Class JexlPermissions.LoggingPermissions

java.lang.Object
org.apache.commons.jexl3.introspection.JexlPermissions.Delegate
org.apache.commons.jexl3.introspection.JexlPermissions.LoggingPermissions
All Implemented Interfaces:
JexlPermissions
Enclosing interface:
JexlPermissions

A permission delegate that logs every allow/deny decision.

This is a debugging aid to determine which reflective elements (classes, constructors, methods, fields) a permission set allows or denies; wrap any permissions with JexlPermissions.logging() (or JexlPermissions.logging(String) to pick the logger name) and inspect the log to diagnose why a given object is or is not reachable from scripts.

Since:
3.7.0
  • Constructor Details

    • LoggingPermissions

      Constructs an instance logging to a logger named after this class.
      Parameters:
      delegate - the permissions to delegate to
    • LoggingPermissions

      public LoggingPermissions(String loggerName, JexlPermissions delegate)
      Constructs an instance logging to a named logger.
      Parameters:
      loggerName - the name of the logger to use
      delegate - the permissions to delegate to
    • LoggingPermissions

      protected LoggingPermissions(org.apache.commons.logging.Log log, JexlPermissions delegate)
      Constructs an instance with an explicit logger.
      Parameters:
      log - the logger
      delegate - the permissions to delegate to
  • Method Details

    • allow

      public boolean allow(Class<?> clazz)
      Description copied from interface: JexlPermissions
      Checks whether a class allows JEXL introspection.

      If the class disallows JEXL introspection, none of its constructors, methods or fields as well as derived classes are visible to JEXL and cannot be used in scripts or expressions. If one of its super-classes is not allowed, tbe class is not allowed either.

      For interfaces, only methods and fields are disallowed in derived interfaces or implementing classes.

      Specified by:
      allow in interface JexlPermissions
      Overrides:
      allow in class JexlPermissions.Delegate
      Parameters:
      clazz - the class to check
      Returns:
      true if JEXL is allowed to introspect, false otherwise
    • allow

      public boolean allow(Constructor<?> ctor)
      Description copied from interface: JexlPermissions
      Checks whether a constructor allows JEXL introspection.

      If a constructor is not allowed, the new operator cannot be used to instantiate its declared class in scripts or expressions.

      Specified by:
      allow in interface JexlPermissions
      Overrides:
      allow in class JexlPermissions.Delegate
      Parameters:
      ctor - the constructor to check
      Returns:
      true if JEXL is allowed to introspect, false otherwise
    • allow

      public boolean allow(Field field)
      Description copied from interface: JexlPermissions
      Checks whether a field explicitly allows JEXL introspection.

      If a field is not allowed, it cannot be resolved and accessed in scripts or expressions.

      Specified by:
      allow in interface JexlPermissions
      Overrides:
      allow in class JexlPermissions.Delegate
      Parameters:
      field - the field to check
      Returns:
      true if JEXL is allowed to introspect, false otherwise
    • allow

      public boolean allow(Class<?> clazz, Field field)
      Description copied from interface: JexlPermissions
      Checks whether a field explicitly allows JEXL introspection.

      If a field is not allowed, it cannot be resolved and accessed in scripts or expressions.

      Specified by:
      allow in interface JexlPermissions
      Overrides:
      allow in class JexlPermissions.Delegate
      Parameters:
      clazz - the class from which the field is accessed, used to check that the field is allowed for this class
      field - the field to check
      Returns:
      true if JEXL is allowed to introspect, false otherwise
    • allow

      public boolean allow(Method method)
      Description copied from interface: JexlPermissions
      Checks whether a method allows JEXL introspection.

      If a method is not allowed, it cannot be resolved and called in scripts or expressions.

      Since methods can be overridden and overloaded, this also checks that no superclass or interface explicitly disallows this method.

      Specified by:
      allow in interface JexlPermissions
      Overrides:
      allow in class JexlPermissions.Delegate
      Parameters:
      method - the method to check
      Returns:
      true if JEXL is allowed to introspect, false otherwise
    • allow

      public boolean allow(Class<?> clazz, Method method)
      Description copied from interface: JexlPermissions
      Checks whether a method allows JEXL introspection.

      If a method is not allowed, it cannot be resolved and called in scripts or expressions.

      Since methods can be overridden and overloaded, this checks that this class explicitly allows this method - superseding any superclass or interface specified permissions.

      Specified by:
      allow in interface JexlPermissions
      Overrides:
      allow in class JexlPermissions.Delegate
      Parameters:
      clazz - the class from which the method is accessed, used to check that the method is allowed for this class
      method - the method to check
      Returns:
      true if JEXL is allowed to introspect, false otherwise
    • compose

      public JexlPermissions compose(String... src)
      Description copied from interface: JexlPermissions
      Compose these permissions with a new set.

      This is a convenience method meant to easily give access to the packages JEXL is used to integrate with. For instance, using JexlPermissions.RESTRICTED.compose("com.my.app.*") would extend the restricted set of permissions by allowing the com.my.app package.

      Specified by:
      compose in interface JexlPermissions
      Overrides:
      compose in class JexlPermissions.Delegate
      Parameters:
      src - the new constraints
      Returns:
      the new permissions