Class Sandbox
- java.lang.Object
-
- org.apache.commons.jexl2.introspection.Sandbox
-
public final class Sandbox extends java.lang.Object
A sandbox describes permissions on a class by explicitly allowing or forbidding access to methods and properties through "whitelists" and "blacklists".A whitelist explicitly allows methods/properties for a class;
- If a whitelist is empty and thus does not contain any names, all properties/methods are allowed for its class.
- If it is not empty, the only allowed properties/methods are the ones contained.
A blacklist explicitly forbids methods/properties for a class;
- If a blacklist is empty and thus does not contain any names, all properties/methods are forbidden for its class.
- If it is not empty, the only forbidden properties/methods are the ones contained.
Permissions are composed of three lists, read, write, execute, each being "white" or "black":
- read controls readable properties
- write controls writeable properties
- execute controls executable methods and constructor
- Since:
- 2.1
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
Sandbox.BlackSet
A black set of names.static class
Sandbox.Names
A base set of names.static class
Sandbox.Permissions
Contains the white or black lists for properties and methods for a given class.static class
Sandbox.WhiteSet
A white set of names.
-
Constructor Summary
Constructors Modifier Constructor Description Sandbox()
Creates a new default sandbox.protected
Sandbox(java.util.Map<java.lang.String,Sandbox.Permissions> map)
Creates a sandbox based on an existing permissions map.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Sandbox.Permissions
black(java.lang.String clazz)
Creates a new set of permissions based on black lists for methods and properties for a given class.java.lang.String
execute(java.lang.Class<?> clazz, java.lang.String name)
Gets the execute permission value for a given method of a class.java.lang.String
execute(java.lang.String clazz, java.lang.String name)
Gets the execute permission value for a given method of a class.Sandbox.Permissions
get(java.lang.String clazz)
Gets the set of permissions associated to a class.Sandbox.Permissions
permissions(java.lang.String clazz, boolean readFlag, boolean writeFlag, boolean executeFlag)
Creates the set of permissions for a given class.java.lang.String
read(java.lang.Class<?> clazz, java.lang.String name)
Gets the read permission value for a given property of a class.java.lang.String
read(java.lang.String clazz, java.lang.String name)
Gets the read permission value for a given property of a class.Sandbox.Permissions
white(java.lang.String clazz)
Creates a new set of permissions based on white lists for methods and properties for a given class.java.lang.String
write(java.lang.Class<?> clazz, java.lang.String name)
Gets the write permission value for a given property of a class.java.lang.String
write(java.lang.String clazz, java.lang.String name)
Gets the write permission value for a given property of a class.
-
-
-
Constructor Detail
-
Sandbox
public Sandbox()
Creates a new default sandbox.
-
Sandbox
protected Sandbox(java.util.Map<java.lang.String,Sandbox.Permissions> map)
Creates a sandbox based on an existing permissions map.- Parameters:
map
- the permissions map
-
-
Method Detail
-
read
public java.lang.String read(java.lang.Class<?> clazz, java.lang.String name)
Gets the read permission value for a given property of a class.- Parameters:
clazz
- the classname
- the property name- Returns:
- null if not allowed, the name of the property to use otherwise
-
read
public java.lang.String read(java.lang.String clazz, java.lang.String name)
Gets the read permission value for a given property of a class.- Parameters:
clazz
- the class namename
- the property name- Returns:
- null if not allowed, the name of the property to use otherwise
-
write
public java.lang.String write(java.lang.Class<?> clazz, java.lang.String name)
Gets the write permission value for a given property of a class.- Parameters:
clazz
- the classname
- the property name- Returns:
- null if not allowed, the name of the property to use otherwise
-
write
public java.lang.String write(java.lang.String clazz, java.lang.String name)
Gets the write permission value for a given property of a class.- Parameters:
clazz
- the class namename
- the property name- Returns:
- null if not allowed, the name of the property to use otherwise
-
execute
public java.lang.String execute(java.lang.Class<?> clazz, java.lang.String name)
Gets the execute permission value for a given method of a class.- Parameters:
clazz
- the classname
- the method name- Returns:
- null if not allowed, the name of the method to use otherwise
-
execute
public java.lang.String execute(java.lang.String clazz, java.lang.String name)
Gets the execute permission value for a given method of a class.- Parameters:
clazz
- the class namename
- the method name- Returns:
- null if not allowed, the name of the method to use otherwise
-
permissions
public Sandbox.Permissions permissions(java.lang.String clazz, boolean readFlag, boolean writeFlag, boolean executeFlag)
Creates the set of permissions for a given class.- Parameters:
clazz
- the class for which these permissions applyreadFlag
- whether the readable property list is white - true - or black - false -writeFlag
- whether the writeable property list is white - true - or black - false -executeFlag
- whether the executable method list is white white - true - or black - false -- Returns:
- the set of permissions
-
white
public Sandbox.Permissions white(java.lang.String clazz)
Creates a new set of permissions based on white lists for methods and properties for a given class.- Parameters:
clazz
- the whitened class name- Returns:
- the permissions instance
-
black
public Sandbox.Permissions black(java.lang.String clazz)
Creates a new set of permissions based on black lists for methods and properties for a given class.- Parameters:
clazz
- the blackened class name- Returns:
- the permissions instance
-
get
public Sandbox.Permissions get(java.lang.String clazz)
Gets the set of permissions associated to a class.- Parameters:
clazz
- the class name- Returns:
- the defined permissions or an all-white permission instance if none were defined
-
-