public static class JexlPermissions.ClassPermissions extends JexlPermissions.Delegate
Typical use case is to deny access to a package - and thus all its classes - but allow a few specific classes.
JexlPermissions.ClassPermissions, JexlPermissions.Delegate
base
RESTRICTED, UNRESTRICTED
Constructor and Description |
---|
ClassPermissions(Class... allow)
Creates permissions based on the RESTRICTED set but allowing an explicit set.
|
ClassPermissions(JexlPermissions delegate,
Collection<String> allow)
Required for compose().
|
Modifier and Type | Method and Description |
---|---|
boolean |
allow(Class<?> clazz)
Checks whether a class allows JEXL introspection.
|
boolean |
allow(Constructor constructor)
Checks whether a constructor allows JEXL introspection.
|
boolean |
allow(Method method)
Checks whether a method allows JEXL introspection.
|
JexlPermissions |
compose(String... src)
Compose these permissions with a new set.
|
allow, allow
public ClassPermissions(Class... allow)
allow
- the set of allowed classespublic ClassPermissions(JexlPermissions delegate, Collection<String> allow)
delegate
- the base to delegate toallow
- the list of class canonical namespublic boolean allow(Class<?> clazz)
JexlPermissions
If the class disallows JEXL introspection, none of its constructors, methods or fields as well as derived classes are visible to JEXL and can not be used in scripts or expressions. If one of its super-classes is not allowed, tbe class is not allowed either.
For interfaces, only methods and fields are disallowed in derived interfaces or implementing classes.
allow
in interface JexlPermissions
allow
in class JexlPermissions.Delegate
clazz
- the class to checkpublic boolean allow(Method method)
JexlPermissions
If a method is not allowed, it can not resolved and called in scripts or expressions.
Since methods can be overridden and overloaded, this also checks that no superclass or interface explicitly disallows this methods.
allow
in interface JexlPermissions
allow
in class JexlPermissions.Delegate
method
- the method to checkpublic boolean allow(Constructor constructor)
JexlPermissions
If a constructor is not allowed, the new operator can not be used to instantiate its declared class in scripts or expressions.
allow
in interface JexlPermissions
allow
in class JexlPermissions.Delegate
constructor
- the constructor to checkpublic JexlPermissions compose(String... src)
JexlPermissions
This is a convenience method meant to easily give access to the packages JEXL is
used to integrate with. For instance, using
would extend the restricted set of permissions by allowing the com.my.app package.JexlPermissions.RESTRICTED
.compose("com.my.app.*")
compose
in interface JexlPermissions
compose
in class JexlPermissions.Delegate
src
- the new constraintsCopyright © 2001–2022 The Apache Software Foundation. All rights reserved.