Package com.opensymphony.xwork2.ognl
Class SecurityMemberAccess
java.lang.Object
com.opensymphony.xwork2.ognl.SecurityMemberAccess
- All Implemented Interfaces:
ognl.MemberAccess
Allows access decisions to be made on the basis of whether a member is static or not.
Also blocks or allows access to properties.
-
Constructor Summary
ConstructorsConstructorDescriptionSecurityMemberAccess
(boolean allowStaticFieldAccess) Deprecated.SecurityMemberAccess
(ProviderAllowlist providerAllowlist) -
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
checkAllowlist
(Object target, Member member) protected boolean
checkDefaultPackageAccess
(Object target, Member member) protected boolean
checkEnumAccess
(Member member) protected boolean
checkExclusionList
(Object target, Member member) protected boolean
checkProxyMemberAccess
(Object target, Member member) protected boolean
checkPublicMemberAccess
(Member member) Check access for public members (via modifiers)protected boolean
checkStaticFieldAccess
(Member member) Check access for static field (via modifiers).protected boolean
checkStaticMethodAccess
(Member member) Check access for static method (via modifiers).protected boolean
isAcceptableProperty
(String name) protected boolean
isAccepted
(String paramName) boolean
isAccessible
(Map context, Object target, Member member, String propertyName) protected boolean
isClassAllowlisted
(Class<?> clazz) static boolean
isClassBelongsToPackages
(Class<?> clazz, Set<String> matchingPackages) protected boolean
isClassExcluded
(Class<?> clazz) protected boolean
isExcluded
(String paramName) protected boolean
isExcludedPackageNamePatterns
(Class<?> clazz) protected boolean
isExcludedPackageNames
(Class<?> clazz) protected boolean
isPackageExcluded
(Class<?> clazz) void
static String
toPackageName
(Class<?> clazz) void
useAcceptProperties
(Set<Pattern> acceptedProperties) void
useAllowlistClasses
(String commaDelimitedClasses) void
useAllowlistPackageNames
(String commaDelimitedPackageNames) void
useAllowStaticFieldAccess
(String allowStaticFieldAccess) void
useDisallowDefaultPackageAccess
(String disallowDefaultPackageAccess) void
useDisallowProxyMemberAccess
(String disallowProxyMemberAccess) void
useEnforceAllowlistEnabled
(String enforceAllowlistEnabled) void
useExcludedClasses
(String commaDelimitedClasses) void
useExcludedPackageExemptClasses
(String commaDelimitedClasses) void
useExcludedPackageNamePatterns
(String commaDelimitedPackagePatterns) void
useExcludedPackageNames
(String commaDelimitedPackageNames) void
useExcludeProperties
(Set<Pattern> excludeProperties)
-
Constructor Details
-
SecurityMemberAccess
-
SecurityMemberAccess
Deprecated.since 6.4.0, useSecurityMemberAccess(ProviderAllowlist)
instead.SecurityMemberAccess - access decisions based on whether member is static (or not) - block or allow access to properties (configurable-after-construction)- Parameters:
allowStaticFieldAccess
- if set to true static fields (constants) will be accessible
-
-
Method Details
-
setup
- Specified by:
setup
in interfaceognl.MemberAccess
-
restore
- Specified by:
restore
in interfaceognl.MemberAccess
-
isAccessible
- Specified by:
isAccessible
in interfaceognl.MemberAccess
-
checkAllowlist
- Returns:
true
if member access is allowed
-
isClassAllowlisted
-
checkExclusionList
- Returns:
true
if member access is allowed
-
checkDefaultPackageAccess
- Returns:
true
if member access is allowed
-
checkProxyMemberAccess
- Returns:
true
if member access is allowed
-
checkStaticMethodAccess
Check access for static method (via modifiers).Note: For non-static members, the result is always true.
- Returns:
true
if member access is allowed
-
checkStaticFieldAccess
Check access for static field (via modifiers).Note: For non-static members, the result is always true.
- Returns:
true
if member access is allowed
-
checkPublicMemberAccess
Check access for public members (via modifiers)- Returns:
true
if member access is allowed
-
checkEnumAccess
- Returns:
true
if member access is allowed
-
isPackageExcluded
-
toPackageName
-
isExcludedPackageNamePatterns
-
isExcludedPackageNames
-
isClassBelongsToPackages
-
isClassExcluded
-
isAcceptableProperty
- Returns:
true
if member access is allowed
-
isAccepted
-
isExcluded
-
useExcludeProperties
-
useAcceptProperties
-
useAllowStaticFieldAccess
-
useExcludedClasses
-
useExcludedPackageNamePatterns
-
useExcludedPackageNames
-
useExcludedPackageExemptClasses
-
useEnforceAllowlistEnabled
-
useAllowlistClasses
-
useAllowlistPackageNames
-
useDisallowProxyMemberAccess
-
useDisallowDefaultPackageAccess
-
SecurityMemberAccess(ProviderAllowlist)
instead.