XStream xStream = new XStream();
//由于对象默认开启安全防护,添加这条语句解决问题。尽量限制最低权限。
xStream.addPermission(AnyTypePermission.ANY);
下面这种方法可能也好使,但是目前没有尝试。
xStream.setupDefaultSecurity(xStream); // to be removed after 1.5
xStream.allowTypesByWildcard(new String[] {
"com.xttblog.**"
});