Class Permissions
- java.lang.Object
-
- org.apache.commons.jexl3.internal.introspection.Permissions
-
- All Implemented Interfaces:
JexlPermissions
public class Permissions extends java.lang.Object implements JexlPermissions
Checks whether an element (ctor, field or method) is visible by JEXL introspection.Default implementation does this by checking if element has been annotated with NoJexl.
The NoJexl annotation allows a fine grain permissions on executable objects (methods, fields, constructors).
- NoJexl of a package implies all classes (including derived classes) and all interfaces of that package are invisible to JEXL.
- NoJexl on a class implies this class and all its derived classes are invisible to JEXL.
- NoJexl on a (public) field makes it not visible as a property to JEXL.
- NoJexl on a constructor prevents that constructor to be used to instantiate through 'new'.
- NoJexl on a method prevents that method and any of its overrides to be visible to JEXL.
- NoJexl on an interface prevents all methods of that interface and their overrides to be visible to JEXL.
It is possible to further refine permissions on classes used through libraries where source code form can not be altered using an instance of permissions using
JexlPermissions.parse(String...)
.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description (package private) static class
Permissions.JexlClass
A positive NoJexl construct that defines what is denied by absence in the set.(package private) static class
Permissions.NoJexlClass
Equivalent of @NoJexl on a ctor, a method or a field in a class.(package private) static class
Permissions.NoJexlPackage
Equivalent of @NoJexl on a class in a package.-
Nested classes/interfaces inherited from interface org.apache.commons.jexl3.introspection.JexlPermissions
JexlPermissions.ClassPermissions, JexlPermissions.Delegate
-
-
Field Summary
Fields Modifier and Type Field Description private java.util.Set<java.lang.String>
allowed
The closed world package patterns.(package private) static Permissions.NoJexlClass
JEXL_CLASS
Marker for allowed class.(package private) static Permissions.NoJexlPackage
JEXL_PACKAGE
Marker for fully allowed package.(package private) static Permissions.NoJexlClass
NOJEXL_CLASS
Marker for whole NoJexl class.(package private) static Permissions.NoJexlPackage
NOJEXL_PACKAGE
Marker for @NoJexl package.private java.util.Map<java.lang.String,Permissions.NoJexlPackage>
packages
The @NoJexl execution-time map.(package private) static Permissions
UNRESTRICTED
The no-restriction introspection permission singleton.-
Fields inherited from interface org.apache.commons.jexl3.introspection.JexlPermissions
RESTRICTED
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
Permissions()
Allow inheritance.protected
Permissions(java.util.Set<java.lang.String> perimeter, java.util.Map<java.lang.String,Permissions.NoJexlPackage> nojexl)
Default ctor.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
allow(java.lang.Class<?> clazz)
Checks whether a class or one of its super-classes or implemented interfaces explicitly disallows JEXL introspection.private boolean
allow(java.lang.Class<?> clazz, java.lang.reflect.Method method, boolean[] explicit)
Check whether a method is allowed to be introspected in one superclass or interface.boolean
allow(java.lang.Package pack)
Checks whether a package explicitly disallows JEXL introspection.boolean
allow(java.lang.reflect.Constructor<?> ctor)
Checks whether a constructor explicitly disallows JEXL introspection.boolean
allow(java.lang.reflect.Field field)
Checks whether a field explicitly disallows JEXL introspection.boolean
allow(java.lang.reflect.Method method)
Checks whether a method explicitly disallows JEXL introspection.(package private) static java.lang.String
classKey(java.lang.Class<?> clazz)
Creates a class key joining enclosing ascendants with '$'.(package private) static java.lang.String
classKey(java.lang.Class<?> clazz, java.lang.StringBuilder strb)
Creates a class key joining enclosing ascendants with '$'.Permissions
compose(java.lang.String... src)
Creates a new set of permissions by composing these permissions with a new set of rules.private boolean
deny(java.lang.Class<?> clazz)
Whether a whole class is denied Jexl visibility.private boolean
deny(java.lang.Package pack)
Whether a whole package is denied Jexl visibility.private boolean
deny(java.lang.reflect.Constructor<?> ctor)
Whether a constructor is denied Jexl visibility.private boolean
deny(java.lang.reflect.Field field)
Whether a field is denied Jexl visibility.private boolean
deny(java.lang.reflect.Method method)
Whether a method is denied Jexl visibility.private boolean
denyMethod(java.lang.reflect.Method method)
Checks whether a method is denied.private Permissions.NoJexlClass
getNoJexl(java.lang.Class<?> clazz)
Gets the class constraints.private Permissions.NoJexlPackage
getNoJexlPackage(java.lang.String packageName)
Gets the package constraints.(package private) java.util.Map<java.lang.String,Permissions.NoJexlPackage>
getPackages()
(package private) java.util.Set<java.lang.String>
getWildcards()
private boolean
wildcardAllow(java.lang.Class<?> clazz)
Whether the wildcard set of packages allows a given class to be introspected.(package private) static boolean
wildcardAllow(java.util.Set<java.lang.String> allowed, java.lang.String name)
Whether the wilcard set of packages allows a given package to be introspected.
-
-
-
Field Detail
-
NOJEXL_CLASS
static final Permissions.NoJexlClass NOJEXL_CLASS
Marker for whole NoJexl class.
-
JEXL_CLASS
static final Permissions.NoJexlClass JEXL_CLASS
Marker for allowed class.
-
NOJEXL_PACKAGE
static final Permissions.NoJexlPackage NOJEXL_PACKAGE
Marker for @NoJexl package.
-
JEXL_PACKAGE
static final Permissions.NoJexlPackage JEXL_PACKAGE
Marker for fully allowed package.
-
UNRESTRICTED
static final Permissions UNRESTRICTED
The no-restriction introspection permission singleton.
-
packages
private final java.util.Map<java.lang.String,Permissions.NoJexlPackage> packages
The @NoJexl execution-time map.
-
allowed
private final java.util.Set<java.lang.String> allowed
The closed world package patterns.
-
-
Constructor Detail
-
Permissions
protected Permissions()
Allow inheritance.
-
Permissions
protected Permissions(java.util.Set<java.lang.String> perimeter, java.util.Map<java.lang.String,Permissions.NoJexlPackage> nojexl)
Default ctor.- Parameters:
perimeter
- the allowed wildcard set of packagesnojexl
- the NoJexl external map
-
-
Method Detail
-
classKey
static java.lang.String classKey(java.lang.Class<?> clazz)
Creates a class key joining enclosing ascendants with '$'.As in
outer$inner
forclass outer { class inner...
.- Parameters:
clazz
- the clazz- Returns:
- the clazz key
-
classKey
static java.lang.String classKey(java.lang.Class<?> clazz, java.lang.StringBuilder strb)
Creates a class key joining enclosing ascendants with '$'.As in
outer$inner
forclass outer { class inner...
