Uploaded image for project: 'Commons JEXL'
  1. Commons JEXL
  2. JEXL-253

Permissions by super type in JexlSandbox

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.1
    • 3.2
    • None

    Description

      At the moment, the permissions in JexlSandbox takes the object's class name only into the consideration. So, if someone adds java.util.Set into the white list, but if the real object is an empty set (Collections.emptySet()), then it cannot allow invocations on #contains(Object) operation, for instance.

      I think it would be very convenient if it optionally allows to set whites or blacks based on super type (interfaces or base classes).

      To minimize the effort, I'd suggest adding JexlSandbox#permissionsByType(Class<?> type, ...), where the type means the object type or any super types.
      So, if JexlSandbox#permissionsByType(java.util.Set.class, ...), then any invocations on any concrete java.util.Set objects will be affected by that.

      Related e-mail thread: "[JEXL] white list classes, not by interfaces?" (10/19/17).

      Attachments

        Issue Links

          is related to

          New Feature - A new feature of the product, which has yet to be developed. JEXL-292 Allow to specify custom Permissions class for Uberspect to be used later by Introspector

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              henrib Henri Biestro
              woon_san Woonsan Ko
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: