org.apache.velocity.tools.generic
Class SafeConfig

java.lang.Object
  extended by org.apache.velocity.tools.generic.SafeConfig
Direct Known Subclasses:
AbstractLockConfig, AlternatorTool, ClassTool, ContextTool, EscapeTool, FieldTool, LinkTool, LocaleConfig, MarkupTool, RenderTool, XmlTool

public class SafeConfig
extends Object

Implements common logic and constants for tools which automatically locks down the public void configure(Map params) method after it is called once. This keeps application or session scoped tools thread-safe in templates, which generally have access to the tool after configuration has happened.

It also provides for a separate "safe mode" setting which tells tools to block any functions that may pose a security threat. This, of course, is set to true by default.

Once "locked down", the configure(Map) may still be called, however it will do nothing (unless some subclass is foolish enough to override it and not check if isConfigLocked() before changing configurations. The proper method for subclasses to override is configure(ValueParser) which will only be called by configure(Map) when the isConfigLocked() is false (i.e. the first time only).

Since:
VelocityTools 2.0
Author:
Nathan Bubna

Field Summary
static String LOCK_CONFIG_KEY
          The key used for specifying whether or not to prevent templates from reconfiguring this tool.
static String OLD_LOCK_CONFIG_KEY
          Deprecated. 
static String SAFE_MODE_KEY
          Many tools interested in locking configure() also have other things they wish to secure.
 
Constructor Summary
SafeConfig()
           
 
Method Summary
 void configure(Map params)
          If isConfigLocked() returns true, then this method does nothing; otherwise, if false, this will create a new ValueParser from the specified Map of params and call configure(ValueParser) with it.
protected  void configure(ValueParser values)
          Does the actual configuration.
 boolean isConfigLocked()
          Returns true if the configure(Map) method has been locked.
 boolean isSafeMode()
          Returns true if this tool is in "safe mode".
protected  void setLockConfig(boolean lock)
          Only allow subclass access to this.
protected  void setSafeMode(boolean safe)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

LOCK_CONFIG_KEY

public static final String LOCK_CONFIG_KEY
The key used for specifying whether or not to prevent templates from reconfiguring this tool. The default is true.

See Also:
Constant Field Values

OLD_LOCK_CONFIG_KEY

@Deprecated
public static final String OLD_LOCK_CONFIG_KEY
Deprecated. 
See Also:
Constant Field Values

SAFE_MODE_KEY

public static final String SAFE_MODE_KEY
Many tools interested in locking configure() also have other things they wish to secure. This key controls that property. The default value is true, of course.

See Also:
Constant Field Values
Constructor Detail

SafeConfig

public SafeConfig()
Method Detail

setLockConfig

protected void setLockConfig(boolean lock)
Only allow subclass access to this.


setSafeMode

protected void setSafeMode(boolean safe)

isConfigLocked

public boolean isConfigLocked()
Returns true if the configure(Map) method has been locked.


isSafeMode

public boolean isSafeMode()
Returns true if this tool is in "safe mode".


configure

public void configure(Map params)
If isConfigLocked() returns true, then this method does nothing; otherwise, if false, this will create a new ValueParser from the specified Map of params and call configure(ValueParser) with it. Then this will check the parameters itself to find out whether or not the configuration for this tool should be put into safe mode or have its config locked. The safe mode value should be a boolean under the key SAFE_MODE_KEY and the lock value should be a boolean under the key LOCK_CONFIG_KEY.


configure

protected void configure(ValueParser values)
Does the actual configuration. This is protected, so subclasses may share the same ValueParser and call configure at any time, while preventing templates from doing so when configure(Map) is locked.



Copyright © 2002-2011 The Apache Software Foundation. All Rights Reserved.