Class JexlSandbox
A allowlist explicitly allows methods/properties for a class;
- If a allowlist is empty and thus does not contain any names, all properties/methods are allowed for its class.
- If it is not empty, the only allowed properties/methods are the ones contained.
A blocklist explicitly forbids methods/properties for a class;
- If a blocklist is empty and thus does not contain any names, all properties/methods are forbidden for its class.
- If it is not empty, the only forbidden properties/methods are the ones contained.
Permissions are composed of three lists, read, write, execute, each being "allow" or "block":
- read controls readable properties
- write controls writable properties
- execute controls executable methods and constructor
When specified, permissions - allow or block lists - can be created inheritable on interfaces or classes and thus applicable to their implementations or derived classes; the sandbox must be created with the 'inheritable' flag for this behavior to be triggered. Note that even in this configuration, it is still possible to add non-inheritable permissions. Adding inheritable lists to a non inheritable sandbox has no added effect; permissions only apply to their specified class.
Note that a JexlUberspect always uses a copy of the JexlSandbox used to built it preventing permission changes after its instantiation.
- Since:
- 3.0
- 
Nested Class SummaryNested ClassesModifier and TypeClassDescriptionstatic final classDeprecated.static classA base set of names.static final classContains the allow or block lists for properties and methods for a given class.static final classDeprecated.since 3.2, useJexlSandbox.AllowSet
- 
Field SummaryFields
- 
Constructor SummaryConstructorsConstructorDescriptionCreates a new default sandbox.JexlSandbox(boolean ab) Creates a new default sandbox.JexlSandbox(boolean ab, boolean inh) Creates a sandbox.
- 
Method SummaryModifier and TypeMethodDescriptionCreates a new set of permissions based on allow lists for methods and properties for a given class.Deprecated.3.3Creates a new set of permissions based on block lists for methods and properties for a given class.copy()Gets a copy of this sandboxGets the execute permission value for a given method of a class.Deprecated.3.3Gets the permissions associated to a class.Gets the set of permissions associated to a class.permissions(String clazz, boolean readFlag, boolean writeFlag, boolean executeFlag) Creates the set of permissions for a given class.permissions(String clazz, boolean inhf, boolean readf, boolean writef, boolean execf) Creates the set of permissions for a given class.Gets the read permission value for a given property of a class.Deprecated.3.3Deprecated.3.3Gets the write permission value for a given property of a class.Deprecated.3.3
- 
Field Details- 
NULLThe marker string for explicitly disallowed null properties.- See Also:
 
 
- 
- 
Constructor Details- 
JexlSandboxpublic JexlSandbox()Creates a new default sandbox.In the absence of explicit permissions on a class, the sandbox is an allow-box, allow-listing that class for all permissions (read, write and execute). 
- 
JexlSandboxCreates a new default sandbox.A allow-box considers no permissions as "everything is allowed" when a block-box considers no permissions as "nothing is allowed". - Parameters:
- ab- whether this sandbox is allow (true) or block (false) if no permission is explicitly defined for a class.
- Since:
- 3.1
 
- 
JexlSandboxCreates a sandbox.- Parameters:
- ab- whether this sandbox is allow (true) or block (false)
- inh- whether permissions on interfaces and classes are inherited (true) or not (false)
- Since:
- 3.2
 
 
- 
- 
Method Details- 
allowCreates a new set of permissions based on allow lists for methods and properties for a given class.The sandbox inheritance property will apply to the permissions created by this method - Parameters:
- clazz- the allowed class name
- Returns:
- the permissions instance
 
- 
blockCreates a new set of permissions based on block lists for methods and properties for a given class.The sandbox inheritance property will apply to the permissions created by this method - Parameters:
- clazz- the blocked class name
- Returns:
- the permissions instance
 
- 
copyGets a copy of this sandbox- Returns:
- a copy of this sandbox
 
- 
executeGets the execute permission value for a given method of a class.- Parameters:
- clazz- the class
- name- the method name
- Returns:
- null if not allowed, the name of the method to use otherwise
 
- 
executeDeprecated.3.3Gets the execute permission value for a given method of a class.- Parameters:
- clazz- the class name
- name- the method name
- Returns:
- null if not allowed, the name of the method to use otherwise
 
- 
getGets the set of permissions associated to a class.- Parameters:
- clazz- the class name
- Returns:
- the defined permissions or an all-allow permission instance if none were defined
 
- 
getGets the permissions associated to a class.- Parameters:
- clazz- the class
- Returns:
- the permissions
 
- 
permissionspublic JexlSandbox.Permissions permissions(String clazz, boolean readFlag, boolean writeFlag, boolean executeFlag) Creates the set of permissions for a given class.The sandbox inheritance property will apply to the permissions created by this method - Parameters:
- clazz- the class for which these permissions apply
- readFlag- whether the readable property list is allow - true - or block - false -
- writeFlag- whether the writable property list is allow - true - or block - false -
- executeFlag- whether the executable method list is allow - true - or block - false -
- Returns:
- the set of permissions
 
- 
permissionspublic JexlSandbox.Permissions permissions(String clazz, boolean inhf, boolean readf, boolean writef, boolean execf) Creates the set of permissions for a given class.- Parameters:
- clazz- the class for which these permissions apply
- inhf- whether these permissions are inheritable
- readf- whether the readable property list is allow - true - or block - false -
- writef- whether the writable property list is allow - true - or block - false -
- execf- whether the executable method list is allow - true - or block - false -
- Returns:
- the set of permissions
 
- 
readGets the read permission value for a given property of a class.- Parameters:
- clazz- the class
- name- the property name
- Returns:
- null (or NULL if name is null) if not allowed, the name of the property to use otherwise
 
- 
writeGets the write permission value for a given property of a class.- Parameters:
- clazz- the class
- name- the property name
- Returns:
- null (or NULL if name is null) if not allowed, the name of the property to use otherwise
 
- 
writeDeprecated.3.3Gets the write permission value for a given property of a class.- Parameters:
- clazz- the class name
- name- the property name
- Returns:
- null if not allowed, the name of the property to use otherwise
 
- 
blackDeprecated.3.3Use block() instead.- Parameters:
- clazz- the blocked class name
- Returns:
- the permissions instance
 
- 
readDeprecated.3.3Gets the read permission value for a given property of a class.- Parameters:
- clazz- the class name
- name- the property name
- Returns:
- null if not allowed, the name of the property to use otherwise
 
- 
whiteDeprecated.3.3Use allow() instead.- Parameters:
- clazz- the allowed class name
- Returns:
- the permissions instance
 
 
- 
JexlSandbox.BlockSet