public final class JexlSandbox extends Object
A allowlist explicitly allows methods/properties for a class;
A blocklist explicitly forbids methods/properties for a class;
Permissions are composed of three lists, read, write, execute, each being "allow" or "block":
When specified, permissions - allow or block lists - can be created inheritable on interfaces or classes and thus applicable to their implementations or derived classes; the sandbox must be created with the 'inheritable' flag for this behavior to be triggered. Note that even in this configuration, it is still possible to add non-inheritable permissions. Adding inheritable lists to a non inheritable sandbox has no added effect; permissions only apply to their specified class.
Note that a JexlUberspect always uses a copy of the JexlSandbox used to built it preventing permission changes after its instantiation.
Modifier and Type | Class and Description |
---|---|
static class |
JexlSandbox.BlackSet
Deprecated.
since 3.2, use
BlockSet |
static class |
JexlSandbox.Names
A base set of names.
|
static class |
JexlSandbox.Permissions
Contains the allow or block lists for properties and methods for a given class.
|
static class |
JexlSandbox.WhiteSet
Deprecated.
since 3.2, use
AllowSet |
Modifier and Type | Field and Description |
---|---|
static String |
NULL
The marker string for explicitly disallowed null properties.
|
Modifier | Constructor and Description |
---|---|
|
JexlSandbox()
Creates a new default sandbox.
|
|
JexlSandbox(boolean ab)
Creates a new default sandbox.
|
|
JexlSandbox(boolean ab,
boolean inh)
Creates a sandbox.
|
protected |
JexlSandbox(boolean ab,
boolean inh,
Map<String,JexlSandbox.Permissions> map)
Creates a sandbox based on an existing permissions map.
|
protected |
JexlSandbox(boolean ab,
Map<String,JexlSandbox.Permissions> map)
Deprecated.
|
protected |
JexlSandbox(Map<String,JexlSandbox.Permissions> map)
Deprecated.
|
Modifier and Type | Method and Description |
---|---|
JexlSandbox.Permissions |
allow(String clazz)
Creates a new set of permissions based on allow lists for methods and properties for a given class.
|
JexlSandbox.Permissions |
black(String clazz)
Deprecated.
|
JexlSandbox.Permissions |
block(String clazz)
Creates a new set of permissions based on block lists for methods and properties for a given class.
|
JexlSandbox |
copy() |
String |
execute(Class<?> clazz,
String name)
Gets the execute permission value for a given method of a class.
|
String |
execute(String clazz,
String name)
Deprecated.
|
JexlSandbox.Permissions |
get(Class<?> clazz)
Get the permissions associated to a class.
|
JexlSandbox.Permissions |
get(String clazz)
Gets the set of permissions associated to a class.
|
JexlSandbox.Permissions |
permissions(String clazz,
boolean readFlag,
boolean writeFlag,
boolean executeFlag)
Creates the set of permissions for a given class.
|
JexlSandbox.Permissions |
permissions(String clazz,
boolean inhf,
boolean readf,
boolean writef,
boolean execf)
Creates the set of permissions for a given class.
|
String |
read(Class<?> clazz,
String name)
Gets the read permission value for a given property of a class.
|
String |
read(String clazz,
String name)
Deprecated.
|
JexlSandbox.Permissions |
white(String clazz)
Deprecated.
|
String |
write(Class<?> clazz,
String name)
Gets the write permission value for a given property of a class.
|
String |
write(String clazz,
String name)
Deprecated.
|
public static final String NULL
public JexlSandbox()
In the absence of explicit permissions on a class, the sandbox is a allow-box, allow-listing that class for all permissions (read, write and execute).
public JexlSandbox(boolean ab)
A allow-box considers no permissions as "everything is allowed" when a block-box considers no permissions as "nothing is allowed".
ab
- whether this sandbox is allow (true) or block (false)
if no permission is explicitly defined for a class.public JexlSandbox(boolean ab, boolean inh)
ab
- whether this sandbox is allow (true) or block (false)inh
- whether permissions on interfaces and classes are inherited (true) or not (false)@Deprecated protected JexlSandbox(Map<String,JexlSandbox.Permissions> map)
map
- the permissions map@Deprecated protected JexlSandbox(boolean ab, Map<String,JexlSandbox.Permissions> map)
ab
- whether this sandbox is allow (true) or block (false)map
- the permissions mapprotected JexlSandbox(boolean ab, boolean inh, Map<String,JexlSandbox.Permissions> map)
ab
- whether this sandbox is allow (true) or block (false)inh
- whether permissions are inherited, default falsemap
- the permissions mappublic JexlSandbox copy()
public String read(Class<?> clazz, String name)
clazz
- the classname
- the property name@Deprecated public String read(String clazz, String name)
clazz
- the class namename
- the property namepublic String write(Class<?> clazz, String name)
clazz
- the classname
- the property name@Deprecated public String write(String clazz, String name)
clazz
- the class namename
- the property namepublic String execute(Class<?> clazz, String name)
clazz
- the classname
- the method name@Deprecated public String execute(String clazz, String name)
clazz
- the class namename
- the method namepublic JexlSandbox.Permissions permissions(String clazz, boolean readFlag, boolean writeFlag, boolean executeFlag)
The sandbox inheritance property will apply to the permissions created by this method
clazz
- the class for which these permissions applyreadFlag
- whether the readable property list is allow - true - or block - false -writeFlag
- whether the writable property list is allow - true - or block - false -executeFlag
- whether the executable method list is allow - true - or block - false -public JexlSandbox.Permissions permissions(String clazz, boolean inhf, boolean readf, boolean writef, boolean execf)
clazz
- the class for which these permissions applyinhf
- whether these permissions are inheritablereadf
- whether the readable property list is allow - true - or block - false -writef
- whether the writable property list is allow - true - or block - false -execf
- whether the executable method list is allow - true - or block - false -public JexlSandbox.Permissions allow(String clazz)
The sandbox inheritance property will apply to the permissions created by this method
clazz
- the allowed class name@Deprecated public JexlSandbox.Permissions white(String clazz)
clazz
- the allowed class namepublic JexlSandbox.Permissions block(String clazz)
The sandbox inheritance property will apply to the permissions created by this method
clazz
- the blocked class name@Deprecated public JexlSandbox.Permissions black(String clazz)
clazz
- the allowed class namepublic JexlSandbox.Permissions get(String clazz)
clazz
- the class namepublic JexlSandbox.Permissions get(Class<?> clazz)
clazz
- the classCopyright © 2001–2022 The Apache Software Foundation. All rights reserved.