Package org.apache.commons.jexl3.introspection

Class JexlPermissions.ClassPermissions

java.lang.Object
org.apache.commons.jexl3.introspection.JexlPermissions.Delegate
org.apache.commons.jexl3.introspection.JexlPermissions.ClassPermissions
All Implemented Interfaces:
JexlPermissions
Enclosing interface:
JexlPermissions
public static final class JexlPermissions.ClassPermissions extends JexlPermissions.Delegate
A permission delegation that augments the RESTRICTED permission with an explicit set of classes.

A typical use case is to deny access to a package - and thus all its classes - but allow a few specific classes.

Note that the newer positive restriction syntax is preferable as in: RESTRICTED.compose("java.lang { +Class {} }").

  • Constructor Details

    • ClassPermissions

      public ClassPermissions(Class<?>... allow)
      Creates permissions based on the RESTRICTED set but allowing an explicit set.
      Parameters:
      allow - the set of allowed classes

    • ClassPermissions

      public ClassPermissions(JexlPermissions permissions, Class<?>... allow)
      Creates permissions by augmenting an existing set with an explicit set of allowed classes.
      Parameters:
      permissions - the base permissions to augment
      allow - the set of allowed classes

    • ClassPermissions

      public ClassPermissions(JexlPermissions delegate, Collection<String> allow)
      Creates permissions by augmenting an existing set with an explicit set of allowed canonical class names.
      Parameters:
      delegate - the base to delegate to
      allow - the list of class canonical names

  • Method Details

    • allow

      public boolean allow(Constructor<?> constructor)
      Description copied from interface: JexlPermissions
      Checks whether a constructor allows JEXL introspection.

      If a constructor is not allowed, the new operator cannot be used to instantiate its declared class in scripts or expressions.

      Specified by:
      allow in interface JexlPermissions
      Overrides:
      allow in class JexlPermissions.Delegate
      Parameters:
      constructor - the constructor to check
      Returns:
      true if JEXL is allowed to introspect, false otherwise

    • allow

      public boolean allow(Class<?> clazz)
      Description copied from interface: JexlPermissions
      Checks whether a class allows JEXL introspection.

      If the class disallows JEXL introspection, none of its constructors, methods or fields as well as derived classes are visible to JEXL and cannot be used in scripts or expressions. If one of its super-classes is not allowed, tbe class is not allowed either.

      For interfaces, only methods and fields are disallowed in derived interfaces or implementing classes.

      Specified by:
      allow in interface JexlPermissions
      Overrides:
      allow in class JexlPermissions.Delegate
      Parameters:
      clazz - the class to check
      Returns:
      true if JEXL is allowed to introspect, false otherwise

    • allow

      public boolean allow(Class<?> clazz, Field field)
      Description copied from interface: JexlPermissions
      Checks whether a field explicitly allows JEXL introspection.

      If a field is not allowed, it cannot be resolved and accessed in scripts or expressions.

      Specified by:
      allow in interface JexlPermissions
      Overrides:
      allow in class JexlPermissions.Delegate
      Parameters:
      clazz - the class from which the field is accessed, used to check that the field is allowed for this class
      field - the field to check
      Returns:
      true if JEXL is allowed to introspect, false otherwise

    • allow

      public boolean allow(Class<?> clazz, Method method)
      Description copied from interface: JexlPermissions
      Checks whether a method allows JEXL introspection.

      If a method is not allowed, it cannot be resolved and called in scripts or expressions.

      Since methods can be overridden and overloaded, this checks that this class explicitly allows this method - superseding any superclass or interface specified permissions.

      Specified by:
      allow in interface JexlPermissions
      Overrides:
      allow in class JexlPermissions.Delegate
      Parameters:
      clazz - the class from which the method is accessed, used to check that the method is allowed for this class
      method - the method to check
      Returns:
      true if JEXL is allowed to introspect, false otherwise

    • compose

      public JexlPermissions compose(String... src)
      Description copied from interface: JexlPermissions
      Compose these permissions with a new set.

      This is a convenience method meant to easily give access to the packages JEXL is used to integrate with. For instance, using JexlPermissions.RESTRICTED.compose("com.my.app.*") would extend the restricted set of permissions by allowing the com.my.app package.

      Specified by:
      compose in interface JexlPermissions
      Overrides:
      compose in class JexlPermissions.Delegate
      Parameters:
      src - the new constraints
      Returns:
      the new permissions