Details
-
New Feature
-
Status: Closed
-
Major
-
Resolution: Fixed
-
3.1
-
None
Description
At the moment, the permissions in JexlSandbox takes the object's class name only into the consideration. So, if someone adds java.util.Set into the white list, but if the real object is an empty set (Collections.emptySet()), then it cannot allow invocations on #contains(Object) operation, for instance.
I think it would be very convenient if it optionally allows to set whites or blacks based on super type (interfaces or base classes).
To minimize the effort, I'd suggest adding JexlSandbox#permissionsByType(Class<?> type, ...), where the type means the object type or any super types.
So, if JexlSandbox#permissionsByType(java.util.Set.class, ...), then any invocations on any concrete java.util.Set objects will be affected by that.
Related e-mail thread: "[JEXL] white list classes, not by interfaces?" (10/19/17).
Attachments
Issue Links
- is related to
-
JEXL-292 Allow to specify custom Permissions class for Uberspect to be used later by Introspector
- Closed