstream序列化時,對JavaBean沒有任何限制。JavaBean的字段可以是私有的,也可以沒有getter或setter方法,還可以沒有默認的構造函數。
1. 序列化對象
(1) Xstream序列化XML
public class Test
{
public static void main(String[] args)
{
Person bean=new Person("張三",19);
//XStream xstream = new XStream();//需要XPP3庫
//XStream xstream = new XStream(new DomDriver());//不需要XPP3庫
XStream xstream = new XStream(new StaxDriver());//不需要XPP3庫開始使用Java6
xstream.alias("人",Person.class);//為類名節點重命名
//XML序列化
String xml = xstream.toXML(bean);
System.out.println(xml);
//XML反序列化
bean=(Person)xstream.fromXML(xml);
System.out.println(bean);
}
}
(2) Xstream序列化Json
Xstream序列化Json與序列化XML類似,例如:
public class Test
{
public static void main(String[] args)
{
Person bean=new Person("張三",19);
XStream xstream = new XStream(new JettisonMappedXmlDriver());//設置Json解析器
xstream.setMode(XStream.NO_REFERENCES);//設置reference模型,不引用
xstream.alias("人",Person.class);//為類名節點重命名
//Json序列化
String xml = xstream.toXML(bean);
System.out.println(xml);
//Json反序列化
bean=(Person)xstream.fromXML(xml);
System.out.println(bean);
}
}
2. 反序列化XML獲得對象。
public class Test {
public static void main(String[] args) {
String msgtext = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?><result><message>認證成功</message><data><AAC003>張三</AAC003><AAC002>610123456789012345</AAC002></data><code>1</code></result>";
XStream xstream = new XStream(new StaxDriver());
xstream.alias("result", Result.class);
Class<?>[] classes = new Class[] { Result.class};
XStream.setupDefaultSecurity(xstream);
xstream.allowTypes(classes);
Result fromXML = (Result)xstream.fromXML(msgtext);
System.out.println(fromXML);
}
}
public class Result {
private String message;
private Data data;
private String code;
private String appmsg;
private String appcode;
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
public Data getData() {
return data;
}
public void setData(Data data) {
this.data = data;
}
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
public String getAppmsg() {
return appmsg;
}
public void setAppmsg(String appmsg) {
this.appmsg = appmsg;
}
public String getAppcode() {
return appcode;
}
public void setAppcode(String appcode) {
this.appcode = appcode;
}
}
3.Xstream序列化重命名
(1)為包重命名:Xstream.aliasPackage()方法
public class Test
{
public static void main(String[] args)
{
Person bean=new Person("張三",19);
XStream xstream = new XStream();
xstream.aliasPackage("com.lzw", "test");//為包名稱重命名
//序列化
String xml = xstream.toXML(bean);
System.out.println(xml);
//反序列化
bean=(Person)xstream.fromXML(xml);
System.out.println(bean);
}
}
(2)為類重命名:Xstream.alias()方法
public class Test
{
public static void main(String[] args)
{
Person bean=new Person("張三",19);
XStream xstream = new XStream();
xstream.alias("人", Person.class);//為類名節點重命名
//序列化
String xml = xstream.toXML(bean);
System.out.println(xml);
//反序列化
bean=(Person)xstream.fromXML(xml);
System.out.println(bean);
}
}
(3)為字段重命名:Xstream.aliasField()方法
public class Test
{
public static void main(String[] args)
{
Person bean=new Person("張三",19);
XStream xstream = new XStream();
xstream.aliasField("姓名", Person.class,"name");//為類的字段節點重命名
xstream.aliasField("年齡", Person.class,"age");//為類的字段節點重命名
//序列化
String xml = xstream.toXML(bean);
System.out.println(xml);
//反序列化
bean=(Person)xstream.fromXML(xml);
System.out.println(bean);
}
}
(4)省略集合根節點:Xstream.addImplicitCollection()方法
class Person
{
private String name;
private int age;
private List friends;
public Person(String name, int age, String... friends)
{
this.name = name;
this.age = age;
this.friends = Arrays.asList(friends);
}
@Override
public String toString()
{
return "Person [name=" + name + ", age=" + age + ", friends=" + friends + "]";
}
}
public class Test
{
public static void main(String[] args)
{
Person bean =new Person("張三",19,"李四","王五","趙六");
XStream xstream = new XStream();
xstream.addImplicitCollection(Person.class, "friends");//省略集合根節點
//序列化
String xml = xstream.toXML(bean);
System.out.println(xml);
//反序列化
bean=(Person)xstream.fromXML(xml);
System.out.println(bean);
}
}
(5)把字段節點設置成屬性:Xstream.useAttributeFor()方法
public class Test
{
public static void main(String[] args)
{
Person bean =new Person("張三",19,"李四","王五","趙六");
XStream xstream = new XStream();
xstream.useAttributeFor(Person.class, "name");//把字段節點設置成屬性
//序列化
