Class JexlPermissions.ClassPermissions
- java.lang.Object
-
- org.apache.commons.jexl3.introspection.JexlPermissions.Delegate
-
- org.apache.commons.jexl3.introspection.JexlPermissions.ClassPermissions
-
- All Implemented Interfaces:
JexlPermissions
- Enclosing interface:
- JexlPermissions
public static final class JexlPermissions.ClassPermissions extends JexlPermissions.Delegate
A permission delegation that augments the RESTRICTED permission with an explicit set of classes.Typical use case is to deny access to a package - and thus all its classes - but allow a few specific classes.
Note that the newer positive restriction syntax is preferable as in:
RESTRICTED.compose("java.lang { +Class {} }")
.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.commons.jexl3.introspection.JexlPermissions
JexlPermissions.ClassPermissions, JexlPermissions.Delegate
-
-
Field Summary
Fields Modifier and Type Field Description private java.util.Set<java.lang.String>
allowedClasses
The set of explicitly allowed classes, overriding the delegate permissions.-
Fields inherited from class org.apache.commons.jexl3.introspection.JexlPermissions.Delegate
base
-
Fields inherited from interface org.apache.commons.jexl3.introspection.JexlPermissions
RESTRICTED, UNRESTRICTED
-
-
Constructor Summary
Constructors Constructor Description ClassPermissions(java.lang.Class<?>... allow)
Creates permissions based on the RESTRICTED set but allowing an explicit set.ClassPermissions(JexlPermissions delegate, java.util.Collection<java.lang.String> allow)
Required for compose().
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
allow(java.lang.Class<?> clazz)
Checks whether a class allows JEXL introspection.boolean
allow(java.lang.reflect.Constructor<?> constructor)
Checks whether a constructor allows JEXL introspection.boolean
allow(java.lang.reflect.Method method)
Checks whether a method allows JEXL introspection.JexlPermissions
compose(java.lang.String... src)
Compose these permissions with a new set.private boolean
isClassAllowed(java.lang.Class<?> clazz)
-
Methods inherited from class org.apache.commons.jexl3.introspection.JexlPermissions.Delegate
allow, allow
-
-
-
-
Constructor Detail
-
ClassPermissions
public ClassPermissions(java.lang.Class<?>... allow)
Creates permissions based on the RESTRICTED set but allowing an explicit set.- Parameters:
allow
- the set of allowed classes
-
ClassPermissions
public ClassPermissions(JexlPermissions delegate, java.util.Collection<java.lang.String> allow)
Required for compose().- Parameters:
delegate
- the base to delegate toallow
- the list of class canonical names
-
-
Method Detail
-
allow
public boolean allow(java.lang.Class<?> clazz)
Description copied from interface:JexlPermissions
Checks whether a class allows JEXL introspection.If the class disallows JEXL introspection, none of its constructors, methods or fields as well as derived classes are visible to JEXL and can not be used in scripts or expressions. If one of its super-classes is not allowed, tbe class is not allowed either.
For interfaces, only methods and fields are disallowed in derived interfaces or implementing classes.
- Specified by:
allow
in interfaceJexlPermissions
- Overrides:
allow
in classJexlPermissions.Delegate
- Parameters:
clazz
- the class to check- Returns:
- true if JEXL is allowed to introspect, false otherwise
-
allow
public boolean allow(java.lang.reflect.Constructor<?> constructor)
Description copied from interface:JexlPermissions
Checks whether a constructor allows JEXL introspection.If a constructor is not allowed, the new operator can not be used to instantiate its declared class in scripts or expressions.
- Specified by:
allow
in interfaceJexlPermissions
- Overrides:
allow
in classJexlPermissions.Delegate
- Parameters:
constructor
- the constructor to check- Returns:
- true if JEXL is allowed to introspect, false otherwise
-
allow
public boolean allow(java.lang.reflect.Method method)
Description copied from interface:JexlPermissions
Checks whether a method allows JEXL introspection.If a method is not allowed, it can not resolved and called in scripts or expressions.
Since methods can be overridden and overloaded, this also checks that no superclass or interface explicitly disallows this methods.
- Specified by:
allow
in interfaceJexlPermissions
- Overrides:
allow
in classJexlPermissions.Delegate
- Parameters:
method
- the method to check- Returns:
- true if JEXL is allowed to introspect, false otherwise
-
compose
public JexlPermissions compose(java.lang.String... src)
Description copied from interface:JexlPermissions
Compose these permissions with a new set.This is a convenience method meant to easily give access to the packages JEXL is used to integrate with. For instance, using
would extend the restricted set of permissions by allowing the com.my.app package.JexlPermissions.RESTRICTED
.compose("com.my.app.*")- Specified by:
compose
in interfaceJexlPermissions
- Overrides:
compose
in classJexlPermissions.Delegate
- Parameters:
src
- the new constraints- Returns:
- the new permissions
-
isClassAllowed
private boolean isClassAllowed(java.lang.Class<?> clazz)
-
-