.- Parameters:
clazz
- the clazzstrb
- the buffer to compose the key- Returns:
- the clazz key
-
wildcardAllow
static boolean wildcardAllow(java.util.Set<java.lang.String> allowed, java.lang.String name)
Whether the wilcard set of packages allows a given package to be introspected.- Parameters:
allowed
- the allowed set (not null, may be empty)name
- the package name (not null)- Returns:
- true if allowed, false otherwise
-
allow
public boolean allow(java.lang.Class<?> clazz)
Checks whether a class or one of its super-classes or implemented interfaces explicitly disallows JEXL introspection.- Specified by:
allow
in interfaceJexlPermissions
- Parameters:
clazz
- the class to check- Returns:
- true if JEXL is allowed to introspect, false otherwise
-
allow
private boolean allow(java.lang.Class<?> clazz, java.lang.reflect.Method method, boolean[] explicit)
Check whether a method is allowed to be introspected in one superclass or interface.- Parameters:
clazz
- the superclass or interface to checkmethod
- the methodexplicit
- carries whether the package holding the method is explicitly allowed- Returns:
- true if JEXL is allowed to introspect, false otherwise
-
allow
public boolean allow(java.lang.reflect.Constructor<?> ctor)
Checks whether a constructor explicitly disallows JEXL introspection.- Specified by:
allow
in interfaceJexlPermissions
- Parameters:
ctor
- the constructor to check- Returns:
- true if JEXL is allowed to introspect, false otherwise
-
allow
public boolean allow(java.lang.reflect.Field field)
Checks whether a field explicitly disallows JEXL introspection.- Specified by:
allow
in interfaceJexlPermissions
- Parameters:
field
- the field to check- Returns:
- true if JEXL is allowed to introspect, false otherwise
-
allow
public boolean allow(java.lang.reflect.Method method)
Checks whether a method explicitly disallows JEXL introspection.Since methods can be overridden, this also checks that no superclass or interface explicitly disallows this methods.
- Specified by:
allow
in interfaceJexlPermissions
- Parameters:
method
- the method to check- Returns:
- true if JEXL is allowed to introspect, false otherwise
-
allow
public boolean allow(java.lang.Package pack)
Checks whether a package explicitly disallows JEXL introspection.- Specified by:
allow
in interfaceJexlPermissions
- Parameters:
pack
- the package- Returns:
- true if JEXL is allowed to introspect, false otherwise
-
compose
public Permissions compose(java.lang.String... src)
Creates a new set of permissions by composing these permissions with a new set of rules.- Specified by:
compose
in interfaceJexlPermissions
- Parameters:
src
- the rules- Returns:
- the new permissions
-
deny
private boolean deny(java.lang.Class<?> clazz)
Whether a whole class is denied Jexl visibility.Also checks package visibility.
- Parameters:
clazz
- the class- Returns:
- true if denied, false otherwise
-
deny
private boolean deny(java.lang.reflect.Constructor<?> ctor)
Whether a constructor is denied Jexl visibility.- Parameters:
ctor
- the constructor- Returns:
- true if denied, false otherwise
-
deny
private boolean deny(java.lang.reflect.Field field)
Whether a field is denied Jexl visibility.- Parameters:
field
- the field- Returns:
- true if denied, false otherwise
-
deny
private boolean deny(java.lang.reflect.Method method)
Whether a method is denied Jexl visibility.- Parameters:
method
- the method- Returns:
- true if denied, false otherwise
-
deny
private boolean deny(java.lang.Package pack)
Whether a whole package is denied Jexl visibility.- Parameters:
pack
- the package- Returns:
- true if denied, false otherwise
-
denyMethod
private boolean denyMethod(java.lang.reflect.Method method)
Checks whether a method is denied.- Parameters:
method
- the method- Returns:
- true if it has been disallowed through annotation or declaration
-
getNoJexl
private Permissions.NoJexlClass getNoJexl(java.lang.Class<?> clazz)
Gets the class constraints.If nothing was explicitly forbidden, everything is allowed.
- Parameters:
clazz
- the class- Returns:
- the class constraints instance, not-null.
-
getNoJexlPackage
private Permissions.NoJexlPackage getNoJexlPackage(java.lang.String packageName)
Gets the package constraints.- Parameters:
packageName
- the package name- Returns:
- the package constraints instance, not-null.
-
getPackages
java.util.Map<java.lang.String,Permissions.NoJexlPackage> getPackages()
- Returns:
- the packages
-
getWildcards
java.util.Set<java.lang.String> getWildcards()
- Returns:
- the wilcards
-
wildcardAllow
private boolean wildcardAllow(java.lang.Class<?> clazz)
Whether the wildcard set of packages allows a given class to be introspected.- Parameters:
clazz
- the package name (not null)- Returns:
- true if allowed, false otherwise
-
-