Package org.apache.commons.jexl3.introspection

Class JexlPermissions.ClassPermissions

java.lang.Object
org.apache.commons.jexl3.introspection.JexlPermissions.Delegate
org.apache.commons.jexl3.introspection.JexlPermissions.ClassPermissions
All Implemented Interfaces:
JexlPermissions
Enclosing interface:
JexlPermissions
public static final class JexlPermissions.ClassPermissions extends JexlPermissions.Delegate
A permission delegation that augments the RESTRICTED permission with an explicit set of classes.

Typical use case is to deny access to a package - and thus all its classes - but allow a few specific classes.

Note that the newer positive restriction syntax is preferable as in: RESTRICTED.compose("java.lang { +Class {} }").

  • Constructor Details

    • ClassPermissions

      public ClassPermissions(Class<?>... allow)
      Creates permissions based on the RESTRICTED set but allowing an explicit set.
      Parameters:
      allow - the set of allowed classes

    • ClassPermissions

      public ClassPermissions(JexlPermissions delegate, Collection<String> allow)
      Required for compose().
      Parameters:
      delegate - the base to delegate to
      allow - the list of class canonical names

  • Method Details

    • allow

      public boolean allow(Class<?> clazz)
      Description copied from interface: JexlPermissions
      Checks whether a class allows JEXL introspection.

      If the class disallows JEXL introspection, none of its constructors, methods or fields as well as derived classes are visible to JEXL and can not be used in scripts or expressions. If one of its super-classes is not allowed, tbe class is not allowed either.

      For interfaces, only methods and fields are disallowed in derived interfaces or implementing classes.

      Specified by:
      allow in interface JexlPermissions
      Overrides:
      allow in class JexlPermissions.Delegate
      Parameters:
      clazz - the class to check
      Returns:
      true if JEXL is allowed to introspect, false otherwise

    • allow

      public boolean allow(Constructor<?> constructor)
      Description copied from interface: JexlPermissions
      Checks whether a constructor allows JEXL introspection.

      If a constructor is not allowed, the new operator can not be used to instantiate its declared class in scripts or expressions.

      Specified by:
      allow in interface JexlPermissions
      Overrides:
      allow in class JexlPermissions.Delegate
      Parameters:
      constructor - the constructor to check
      Returns:
      true if JEXL is allowed to introspect, false otherwise

    • allow

      public boolean allow(Method method)
      Description copied from interface: JexlPermissions
      Checks whether a method allows JEXL introspection.

      If a method is not allowed, it can not resolved and called in scripts or expressions.

      Since methods can be overridden and overloaded, this also checks that no superclass or interface explicitly disallows this methods.

      Specified by:
      allow in interface JexlPermissions
      Overrides:
      allow in class JexlPermissions.Delegate
      Parameters:
      method - the method to check
      Returns:
      true if JEXL is allowed to introspect, false otherwise

    • compose

      public JexlPermissions compose(String... src)
      Description copied from interface: JexlPermissions
      Compose these permissions with a new set.

      This is a convenience method meant to easily give access to the packages JEXL is used to integrate with. For instance, using JexlPermissions.RESTRICTED.compose("com.my.app.*") would extend the restricted set of permissions by allowing the com.my.app package.

      Specified by:
      compose in interface JexlPermissions
      Overrides:
      compose in class JexlPermissions.Delegate
      Parameters:
      src - the new constraints
      Returns:
      the new permissions