Class JexlPermissions.ClassPermissions

  • All Implemented Interfaces:
    JexlPermissions
    Enclosing interface:
    JexlPermissions

    public static final class JexlPermissions.ClassPermissions
    extends JexlPermissions.Delegate
    A permission delegation that augments the RESTRICTED permission with an explicit set of classes.

    Typical use case is to deny access to a package - and thus all its classes - but allow a few specific classes.

    Note that the newer positive restriction syntax is preferable as in: RESTRICTED.compose("java.lang { +Class {} }").

    • Field Detail

      • allowedClasses

        private final java.util.Set<java.lang.String> allowedClasses
        The set of explicitly allowed classes, overriding the delegate permissions.
    • Constructor Detail

      • ClassPermissions

        public ClassPermissions​(java.lang.Class<?>... allow)
        Creates permissions based on the RESTRICTED set but allowing an explicit set.
        Parameters:
        allow - the set of allowed classes
      • ClassPermissions

        public ClassPermissions​(JexlPermissions delegate,
                                java.util.Collection<java.lang.String> allow)
        Required for compose().
        Parameters:
        delegate - the base to delegate to
        allow - the list of class canonical names
    • Method Detail

      • allow

        public boolean allow​(java.lang.Class<?> clazz)
        Description copied from interface: JexlPermissions
        Checks whether a class allows JEXL introspection.

        If the class disallows JEXL introspection, none of its constructors, methods or fields as well as derived classes are visible to JEXL and can not be used in scripts or expressions. If one of its super-classes is not allowed, tbe class is not allowed either.

        For interfaces, only methods and fields are disallowed in derived interfaces or implementing classes.

        Specified by:
        allow in interface JexlPermissions
        Overrides:
        allow in class JexlPermissions.Delegate
        Parameters:
        clazz - the class to check
        Returns:
        true if JEXL is allowed to introspect, false otherwise
      • allow

        public boolean allow​(java.lang.reflect.Constructor<?> constructor)
        Description copied from interface: JexlPermissions
        Checks whether a constructor allows JEXL introspection.

        If a constructor is not allowed, the new operator can not be used to instantiate its declared class in scripts or expressions.

        Specified by:
        allow in interface JexlPermissions
        Overrides:
        allow in class JexlPermissions.Delegate
        Parameters:
        constructor - the constructor to check
        Returns:
        true if JEXL is allowed to introspect, false otherwise
      • allow

        public boolean allow​(java.lang.reflect.Method method)
        Description copied from interface: JexlPermissions
        Checks whether a method allows JEXL introspection.

        If a method is not allowed, it can not resolved and called in scripts or expressions.

        Since methods can be overridden and overloaded, this also checks that no superclass or interface explicitly disallows this methods.

        Specified by:
        allow in interface JexlPermissions
        Overrides:
        allow in class JexlPermissions.Delegate
        Parameters:
        method - the method to check
        Returns:
        true if JEXL is allowed to introspect, false otherwise
      • compose

        public JexlPermissions compose​(java.lang.String... src)
        Description copied from interface: JexlPermissions
        Compose these permissions with a new set.

        This is a convenience method meant to easily give access to the packages JEXL is used to integrate with. For instance, using JexlPermissions.RESTRICTED.compose("com.my.app.*") would extend the restricted set of permissions by allowing the com.my.app package.

        Specified by:
        compose in interface JexlPermissions
        Overrides:
        compose in class JexlPermissions.Delegate
        Parameters:
        src - the new constraints
        Returns:
        the new permissions
      • isClassAllowed

        private boolean isClassAllowed​(java.lang.Class<?> clazz)