001/*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.commons.beanutils;
018
019import java.beans.IntrospectionException;
020import java.util.Collection;
021import java.util.Collections;
022import java.util.HashSet;
023import java.util.Set;
024
025/**
026 * <p>
027 * A specialized {@code BeanIntrospector} implementation which suppresses some properties.
028 * </p>
029 * <p>
030 * An instance of this class is passed a set with the names of the properties it should
031 * process. During introspection of a bean class it removes all these properties from the
032 * {@link IntrospectionContext}. So effectively, properties added by a different
033 * {@code BeanIntrospector} are removed again.
034 * </p>
035 *
036 * @version $Id$
037 * @since 1.9.2
038 */
039public class SuppressPropertiesBeanIntrospector implements BeanIntrospector {
040    /**
041     * A specialized instance which is configured to suppress the special {@code class}
042     * properties of Java beans. Unintended access to the property {@code class} (which is
043     * common to all Java objects) can be a security risk because it also allows access to
044     * the class loader. Adding this instance as {@code BeanIntrospector} to an instance
045     * of {@code PropertyUtilsBean} suppresses the {@code class} property; it can then no
046     * longer be accessed.
047     */
048    public static final SuppressPropertiesBeanIntrospector SUPPRESS_CLASS =
049            new SuppressPropertiesBeanIntrospector(Collections.singleton("class"));
050
051    /** A set with the names of the properties to be suppressed. */
052    private final Set<String> propertyNames;
053
054    /**
055     * Creates a new instance of {@code SuppressPropertiesBeanIntrospector} and sets the
056     * names of the properties to be suppressed.
057     *
058     * @param propertiesToSuppress the names of the properties to be suppressed (must not
059     * be <b>null</b>)
060     * @throws IllegalArgumentException if the collection with property names is
061     * <b>null</b>
062     */
063    public SuppressPropertiesBeanIntrospector(final Collection<String> propertiesToSuppress) {
064        if (propertiesToSuppress == null) {
065            throw new IllegalArgumentException("Property names must not be null!");
066        }
067
068        propertyNames = Collections.unmodifiableSet(new HashSet<String>(
069                propertiesToSuppress));
070    }
071
072    /**
073     * Returns a (unmodifiable) set with the names of the properties which are suppressed
074     * by this {@code BeanIntrospector}.
075     *
076     * @return a set with the names of the suppressed properties
077     */
078    public Set<String> getSuppressedProperties() {
079        return propertyNames;
080    }
081
082    /**
083     * {@inheritDoc} This implementation removes all properties from the given context it
084     * is configured for.
085     */
086    public void introspect(final IntrospectionContext icontext) throws IntrospectionException {
087        for (final String property : getSuppressedProperties()) {
088            icontext.removePropertyDescriptor(property);
089        }
090    }
091}