org.apache.commons.jexl2.introspection
Class Sandbox

java.lang.Object
  org.apache.commons.jexl2.introspection.Sandbox

public final class Sandbox
extends Object

A sandbox describes permissions on a class by explicitly allowing or forbidding access to methods and properties through "whitelists" and "blacklists".

A whitelist explicitly allows methods/properties for a class;

• If a whitelist is empty and thus does not contain any names, all properties/methods are allowed for its class.
• If it is not empty, the only allowed properties/methods are the ones contained.

A blacklist explicitly forbids methods/properties for a class;

• If a blacklist is empty and thus does not contain any names, all properties/methods are forbidden for its class.
• If it is not empty, the only forbidden properties/methods are the ones contained.

Permissions are composed of three lists, read, write, execute, each being "white" or "black":

• read controls readable properties
• write controls writeable properties
• execute controls executable methods and constructor

Since:

2.1

Nested Class Summary

static class	Sandbox.BlackSet A black set of names.
static class	Sandbox.Names A base set of names.
static class	Sandbox.Permissions Contains the white or black lists for properties and methods for a given class.
static class	Sandbox.WhiteSet A white set of names.

Constructor Summary

	Sandbox() Creates a new default sandbox.
protected	Sandbox(Map<String,Sandbox.Permissions> map) Creates a sandbox based on an existing permissions map.

Method Summary

Sandbox.Permissions	black(String clazz) Creates a new set of permissions based on black lists for methods and properties for a given class.
String	execute(Class<?> clazz, String name) Gets the execute permission value for a given method of a class.
String	execute(String clazz, String name) Gets the execute permission value for a given method of a class.
Sandbox.Permissions	get(String clazz) Gets the set of permissions associated to a class.
Sandbox.Permissions	permissions(String clazz, boolean readFlag, boolean writeFlag, boolean executeFlag) Creates the set of permissions for a given class.
String	read(Class<?> clazz, String name) Gets the read permission value for a given property of a class.
String	read(String clazz, String name) Gets the read permission value for a given property of a class.
Sandbox.Permissions	white(String clazz) Creates a new set of permissions based on white lists for methods and properties for a given class.
String	write(Class<?> clazz, String name) Gets the write permission value for a given property of a class.
String	write(String clazz, String name) Gets the write permission value for a given property of a class.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Sandbox

public Sandbox()

Creates a new default sandbox.

Sandbox

protected Sandbox(Map<String,Sandbox.Permissions> map)

Creates a sandbox based on an existing permissions map.

Parameters:

map - the permissions map

Method Detail

read

public String read(Class<?> clazz,
                   String name)

Gets the read permission value for a given property of a class.

Parameters:

clazz - the class

name - the property name

Returns:

null if not allowed, the name of the property to use otherwise

read

public String read(String clazz,
                   String name)

Gets the read permission value for a given property of a class.

Parameters:

clazz - the class name

name - the property name

Returns:

null if not allowed, the name of the property to use otherwise

write

public String write(Class<?> clazz,
                    String name)

Gets the write permission value for a given property of a class.

Parameters:

clazz - the class

name - the property name

Returns:

null if not allowed, the name of the property to use otherwise

write

public String write(String clazz,
                    String name)

Gets the write permission value for a given property of a class.

Parameters:

clazz - the class name

name - the property name

Returns:

null if not allowed, the name of the property to use otherwise

execute

public String execute(Class<?> clazz,
                      String name)

Gets the execute permission value for a given method of a class.

Parameters:

clazz - the class

name - the method name

Returns:

null if not allowed, the name of the method to use otherwise

execute

public String execute(String clazz,
                      String name)

Gets the execute permission value for a given method of a class.

Parameters:

clazz - the class name

name - the method name

Returns:

null if not allowed, the name of the method to use otherwise

permissions

public Sandbox.Permissions permissions(String clazz,
                                       boolean readFlag,
                                       boolean writeFlag,
                                       boolean executeFlag)

Creates the set of permissions for a given class.

Parameters:

clazz - the class for which these permissions apply

readFlag - whether the readable property list is white - true - or black - false -

writeFlag - whether the writeable property list is white - true - or black - false -

executeFlag - whether the executable method list is white white - true - or black - false -

Returns:

the set of permissions

white

public Sandbox.Permissions white(String clazz)

Creates a new set of permissions based on white lists for methods and properties for a given class.

Parameters:

clazz - the whitened class name

Returns:

the permissions instance

black

public Sandbox.Permissions black(String clazz)

Creates a new set of permissions based on black lists for methods and properties for a given class.

Parameters:

clazz - the blackened class name

Returns:

the permissions instance

get

public Sandbox.Permissions get(String clazz)

Gets the set of permissions associated to a class.

Parameters:

clazz - the class name

Returns:

the defined permissions or an all-white permission instance if none were defined