String xml = xstream.toXML(bean);
System.out.println(xml);
//反序列化
bean=(Person)xstream.fromXML(xml);
System.out.println(bean);
}
}
(6)隱藏字段:xstream.omitField()方法
public class Test
{
public static void main(String[] args)
{
Person bean =new Person("張三",19,"李四","王五","趙六");
XStream xstream = new XStream();
xstream.omitField(Person.class, "friends");//把字段節點隱藏
//序列化
String xml = xstream.toXML(bean);
System.out.println(xml);
//反序列化
bean=(Person)xstream.fromXML(xml);
System.out.println(bean);
}
}
4.Xstream注解的使用
(1)設置Xstream應用注解
使用Xstream注解前需要對Xstream進行配置,可以使用兩種方式:應用某個JavaBean類的注解或自動使用JavaBean類的注解。代碼如下:
XStream xstream = new XStream();
xstream.processAnnotations(Person.class);//應用Person類的注解
xstream.autodetectAnnotations(true);//自動檢測注解
(2)重命名注解:@XStreamAlias()
@XStreamAlias("人")
class Person
{
@XStreamAlias("姓名")
private String name;
@XStreamAlias("年齡")
private int age;
@XStreamAlias("朋友")
private List friends;
public Person(String name, int age, String... friends)
{
this.name = name;
this.age = age;
this.friends = Arrays.asList(friends);
}
@Override
public String toString()
{
return "Person [name=" + name + ", age=" + age + ", friends=" + friends + "]";
}
}
(3)省略集合根節點:@XStreamImplicit
class Person
{
private String name;
private int age;
//@XStreamImplicit//只隱藏集合根節點
@XStreamImplicit(itemFieldName="朋友")//設置重復的節點名,可能會導致無法反序列化
private List<String> friends;
public Person(String name, int age, String... friends)
{
this.name = name;
this.age = age;
this.friends = Arrays.asList(friends);
}
@Override
public String toString()
{
return "Person [name=" + name + ", age=" + age + ", friends=" + friends + "]";
}
}
(4)把字段節點設置成屬性:@XStreamAsAttribute
class Person
{
@XStreamAsAttribute
private String name;
@XStreamAsAttribute
private int age;
private List<String> friends;
public Person(String name, int age, String... friends)
{
this.name = name;
this.age = age;
this.friends = Arrays.asList(friends);
}
@Override
public String toString()
{
return "Person [name=" + name + ", age=" + age + ", friends=" + friends + "]";
}
}
(5)隱藏字段:@XStreamOmitField
class Person
{
private String name;
private int age;
@XStreamOmitField
private List<String> friends;
public Person(String name, int age, String... friends)
{
this.name = name;
this.age = age;
this.friends = Arrays.asList(friends);
}
@Override
public String toString()
{
return "Person [name=" + name + ", age=" + age + ", friends=" + friends + "]";
}
}
(6)設置轉換器:@XStreamConverter()
class Person
{
private String name;
private int age;
@XStreamConverter(value=BooleanConverter.class,booleans={false},strings={"男","女"})
private boolean sex;
public Person(String name, int age, boolean sex)
{
this.name = name;
this.age = age;
this.sex=sex;
}
@Override
public String toString()
{
return "Person [name=" + name + ", age=" + age + ", sex=" + sex + "]";
}
}
5.Xstream自定義的轉換器
(1)Xstream自帶的轉換器
Xstream內部有許多轉換器,用於JavaBean對象到XML或Json之間的轉換。這些轉換器的詳細信息網址:http://xstream.codehaus.org/converters.html
(2)使用自定義的轉換器
class Person
{
private String name;
private int age;
public Person(String name, int age)
{
this.name = name;
this.age = age;
}
public String getName()
{
return name;
}
public void setName(String name)
{
this.name = name;
}
public int getAge()
{
return age;
}
public void setAge(int age)
{
this.age = age;
}
@Override
public String toString()
{
return "Person [name=" + name + ", age=" + age + "]";
}
}
public class PersonConverter implements Converter
{
@Override//定義轉換器能轉換的JavaBean類型
public boolean canConvert(Class type)
{
return type.equals(Person.class);
}
@Override//把對象序列化成XML或Json
public void marshal(Object value, HierarchicalStreamWriter writer,
MarshallingContext context)
{
Person person = (Person) value;
writer.startNode("姓名");
writer.setValue(person.getName());
writer.endNode();
writer.startNode("年齡");
writer.setValue(person.getAge()+"");
writer.endNode();
writer.startNode("轉換器");
writer.setValue("自定義的轉換器");
writer.endNode();
}
@Override//把XML或Json反序列化成對象
public Object unmarshal(HierarchicalStreamReader reader,
UnmarshallingContext context)
{
Person person = new Person("",-1);
reader.moveDown();
person.setName(reader.getValue());
reader.moveUp();
reader.moveDown();
person.setAge(Integer.parseInt(reader.getValue()));
reader.moveUp();
return person;
}
}
public class Test
{
