Class Permissions

  • All Implemented Interfaces:
    JexlPermissions

    public class Permissions
    extends java.lang.Object
    implements JexlPermissions
    Checks whether an element (ctor, field or method) is visible by JEXL introspection.

    Default implementation does this by checking if element has been annotated with NoJexl.

    The NoJexl annotation allows a fine grain permissions on executable objects (methods, fields, constructors).

    • NoJexl of a package implies all classes (including derived classes) and all interfaces of that package are invisible to JEXL.
    • NoJexl on a class implies this class and all its derived classes are invisible to JEXL.
    • NoJexl on a (public) field makes it not visible as a property to JEXL.
    • NoJexl on a constructor prevents that constructor to be used to instantiate through 'new'.
    • NoJexl on a method prevents that method and any of its overrides to be visible to JEXL.
    • NoJexl on an interface prevents all methods of that interface and their overrides to be visible to JEXL.

    It is possible to further refine permissions on classes used through libraries where source code form can not be altered using an instance of permissions using JexlPermissions.parse(String...).

    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      protected Permissions()
      Allow inheritance.
      protected Permissions​(java.util.Set<java.lang.String> perimeter, java.util.Map<java.lang.String,​Permissions.NoJexlPackage> nojexl)
      Default ctor.
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean allow​(java.lang.Class<?> clazz)
      Checks whether a class or one of its super-classes or implemented interfaces explicitly disallows JEXL introspection.
      private boolean allow​(java.lang.Class<?> clazz, java.lang.reflect.Method method, boolean[] explicit)
      Check whether a method is allowed to be introspected in one superclass or interface.
      boolean allow​(java.lang.Package pack)
      Checks whether a package explicitly disallows JEXL introspection.
      boolean allow​(java.lang.reflect.Constructor<?> ctor)
      Checks whether a constructor explicitly disallows JEXL introspection.
      boolean allow​(java.lang.reflect.Field field)
      Checks whether a field explicitly disallows JEXL introspection.
      boolean allow​(java.lang.reflect.Method method)
      Checks whether a method explicitly disallows JEXL introspection.
      (package private) static java.lang.String classKey​(java.lang.Class<?> clazz)
      Creates a class key joining enclosing ascendants with '$'.
      (package private) static java.lang.String classKey​(java.lang.Class<?> clazz, java.lang.StringBuilder strb)
      Creates a class key joining enclosing ascendants with '$'.
      Permissions compose​(java.lang.String... src)
      Creates a new set of permissions by composing these permissions with a new set of rules.
      private boolean deny​(java.lang.Class<?> clazz)
      Whether a whole class is denied Jexl visibility.
      private boolean deny​(java.lang.Package pack)
      Whether a whole package is denied Jexl visibility.
      private boolean deny​(java.lang.reflect.Constructor<?> ctor)
      Whether a constructor is denied Jexl visibility.
      private boolean deny​(java.lang.reflect.Field field)
      Whether a field is denied Jexl visibility.
      private boolean deny​(java.lang.reflect.Method method)
      Whether a method is denied Jexl visibility.
      private boolean denyMethod​(java.lang.reflect.Method method)
      Checks whether a method is denied.
      private Permissions.NoJexlClass getNoJexl​(java.lang.Class<?> clazz)
      Gets the class constraints.
      private Permissions.NoJexlPackage getNoJexlPackage​(java.lang.String packageName)
      Gets the package constraints.
      (package private) java.util.Map<java.lang.String,​Permissions.NoJexlPackage> getPackages()  
      (package private) java.util.Set<java.lang.String> getWildcards()  
      private boolean wildcardAllow​(java.lang.Class<?> clazz)
      Whether the wildcard set of packages allows a given class to be introspected.
      (package private) static boolean wildcardAllow​(java.util.Set<java.lang.String> allowed, java.lang.String name)
      Whether the wilcard set of packages allows a given package to be introspected.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • UNRESTRICTED

        static final Permissions UNRESTRICTED
        The no-restriction introspection permission singleton.
      • packages

        private final java.util.Map<java.lang.String,​Permissions.NoJexlPackage> packages
        The @NoJexl execution-time map.
      • allowed

        private final java.util.Set<java.lang.String> allowed
        The closed world package patterns.
    • Constructor Detail

      • Permissions

        protected Permissions()
        Allow inheritance.
      • Permissions

        protected Permissions​(java.util.Set<java.lang.String> perimeter,
                              java.util.Map<java.lang.String,​Permissions.NoJexlPackage> nojexl)
        Default ctor.
        Parameters:
        perimeter - the allowed wildcard set of packages
        nojexl - the NoJexl external map
    • Method Detail

      • classKey

        static java.lang.String classKey​(java.lang.Class<?> clazz)
        Creates a class key joining enclosing ascendants with '$'.

        As in outer$inner for class outer { class inner....

        Parameters:
        clazz - the clazz
        Returns:
        the clazz key
      • classKey

        static java.lang.String classKey​(java.lang.Class<?> clazz,
                                         java.lang.StringBuilder strb)
        Creates a class key joining enclosing ascendants with '$'.

