Package edu.internet2.middleware.grouperClientExt.org.apache.commons.jexl2.introspection

Class Sandbox

java.lang.Object
edu.internet2.middleware.grouperClientExt.org.apache.commons.jexl2.introspection.Sandbox
public final class Sandbox extends Object
A sandbox describes permissions on a class by explicitly allowing or forbidding access to methods and properties through "whitelists" and "blacklists".

A whitelist explicitly allows methods/properties for a class;

  • If a whitelist is empty and thus does not contain any names, all properties/methods are allowed for its class.
  • If it is not empty, the only allowed properties/methods are the ones contained.

A blacklist explicitly forbids methods/properties for a class;

  • If a blacklist is empty and thus does not contain any names, all properties/methods are forbidden for its class.
  • If it is not empty, the only forbidden properties/methods are the ones contained.

Permissions are composed of three lists, read, write, execute, each being "white" or "black":

  • read controls readable properties
  • write controls writeable properties
  • execute controls executable methods and constructor

Since:
2.1

  • Constructor Details

    • Sandbox

      public Sandbox()
      Creates a new default sandbox.

    • Sandbox

      protected Sandbox(Map<String,Sandbox.Permissions> map)
      Creates a sandbox based on an existing permissions map.
      Parameters:
      map - the permissions map

  • Method Details

    • read

      public String read(Class<?> clazz, String name)
      Gets the read permission value for a given property of a class.
      Parameters:
      clazz - the class
      name - the property name
      Returns:
      null if not allowed, the name of the property to use otherwise

    • read

      public String read(String clazz, String name)
      Gets the read permission value for a given property of a class.
      Parameters:
      clazz - the class name
      name - the property name
      Returns:
      null if not allowed, the name of the property to use otherwise

    • write

      public String write(Class<?> clazz, String name)
      Gets the write permission value for a given property of a class.
      Parameters:
      clazz - the class
      name - the property name
      Returns:
      null if not allowed, the name of the property to use otherwise

    • write

      public String write(String clazz, String name)
      Gets the write permission value for a given property of a class.
      Parameters:
      clazz - the class name
      name - the property name
      Returns:
      null if not allowed, the name of the property to use otherwise

    • execute

      public String execute(Class<?> clazz, String name)
      Gets the execute permission value for a given method of a class.
      Parameters:
      clazz - the class
      name - the method name
      Returns:
      null if not allowed, the name of the method to use otherwise

    • execute

      public String execute(String clazz, String name)
      Gets the execute permission value for a given method of a class.
      Parameters:
      clazz - the class name
      name - the method name
      Returns:
      null if not allowed, the name of the method to use otherwise

    • permissions

      public Sandbox.Permissions permissions(String clazz, boolean readFlag, boolean writeFlag, boolean executeFlag)
      Creates the set of permissions for a given class.
      Parameters:
      clazz - the class for which these permissions apply
      readFlag - whether the readable property list is white - true - or black - false -
      writeFlag - whether the writeable property list is white - true - or black - false -
      executeFlag - whether the executable method list is white white - true - or black - false -
      Returns:
      the set of permissions

    • white

      public Sandbox.Permissions white(String clazz)
      Creates a new set of permissions based on white lists for methods and properties for a given class.
      Parameters:
      clazz - the whitened class name
      Returns:
      the permissions instance

    • black

      public Sandbox.Permissions black(String clazz)
      Creates a new set of permissions based on black lists for methods and properties for a given class.
      Parameters:
      clazz - the blackened class name
      Returns:
      the permissions instance

    • get

      public Sandbox.Permissions get(String clazz)
      Gets the set of permissions associated to a class.
      Parameters:
      clazz - the class name
      Returns:
      the defined permissions or an all-white permission instance if none were defined