View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *      https://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.commons.beanutils2;
18  
19  import java.beans.IntrospectionException;
20  import java.util.Collection;
21  import java.util.Collections;
22  import java.util.HashSet;
23  import java.util.Objects;
24  import java.util.Set;
25  
26  /**
27   * <p>
28   * A specialized {@code BeanIntrospector} implementation which suppresses some properties.
29   * </p>
30   * <p>
31   * An instance of this class is passed a set with the names of the properties it should process. During introspection of a bean class it removes all these
32   * properties from the {@link IntrospectionContext}. So effectively, properties added by a different {@code BeanIntrospector} are removed again.
33   * </p>
34   *
35   * @since 1.9.2
36   */
37  public class SuppressPropertiesBeanIntrospector implements BeanIntrospector {
38  
39      /**
40       * A specialized instance which is configured to suppress the special {@code class} properties of Java beans. Unintended access to the property
41       * {@code class} (which is common to all Java objects) can be a security risk because it also allows access to the class loader. Adding this instance as
42       * {@code BeanIntrospector} to an instance of {@code PropertyUtilsBean} suppresses the {@code class} property; it can then no longer be accessed.
43       */
44      public static final SuppressPropertiesBeanIntrospector SUPPRESS_CLASS = new SuppressPropertiesBeanIntrospector(Collections.singleton("class"));
45  
46      /**
47       * A specialized instance which is configured to suppress the special {@code class} properties of Java beans. Unintended access to the call for
48       * {@code declaringClass} (which is common to all Java {@code enum}) can be a security risk because it also allows access to the class loader. Adding this
49       * instance as {@code BeanIntrospector} to an instance of {@code PropertyUtilsBean} suppresses the {@code class} property; it can then no longer be
50       * accessed.
51       *
52       * @since 2.0.0-M2
53       */
54      public static final SuppressPropertiesBeanIntrospector SUPPRESS_DECLARING_CLASS = new SuppressPropertiesBeanIntrospector(
55              Collections.singleton("declaringClass"));
56  
57  /** A set with the names of the properties to be suppressed. */
58      private final Set<String> propertyNames;
59  
60      /**
61       * Creates a new instance of {@code SuppressPropertiesBeanIntrospector} and sets the names of the properties to be suppressed.
62       *
63       * @param propertiesToSuppress the names of the properties to be suppressed (must not be <strong>null</strong>)
64       * @throws IllegalArgumentException if the collection with property names is <strong>null</strong>
65       */
66      public SuppressPropertiesBeanIntrospector(final Collection<String> propertiesToSuppress) {
67          Objects.requireNonNull(propertiesToSuppress, "propertiesToSuppress");
68          propertyNames = Collections.unmodifiableSet(new HashSet<>(propertiesToSuppress));
69      }
70  
71      /**
72       * Returns a (unmodifiable) set with the names of the properties which are suppressed by this {@code BeanIntrospector}.
73       *
74       * @return a set with the names of the suppressed properties
75       */
76      public Set<String> getSuppressedProperties() {
77          return propertyNames;
78      }
79  
80      /**
81       * {@inheritDoc} This implementation removes all properties from the given context it is configured for.
82       */
83      @Override
84      public void introspect(final IntrospectionContext icontext) throws IntrospectionException {
85          getSuppressedProperties().forEach(icontext::removePropertyDescriptor);
86      }
87  }