        As in outer$inner for class outer { class inner....

        Parameters:
        clazz - the clazz
        strb - the buffer to compose the key
        Returns:
        the clazz key
      • wildcardAllow

        static boolean wildcardAllow​(java.util.Set<java.lang.String> allowed,
                                     java.lang.String name)
        Whether the wilcard set of packages allows a given package to be introspected.
        Parameters:
        allowed - the allowed set (not null, may be empty)
        name - the package name (not null)
        Returns:
        true if allowed, false otherwise
      • allow

        public boolean allow​(java.lang.Class<?> clazz)
        Checks whether a class or one of its super-classes or implemented interfaces explicitly disallows JEXL introspection.
        Specified by:
        allow in interface JexlPermissions
        Parameters:
        clazz - the class to check
        Returns:
        true if JEXL is allowed to introspect, false otherwise
      • allow

        private boolean allow​(java.lang.Class<?> clazz,
                              java.lang.reflect.Method method,
                              boolean[] explicit)
        Check whether a method is allowed to be introspected in one superclass or interface.
        Parameters:
        clazz - the superclass or interface to check
        method - the method
        explicit - carries whether the package holding the method is explicitly allowed
        Returns:
        true if JEXL is allowed to introspect, false otherwise
      • allow

        public boolean allow​(java.lang.reflect.Constructor<?> ctor)
        Checks whether a constructor explicitly disallows JEXL introspection.
        Specified by:
        allow in interface JexlPermissions
        Parameters:
        ctor - the constructor to check
        Returns:
        true if JEXL is allowed to introspect, false otherwise
      • allow

        public boolean allow​(java.lang.reflect.Field field)
        Checks whether a field explicitly disallows JEXL introspection.
        Specified by:
        allow in interface JexlPermissions
        Parameters:
        field - the field to check
        Returns:
        true if JEXL is allowed to introspect, false otherwise
      • allow

        public boolean allow​(java.lang.reflect.Method method)
        Checks whether a method explicitly disallows JEXL introspection.

        Since methods can be overridden, this also checks that no superclass or interface explicitly disallows this methods.

        Specified by:
        allow in interface JexlPermissions
        Parameters:
        method - the method to check
        Returns:
        true if JEXL is allowed to introspect, false otherwise
      • allow

        public boolean allow​(java.lang.Package pack)
        Checks whether a package explicitly disallows JEXL introspection.
        Specified by:
        allow in interface JexlPermissions
        Parameters:
        pack - the package
        Returns:
        true if JEXL is allowed to introspect, false otherwise
      • compose

        public Permissions compose​(java.lang.String... src)
        Creates a new set of permissions by composing these permissions with a new set of rules.
        Specified by:
        compose in interface JexlPermissions
        Parameters:
        src - the rules
        Returns:
        the new permissions
      • deny

        private boolean deny​(java.lang.Class<?> clazz)
        Whether a whole class is denied Jexl visibility.

        Also checks package visibility.

        Parameters:
        clazz - the class
        Returns:
        true if denied, false otherwise
      • deny

        private boolean deny​(java.lang.reflect.Constructor<?> ctor)
        Whether a constructor is denied Jexl visibility.
        Parameters:
        ctor - the constructor
        Returns:
        true if denied, false otherwise
      • deny

        private boolean deny​(java.lang.reflect.Field field)
        Whether a field is denied Jexl visibility.
        Parameters:
        field - the field
        Returns:
        true if denied, false otherwise
      • deny

        private boolean deny​(java.lang.reflect.Method method)
        Whether a method is denied Jexl visibility.
        Parameters:
        method - the method
        Returns:
        true if denied, false otherwise
      • deny

        private boolean deny​(java.lang.Package pack)
        Whether a whole package is denied Jexl visibility.
        Parameters:
        pack - the package
        Returns:
        true if denied, false otherwise
      • denyMethod

        private boolean denyMethod​(java.lang.reflect.Method method)
        Checks whether a method is denied.
        Parameters:
        method - the method
        Returns:
        true if it has been disallowed through annotation or declaration
      • getNoJexl

        private Permissions.NoJexlClass getNoJexl​(java.lang.Class<?> clazz)
        Gets the class constraints.

        If nothing was explicitly forbidden, everything is allowed.

        Parameters:
        clazz - the class
        Returns:
        the class constraints instance, not-null.
      • getNoJexlPackage

        private Permissions.NoJexlPackage getNoJexlPackage​(java.lang.String packageName)
        Gets the package constraints.
        Parameters:
        packageName - the package name
        Returns:
        the package constraints instance, not-null.
      • getWildcards

        java.util.Set<java.lang.String> getWildcards()
        Returns:
        the wilcards
      • wildcardAllow

        private boolean wildcardAllow​(java.lang.Class<?> clazz)
        Whether the wildcard set of packages allows a given class to be introspected.
        Parameters:
        clazz - the package name (not null)
        Returns:
        true if allowed, false otherwise