Package org.apache.commons.jexl2.introspection

Class Sandbox

  • public final class Sandbox
extends java.lang.Object
    A sandbox describes permissions on a class by explicitly allowing or forbidding access to methods and properties through "whitelists" and "blacklists".

    A whitelist explicitly allows methods/properties for a class;

    • If a whitelist is empty and thus does not contain any names, all properties/methods are allowed for its class.
    • If it is not empty, the only allowed properties/methods are the ones contained.

    A blacklist explicitly forbids methods/properties for a class;

    • If a blacklist is empty and thus does not contain any names, all properties/methods are forbidden for its class.
    • If it is not empty, the only forbidden properties/methods are the ones contained.

    Permissions are composed of three lists, read, write, execute, each being "white" or "black":

    • read controls readable properties
    • write controls writeable properties
    • execute controls executable methods and constructor
    Since:
    2.1

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  Sandbox.BlackSet
      A black set of names.
      static class  Sandbox.Names
      A base set of names.
      static class  Sandbox.Permissions
      Contains the white or black lists for properties and methods for a given class.
      static class  Sandbox.WhiteSet
      A white set of names.

    • Constructor Summary

      Constructors 
      Modifier Constructor Description
        Sandbox()
      Creates a new default sandbox.
      protected Sandbox​(java.util.Map<java.lang.String,​Sandbox.Permissions> map)
      Creates a sandbox based on an existing permissions map.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      Sandbox.Permissions black​(java.lang.String clazz)
      Creates a new set of permissions based on black lists for methods and properties for a given class.
      java.lang.String execute​(java.lang.Class<?> clazz, java.lang.String name)
      Gets the execute permission value for a given method of a class.
      java.lang.String execute​(java.lang.String clazz, java.lang.String name)
      Gets the execute permission value for a given method of a class.
      Sandbox.Permissions get​(java.lang.String clazz)
      Gets the set of permissions associated to a class.
      Sandbox.Permissions permissions​(java.lang.String clazz, boolean readFlag, boolean writeFlag, boolean executeFlag)
      Creates the set of permissions for a given class.
      java.lang.String read​(java.lang.Class<?> clazz, java.lang.String name)
      Gets the read permission value for a given property of a class.
      java.lang.String read​(java.lang.String clazz, java.lang.String name)
      Gets the read permission value for a given property of a class.
      Sandbox.Permissions white​(java.lang.String clazz)
      Creates a new set of permissions based on white lists for methods and properties for a given class.
      java.lang.String write​(java.lang.Class<?> clazz, java.lang.String name)
      Gets the write permission value for a given property of a class.
      java.lang.String write​(java.lang.String clazz, java.lang.String name)
      Gets the write permission value for a given property of a class.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • Sandbox

        public Sandbox()
        Creates a new default sandbox.

      • Sandbox

        protected Sandbox​(java.util.Map<java.lang.String,​Sandbox.Permissions> map)
        Creates a sandbox based on an existing permissions map.
        Parameters:
        map - the permissions map

    • Method Detail

      • read

        public java.lang.String read​(java.lang.Class<?> clazz,
                             java.lang.String name)
        Gets the read permission value for a given property of a class.
        Parameters:
        clazz - the class
        name - the property name
        Returns:
        null if not allowed, the name of the property to use otherwise

      • read

        public java.lang.String read​(java.lang.String clazz,
                             java.lang.String name)
        Gets the read permission value for a given property of a class.
        Parameters:
        clazz - the class name
        name - the property name
        Returns:
        null if not allowed, the name of the property to use otherwise

      • write

        public java.lang.String write​(java.lang.Class<?> clazz,
                              java.lang.String name)
        Gets the write permission value for a given property of a class.
        Parameters:
        clazz - the class
        name - the property name
        Returns:
        null if not allowed, the name of the property to use otherwise

      • write

        public java.lang.String write​(java.lang.String clazz,
                              java.lang.String name)
        Gets the write permission value for a given property of a class.
        Parameters:
        clazz - the class name
        name - the property name
        Returns:
        null if not allowed, the name of the property to use otherwise

      • execute

        public java.lang.String execute​(java.lang.Class<?> clazz,
                                java.lang.String name)
        Gets the execute permission value for a given method of a class.
        Parameters:
        clazz - the class
        name - the method name
        Returns:
        null if not allowed, the name of the method to use otherwise

      • execute

        public java.lang.String execute​(java.lang.String clazz,
                                java.lang.String name)
        Gets the execute permission value for a given method of a class.
        Parameters:
        clazz - the class name
        name - the method name
        Returns:
        null if not allowed, the name of the method to use otherwise

      • permissions

        public Sandbox.Permissions permissions​(java.lang.String clazz,
                                       boolean readFlag,
                                       boolean writeFlag,
                                       boolean executeFlag)
        Creates the set of permissions for a given class.
        Parameters:
        clazz - the class for which these permissions apply
        readFlag - whether the readable property list is white - true - or black - false -
        writeFlag - whether the writeable property list is white - true - or black - false -
        executeFlag - whether the executable method list is white white - true - or black - false -
        Returns:
        the set of permissions

      • white

        public Sandbox.Permissions white​(java.lang.String clazz)
        Creates a new set of permissions based on white lists for methods and properties for a given class.
        Parameters:
        clazz - the whitened class name
        Returns:
        the permissions instance

      • black

        public Sandbox.Permissions black​(java.lang.String clazz)
        Creates a new set of permissions based on black lists for methods and properties for a given class.
        Parameters:
        clazz - the blackened class name
        Returns:
        the permissions instance

      • get

        public Sandbox.Permissions get​(java.lang.String clazz)
        Gets the set of permissions associated to a class.
        Parameters:
        clazz - the class name
        Returns:
        the defined permissions or an all-white permission instance if none were defined