Class Sandbox
java.lang.Object
edu.internet2.middleware.grouperClientExt.org.apache.commons.jexl2.introspection.Sandbox
A sandbox describes permissions on a class by explicitly allowing or forbidding access to methods and properties
through "whitelists" and "blacklists".
A whitelist explicitly allows methods/properties for a class;
- If a whitelist is empty and thus does not contain any names, all properties/methods are allowed for its class.
- If it is not empty, the only allowed properties/methods are the ones contained.
A blacklist explicitly forbids methods/properties for a class;
- If a blacklist is empty and thus does not contain any names, all properties/methods are forbidden for its class.
- If it is not empty, the only forbidden properties/methods are the ones contained.
Permissions are composed of three lists, read, write, execute, each being "white" or "black":
- read controls readable properties
- write controls writeable properties
- execute controls executable methods and constructor
- Since:
- 2.1
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic final class
A black set of names.static class
A base set of names.static final class
Contains the white or black lists for properties and methods for a given class.static final class
A white set of names. -
Constructor Summary
ModifierConstructorDescriptionSandbox()
Creates a new default sandbox.protected
Sandbox
(Map<String, Sandbox.Permissions> map) Creates a sandbox based on an existing permissions map. -
Method Summary
Modifier and TypeMethodDescriptionCreates a new set of permissions based on black lists for methods and properties for a given class.Gets the execute permission value for a given method of a class.Gets the execute permission value for a given method of a class.Gets the set of permissions associated to a class.permissions
(String clazz, boolean readFlag, boolean writeFlag, boolean executeFlag) Creates the set of permissions for a given class.Gets the read permission value for a given property of a class.Gets the read permission value for a given property of a class.Creates a new set of permissions based on white lists for methods and properties for a given class.Gets the write permission value for a given property of a class.Gets the write permission value for a given property of a class.
-
Constructor Details
-
Sandbox
public Sandbox()Creates a new default sandbox. -
Sandbox
Creates a sandbox based on an existing permissions map.- Parameters:
map
- the permissions map
-
-
Method Details
-
read
Gets the read permission value for a given property of a class.- Parameters:
clazz
- the classname
- the property name- Returns:
- null if not allowed, the name of the property to use otherwise
-
read
Gets the read permission value for a given property of a class.- Parameters:
clazz
- the class namename
- the property name- Returns:
- null if not allowed, the name of the property to use otherwise
-
write
Gets the write permission value for a given property of a class.- Parameters:
clazz
- the classname
- the property name- Returns:
- null if not allowed, the name of the property to use otherwise
-
write
Gets the write permission value for a given property of a class.- Parameters:
clazz
- the class namename
- the property name- Returns:
- null if not allowed, the name of the property to use otherwise
-
execute
Gets the execute permission value for a given method of a class.- Parameters:
clazz
- the classname
- the method name- Returns:
- null if not allowed, the name of the method to use otherwise
-
execute
Gets the execute permission value for a given method of a class.- Parameters:
clazz
- the class namename
- the method name- Returns:
- null if not allowed, the name of the method to use otherwise
-
permissions
public Sandbox.Permissions permissions(String clazz, boolean readFlag, boolean writeFlag, boolean executeFlag) Creates the set of permissions for a given class.- Parameters:
clazz
- the class for which these permissions applyreadFlag
- whether the readable property list is white - true - or black - false -writeFlag
- whether the writeable property list is white - true - or black - false -executeFlag
- whether the executable method list is white white - true - or black - false -- Returns:
- the set of permissions
-
white
Creates a new set of permissions based on white lists for methods and properties for a given class.- Parameters:
clazz
- the whitened class name- Returns:
- the permissions instance
-
black
Creates a new set of permissions based on black lists for methods and properties for a given class.- Parameters:
clazz
- the blackened class name- Returns:
- the permissions instance
-
get
Gets the set of permissions associated to a class.- Parameters:
clazz
- the class name- Returns:
- the defined permissions or an all-white permission instance if none were defined
-