public static void main(String[] args)
{
Person bean =new Person("張三",19);
XStream xstream = new XStream();
xstream.registerConverter(new PersonConverter());//注冊轉換器
//序列化
String xml = xstream.toXML(bean);
System.out.println(xml);
//反序列化
bean=(Person)xstream.fromXML(xml);
System.out.println(bean);
}
}
}
}
(3)常用的轉換器接口與抽象類
SingleValueConverter:單值轉換接口
AbstractSingleValueConverter:單值轉換抽象類
Converter:常規轉換器接口
6.Xstream對象流的使用
(1)Xstream對象輸出流
class Person
{
private String name;
private int age;
public Person(String name, int age)
{
this.name = name;
this.age = age;
}
}
public class Test
{
public static void main(String[] args) throws IOException
{
XStream xstream = new XStream();
ObjectOutputStream out = xstream.createObjectOutputStream(System.out);
out.writeObject(new Person("張三",12));
out.writeObject(new Person("李四",19));
out.writeObject("Hello");
out.writeInt(12345);
out.close();
}
}
注意: XStream對象流是通過標准java.io.ObjectOutputStream和java.io.ObjectInputStream對象。 因為XML文檔只能有一個根節點,必須包裝在一個序列化的所有元素 額外的根節點。 這個根節點默認 < object-stream >上面的例子所示。
(2)Xstream對象輸出流
class Person
{
private String name;
private int age;
public Person(String name, int age)
{
this.name = name;
this.age = age;
}
@Override
public String toString()
{
return "Person [name=" + name + ", age=" + age + "]";
}
}
public class Test
{
public static void main(String[] args) throws IOException, ClassNotFoundException
{
String s="<object-stream><test.Person><name>張三</name><age>12</age></test.Person><int>12345</int></object-stream>";
StringReader reader = new StringReader(s);
XStream xstream = new XStream();
ObjectInputStream in = xstream.createObjectInputStream(reader);
System.out.println((Person) in.readObject());
System.out.println(in.readInt());
}
}
}
7.Xstream持久化API
(1)保存JavaBean對象
class Person
{
private String name;
private int age;
public Person(String name, int age)
{
this.name = name;
this.age = age;
}
@Override
public String toString()
{
return "Person [name=" + name + ", age=" + age + "]";
}
}
public class Test
{
public static void main(String[] args) throws IOException, ClassNotFoundException
{
PersistenceStrategy strategy = new FilePersistenceStrategy(new File("D:\\tmp"));
List list = new XmlArrayList(strategy);
list.add(new Person("張三",13));//保存數據
list.add(new Person("李四",21));
list.add(new Person("王五",17));
}
}
程序運行結果: 如果我們檢查D:\tmp目錄,有三個文件:int@0.xml、int@1.xml、int@2.xml;每個對象都被序列化到XML文件里。
(2)讀取並刪除JavaBean對象
public class Test
{
public static void main(String[] args) throws IOException, ClassNotFoundException
{
PersistenceStrategy strategy = new FilePersistenceStrategy(new File("D:\\tmp"));
List list = new XmlArrayList(strategy);
for (Iterator it = list.iterator(); it.hasNext();)
{
System.out.println((Person) it.next());
it.remove();//刪除對象序列化文件
}
}
}
8.Xstream操作Json
(1)Xstream序列化Json的重命名
@XStreamAlias("人")
class Person
{
@XStreamAlias("姓名")
private String name;
@XStreamAlias("年齡")
private int age;
public Person(String name, int age)
{
this.name = name;
this.age = age;
}
@Override
public String toString()
{
return "Person [name=" + name + ", age=" + age + "]";
}
}
public class Test
{
public static void main(String[] args)
{
Person bean=new Person("張三",19);
XStream xstream = new XStream(new JettisonMappedXmlDriver());//設置Json解析器
xstream.autodetectAnnotations(true);
//Json序列化
String xml = xstream.toXML(bean);
System.out.println(xml);
//Json反序列化
bean=(Person)xstream.fromXML(xml);
System.out.println(bean);
}
}
注意: Xstream序列化Json的重命名的方式與其序列化成XML的方式一樣!
(2)去掉序列化Json的根節點
class Person
{
private String name;
private int age;
public Person(String name, int age)
{
this.name = name;
this.age = age;
}
@Override
public String toString()
{
return "Person [name=" + name + ", age=" + age + "]";
}
}
public class Test00
{
public static void main(String[] args)
{
Person bean=new Person("張三",19);
XStream xstream = new XStream(new JsonHierarchicalStreamDriver()
{
public HierarchicalStreamWriter createWriter(Writer writer)
{
return new JsonWriter(writer, JsonWriter.DROP_ROOT_MODE);
}
});
//Json序列化
String xml = xstream.toXML(bean);
System.out.println(xml);
}
}
}
注意: 去掉根節點后的Json串是不能反序列化的,因為XStream 不知道它的類型。
(3)Json的解析器區別
前面兩個例子使用了不同的Json解析器,這里說明他們的不同之處:
JettisonMappedXmlDriver:是支持序列化和反序列化Json的。
JsonHierarchicalStreamDriver:只支持序列化,不支持反序列化